Hello all,

psad-2.4.5 has been released:

https://github.com/mrash/psad/releases/tag/2.4.5
http://www.cipherdyne.org/psad/download/

Here is the complete ChangeLog:

    - Added proper port sweep detection based on a single port being probed

      across a configurable number of destination hosts. The number of

      destinations is controlled by the following new configuration
variables

      (and associated defaults) in the psad.conf file:


          DL1_UNIQUE_HOSTS            10;

          DL2_UNIQUE_HOSTS            20;

          DL3_UNIQUE_HOSTS            50;

          DL4_UNIQUE_HOSTS            100;

          DL5_UNIQUE_HOSTS            500;

          PORT_RANGE_SWEEP_THRESHOLD  0;


      The PORT_RANGE_SWEEP_THRESHOLD variable is set to zero by default to

      denote a sweep for a single port. The comparison is made as an
"equals"

      test against this variable. So a scan that trips the

      PORT_RANGE_SCAN_THRESHOLD can be changed to a sweep if

      PORT_RANGE_SWEEP_THRESHOLD is changed to a value greater than

      PORT_RANGE_SCAN_THRESHOLD and if at least DL1_UNIQUE_HOSTS are hit.


    - Bug fix to apply syslog only ALERTING_METHOD properly when an email

      throttle is also set. This issue was reported by @joshlinx on github
as

      issue #44.

    - Bug fix to include top signature matches in 'psad --Status' output.
This

      issue was reported by @joshlinx on github as issue #41.

    - In the psad.conf file, change the ENABLE_PERSISTENCE default to "N" in

      order to (by default) limit psad's memory consumption. The trade off
is

      that really "low and slow" scans may be missed in exchange for a
better

      operational model. Note the MAX_SCAN_IP_PAIRS variable can also be
used

      to control memory consumption if ENABLE_PERSISTENCE is enabled.

    - Added new variables ENABLE_OVERRIDE_FW_CMD and FW_CMD to force a path
to

      a firewall binary to be set instead of having psad search for standard

      installation paths.

Thanks,

-- 
Michael Rash | Founder
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

Reply via email to