Michael Rash, Security Researcher

Software Release - psad-1.3.2

The 1.3.2 release of psad is ready for download. Here is an excerpt from the ChangeLog:
  • Removed FW_MSG_SEARCH from psad.conf, and created a new config file "fw_search.conf" that both psad and kmsgsd use to get the FW_MSG_SEARCH definition(s).
  • Added default mode of parsing all iptables messages instead of just those that contain specific search strings. A new config variable "FW_SEARCH_ALL" was added to fw_search.conf that controls this mode.
  • Updated psad and kmsgsd so that multiple firewall search strings can be specified through multiple FW_MSG_SEARCH variables in fw_search.conf.
  • Added iptables chain and logging-prefix tracking for current scan interval in email alerts.
  • Added protocol-specific auto-danger level assignments.
  • Added total scan source and destination IP address counters in --Status output.