FWCHECK_PSAD(8) System Manager's Manual FWCHECK_PSAD(8)NAME
fwcheck_psad - look for iptables rules that log and block unwanted packets.
SYNOPSIS
fwcheck_psad [options]
DESCRIPTION
fwcheck_psad parses the iptables ruleset on the underlying system to see if iptables has been configured to log and block unwanted packets
by default. This program is called by psad , but can also be executed manually from the command line.
OPTIONS --config
Specify path to the psad configuration file. By default this is /etc/psad/psad.conf.
--fw-file
Allow the user to analyze a specific rulset from a file rather than the local policy.
--fw-analyze
Analyze the local iptables ruleset and exit.
--no-fw-search-all
Look for specific log prefix defined through the FW_MSG_SEARCH variable(s) in the configuration file.
--Lib-dir
Specify path to psad lib directory.
--help
Display the help message.
SEE ALSO iptables(8), psad(8)AUTHOR
Michael Rash <mbr@cipherdyne.org>
BUGS
Send bug reports to mbr@cipherdyne.org. Suggestions and/or comments are always welcome as well.
DISTRIBUTION
psad is distributed under the GNU General Public License (GPL), and the latest version may be downloaded from: http://www.cipherdyne.org/
Debian GNU/Linux Aug, 2008 FWCHECK_PSAD(8)
Check Out this Related Man Page
PSADWATCHD(8) System Manager's Manual PSADWATCHD(8)NAME
psadwatchd - checks to make sure kmsgsd and psad are running.
SYNOPSIS
psadwatchd [options]
DESCRIPTION
psadwatchd checks on an interval of every five seconds to make sure that kmsgsd and psad are running on the box. If either of the other
two daemons have died, psadwatchd will restart the daemon and notify each email address listed in the EMAIL_ADDRESSES variable (see
/etc/psad/psad.conf) that the daemon has been restarted. psadwatchd uses the psad.conf configuration file which by default is located at
/etc/psad/psad.conf, but a different path can be specified on the command line.
OPTIONS -c <config-file>
Specify path to config file instead of using the default configuration file /etc/psad/psad.conf.
-D Dump the configuration values that psadwatchd derives from /etc/psad/psad.conf (or other override files) on STDERR.
-h Display usage information and exit.
-O <config-file>
Override config variable values that are normally read from the /etc/psad/psad.conf file with values from the specified file. Mul-
tiple override config files can be given as a comma separated list.
SEE ALSO psad(8), kmsgsd(8),
AUTHOR
Michael Rash (mbr@cipherdyne.org)
This manual page was written by Daniel Gubser <daniel.gubser@gutreu.ch> for the Debian GNU/Linux system (but may be used by others).
DISTRIBUTION
psad is distributed under the GNU General Public License (GPL), and the latest version may be downloaded from http://www.cipherdyne.org
Debian GNU/Linux March 2009 PSADWATCHD(8)
Hi guys,
I need to analyze the following alert log file:
Beginning log switch checkpoint up to RBA , SCN: 3916025539605
Sat May 1 00:54:52 2010
Thread 1 advanced to log sequence 271423 (LGWR switch)
Current log# 1 seq# 271423 mem# 0: /dw/stg_redo01/log_dwstg_g1_m1.log
Current log# 1... (7 Replies)
Hello everyone...I have large txt file and I would like to remove unwanted specific line.
My data is like this:
So I would like to remove from line below No. until line reassambled like this:
Thanks... (4 Replies)
Hi gurus,
1st:
Is possible to detect port scanning just by using utilities included in linux (netstat, iptables...), Yes there is utility called psad but I would write some scripts for my own and learn something new :)
2nd:
Could you point me to good tutorial for writing own Intrusion... (1 Reply)
Hi Guys,
Can someone give me a hand on how I can remove unwanted strings like "<Number>" and "</Number>" and retain only the numbers from the input file below.
INPUT FILE:
<Number>10050000</Number>
<Number>1001340001</Number>
<Number>1001750002</Number>
<Number>100750003</Number>... (8 Replies)