How To Install psad on Fedora 34

psad is Port Scan Attack Detector (psad) watches for suspect traffic

Introduction

In this tutorial we learn how to install psad on Fedora 34.

What is `psad`

Port Scan Attack Detector (psad) is a lightweight system daemon written in Perl designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, tcp flags and corresponding nmap options, reverse DNS info, email and syslog alerting, automatic blocking of offending ip addresses via dynamic configuration of iptables rulesets, and passive operating system fingerprinting. In addition, psad incorporates many of the tcp, udp, and icmp signatures included in the snort intrusion detection system (https suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, xmas) which are easily leveraged against a machine via nmap. psad can also alert on snort signatures that are logged via fwsnort (https iptables string match module to detect application layer signatures.

We can use yum or dnf to install psad on Fedora 34. In this tutorial we discuss both methods but you only need to choose one of method to install psad.

Install psad on Fedora 34 Using dnf

Update yum database with dnf using the following command.

sudo dnf makecache --refresh

The output should look something like this:

Fedora 34 - x86_64                               20 kB/s | 6.6 kB     00:00
Fedora 34 openh264 (From Cisco) - x86_64        1.4 kB/s | 989  B     00:00
Fedora Modular 34 - x86_64                       68 kB/s | 6.5 kB     00:00
Fedora 34 - x86_64 - Updates                    3.5 kB/s | 6.2 kB     00:01
Fedora Modular 34 - x86_64 - Updates             17 kB/s | 5.9 kB     00:00
Metadata cache created.

After updating yum database, We can install psad using dnf by running the following command:

sudo dnf -y install psad

Install psad on Fedora 34 Using yum

Update yum database with yum using the following command.

sudo yum makecache --refresh

The output should look something like this:

Fedora 34 - x86_64                               20 kB/s | 6.6 kB     00:00
Fedora 34 openh264 (From Cisco) - x86_64        1.4 kB/s | 989  B     00:00
Fedora Modular 34 - x86_64                       68 kB/s | 6.5 kB     00:00
Fedora 34 - x86_64 - Updates                    3.5 kB/s | 6.2 kB     00:01
Fedora Modular 34 - x86_64 - Updates             17 kB/s | 5.9 kB     00:00
Metadata cache created.

After updating yum database, We can install psad using yum by running the following command:

sudo yum -y install psad

How To Uninstall psad on Fedora 34

To uninstall only the psad package we can use the following command:

sudo dnf remove psad

psad Package Contents on Fedora 34

/etc/logrotate.d
/etc/logrotate.d/psad
/etc/psad
/etc/psad/auto_dl
/etc/psad/icmp6_types
/etc/psad/icmp_types
/etc/psad/ip_options
/etc/psad/pf.os
/etc/psad/posf
/etc/psad/protocols
/etc/psad/psad.conf
/etc/psad/signatures
/etc/psad/snort_rule_dl
/etc/psad/snort_rules
/etc/psad/snort_rules/VERSION
/etc/psad/snort_rules/attack-responses.rules
/etc/psad/snort_rules/backdoor.rules
/etc/psad/snort_rules/bad-traffic.rules
/etc/psad/snort_rules/chat.rules
/etc/psad/snort_rules/classification.config
/etc/psad/snort_rules/ddos.rules
/etc/psad/snort_rules/deleted.rules
/etc/psad/snort_rules/dns.rules
/etc/psad/snort_rules/dos.rules
/etc/psad/snort_rules/emerging-all.rules
/etc/psad/snort_rules/experimental.rules
/etc/psad/snort_rules/exploit.rules
/etc/psad/snort_rules/finger.rules
/etc/psad/snort_rules/ftp.rules
/etc/psad/snort_rules/icmp-info.rules
/etc/psad/snort_rules/icmp.rules
/etc/psad/snort_rules/imap.rules
/etc/psad/snort_rules/info.rules
/etc/psad/snort_rules/local.rules
/etc/psad/snort_rules/misc.rules
/etc/psad/snort_rules/multimedia.rules
/etc/psad/snort_rules/mysql.rules
/etc/psad/snort_rules/netbios.rules
/etc/psad/snort_rules/nntp.rules
/etc/psad/snort_rules/oracle.rules
/etc/psad/snort_rules/other-ids.rules
/etc/psad/snort_rules/p2p.rules
/etc/psad/snort_rules/policy.rules
/etc/psad/snort_rules/pop2.rules
/etc/psad/snort_rules/pop3.rules
/etc/psad/snort_rules/porn.rules
/etc/psad/snort_rules/reference.config
/etc/psad/snort_rules/rpc.rules
/etc/psad/snort_rules/rservices.rules
/etc/psad/snort_rules/scan.rules
/etc/psad/snort_rules/shellcode.rules
/etc/psad/snort_rules/smtp.rules
/etc/psad/snort_rules/snmp.rules
/etc/psad/snort_rules/sql.rules
/etc/psad/snort_rules/telnet.rules
/etc/psad/snort_rules/tftp.rules
/etc/psad/snort_rules/virus.rules
/etc/psad/snort_rules/web-attacks.rules
/etc/psad/snort_rules/web-cgi.rules
/etc/psad/snort_rules/web-client.rules
/etc/psad/snort_rules/web-coldfusion.rules
/etc/psad/snort_rules/web-frontpage.rules
/etc/psad/snort_rules/web-iis.rules
/etc/psad/snort_rules/web-misc.rules
/etc/psad/snort_rules/web-php.rules
/etc/psad/snort_rules/x11.rules
/usr/bin/nf2csv
/usr/lib/systemd/system/psad.service
/usr/lib/tmpfiles.d/psad.conf
/usr/sbin/fwcheck_psad
/usr/sbin/psad
/usr/share/doc/psad
/usr/share/doc/psad/BENCHMARK
/usr/share/doc/psad/CREDITS
/usr/share/doc/psad/ChangeLog
/usr/share/doc/psad/FW_EXAMPLE_RULES
/usr/share/doc/psad/README.SYSLOG
/usr/share/doc/psad/README.md
/usr/share/doc/psad/SCAN_LOG
/usr/share/licenses/psad
/usr/share/licenses/psad/LICENSE
/usr/share/man/man1/nf2csv.1.gz
/usr/share/man/man8/fwcheck_psad.8.gz
/usr/share/man/man8/psad.8.gz
/var/lib/psad
/var/lib/psad/psadfifo
/var/log/psad
/var/run/psad
/var/run/psad/psad.cmd

References

psad website

Summary

In this tutorial we learn how to install psad on Fedora 34 using yum and dnf.