Hi All,
I've installed PSAD 2.4.6 via the install.pl script from the tar package on
CentOS 7.
*I've updated psad.conf section accordingly:*
### Override iptables automatic search and force a path to a firewall
### binary. If firewalld is used, then set this to the path to firewall-cmd
### and set FW_CMD_ARGS to '--direct --passthrough ipv4';
ENABLE_OVERRIDE_FW_CMD *Y*;
FW_CMD */bin/firewall-cmd*;
FW_CMD_ARGS * --direct --passthrough ipv4*;
*However my settings are incomplete, please check the following results:*
*psad --fw-analyze*
*RESULT:*
[+] Parsing INPUT chain rules.
[+] Parsing INPUT chain rules.
[+] Parsing FORWARD chain rules.
[-] Errors found in firewall config.
emailed to
[+] Results in /var/log/psad/fw_check
[+] Exiting.
*cat /var/log/psad/fw_check*
*RESULT:*
[-] You may just need to add a default logging rule to the
'filter' 'INPUT' chain on webwp.pars.com. For more information,
see the file "README" in the psad sources directory or visit:
http://www.cipherdyne.org/psad/docs/fwconfig.html
*psad --fw-list*
*RESULT:*
[+] Listing chains from IPT_AUTO_CHAIN keywords...
[-] Table: filter, chain: PSAD_BLOCK_INPUT, does not exist
[-] Table: filter, chain: PSAD_BLOCK_OUTPUT, does not exist
[-] Table: filter, chain: PSAD_BLOCK_FORWARD, does not exist
Please let me know how to add logging for psad on firewalld, and how to
create the following on firewalld:
PSAD_BLOCK_INPUT
PSAD_BLOCK_OUTPUT
PSAD_BLOCK_FORWARD
*NOTE: *All the guides or how to articles I could find are either for UFW
or iptables, but I need information specific to firewalld.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss
