我已经psad在Ubuntu服务器上安装,并设置了相应的iptables规则:
iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG
但是运行时psad --Status,psad 似乎不起作用。查看日志:
[+] Version: psad v2.1.7
[+] Top 50 signature matches:
[NONE]
[+] Top 25 attackers:
[NONE]
[+] Top 20 scanned ports:
[NONE]
[+] iptables log prefix counters:
[NONE]
Total packet counters: tcp: 0, udp: 0, icmp: 0
[+] IP Status Detail:
[NONE]
Total scan sources: 0
Total scan destinations: 0
我也收到了这封电子邮件:
[-] You may just need to add a default logging rule to the INPUT chain on
transportecabo. For more information, see the file "FW_HELP" in
the psad sources directory or visit:
http://www.cipherdyne.org/psad/docs/fwconfig.html
可以看到,iptables 规则没有问题:
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning
Chain FORWARD (policy ACCEPT)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
为什么它没有捕获任何东西?
我将我的全部内容复制psad.conf到 pastebin 上:http://pastebin.com/JQzj9NhB