Michael Rash, Security Researcher

Software Release - psad-1.3.1

The 1.3.1 release of psad is ready for download. Here is an excerpt from the ChangeLog:
  • Added the ability to import /var/log/psad/<ip> directories back into memory so scan data remains persistent across psad restarts or system reboots.
  • Added --Analyze-msgs to run psad in analysis mode against an iptables logfile (/var/log/psad/fwdata by default). The logfile path can be changed with --messages-file.
  • Added icmp type and code validation against RFC 792.
  • Bugfix for being too strict with FW_MSG_SEARCH.
  • Added port ranges for tcp and udp scans in <ip>/<dst>_packet_ctr.
  • Added <ip>/<dst>_start_time and <ip>/os_guess.
  • Bugfix for missing --no-signatures code.
  • Updated to Snort-2.1 signatures.