All, I'm posting this here because some people combine psad with fwsnort in order to detect application layer attacks.
http://www.cipherdyne.org/fwsnort/download/fwsnort-1.5-pre4.tar.gz MD5: a4aeb9551ab02fb726879eabfdc1bde5 This is a -pre release of fwsnort-1.5, which will be a major update. I'm hoping for a couple of test results on the -pre4 release, which contains a change that moves fwsnort to use the iptables-save format instead of executing an individual iptables command for each fwsnort rule. The impacts are: 1) Execution time to instantiate an fwsnort policy should go from minutes (for long fwsnort policies) down to seconds. 2) fwsnort policies are spliced into the running iptables policy at the time of execution of the fwsnort perl script - not the time when the /etc/fwsnort/fwsnort.sh script is executed. This is not a big deal if you normally execute fwsnort.sh after the perl script, or if you don't change your iptables policy around much between the two. 3) If there is any problem with a single fwsnort rule, then the whole policy is not instantiate at all - this helps to ensure that there is not a chance for a inconsistent policy. Please let me know if there are any issues. Thanks, -- Michael Rash | Founder http://www.cipherdyne.org/ Key fingerprint: E2EF 0C8A 5AA9 654C 4763 B50F 37AC E946 7F51 8271 ------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss