Thank you very much, works like a charm! I went a step further an
removed FirewallD altogether.
What may be nice is some cfg setting to maybe tell is to ignore
firewall-cmd and use IPTables instead.
Ofc nothing really important, but would have saved me quite some time
and would be a "nice to have".
Or maybe just write it down in PSAD's documentation.
Anyways, thanks again!
Hannes
On 10/21/2016 04:48 AM, Michael Rash wrote:
On Wed, Oct 19, 2016 at 9:10 AM, Hannes Happle <ad...@h2-it.de
<mailto:ad...@h2-it.de>> wrote:
Hi!
First of all, thanks for developing psad, really nice piece of
Software.
I used it for over a year on Debian Wheezy without problems.
Cool, glad you like psad.
Now, I switched to a stronger Server running Centos7 (because SELinux)
and here I have some trouble getting psad up and running, or -more
precisely- banning.
I had a small Issue starting it , because Systemd expected the
.pid file
in /var/run and not /var/run/psad.
I resolved that by editing the run path in the config an now it runs
fine and is detecting scans, sending alerts etc.
BUT its not creating IPTables chains (PSAD_BLOCK_INPUT etc.)
I switched to IPTables instead of FirewallD because I really
dislike the
latter and also think, while having advantages on e.g. Notebooks, its
nonsense on Servers with static configurations.
I installed most recent Versions of psad, IPTables::Parse and
IPTables::ChainMgr from cipherdyne.org <http://cipherdyne.org> and
it seems like psad tries to
interact with FirewallD instead of IPTables:
# psad --fw-list
[+] Listing chains from IPT_AUTO_CHAIN keywords...
FirewallD is not running
FirewallD is not running
FirewallD is not running
IPTables Chains get not touched, and because of that, also no banning
occurs.
Any Ideas how to resolve this issue?
I suspect this is happening because the firewall-cmd binary is still
installed on your system, and the IPTables::Parse module looks for
firewall-cmd before iptables/ip6tables. If you are not using firewalld
at all, then you could just move /usr/bin/firewall-cmd to
"/usr/bin/firewall-cmd" to "/usr/bin/firewall-cmd.old".
Thanks,
--Mike
Thanks,
Hannes
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
<mailto:psad-discuss@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/psad-discuss
<https://lists.sourceforge.net/lists/listinfo/psad-discuss>
--
Michael Rash | Founder
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss
------------------------------------------------------------------------------
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive.
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss