Michael Rash, Security Researcher

Software Release - psad-2.0.5

psad-2.0.5 release The 2.0.5 release of psad is ready for download. This release has a few bugfixes and cleanups; most notably the kmsgsd.conf, psadwatchd.conf, fw_search.conf, and alert.conf files have all been consolidated within the psad.conf file. Here is the ChangeLog:
  • Bugfix to account for iptables -nL output where the protocol may be reported as "0" instead of "all".
  • Added a function safe_malloc() for kmsgsd.c and psadwatchd.c to ensure that a single API is used to perform a NULL check on heap-allocated memory.
  • Bugfix to ensure that the psad_ip_len signature matching keyword is checked withing match_snort_ip_keywords() so that it applies to all protocol packets. This fixes a bug that would cause the "PSAD-CUSTOM Nachi worm reconnaisannce" signature to fire on normal ICMP packet log messages.
  • Consolidated all configuration variables into the /etc/psad/psad.conf file. The kmsgsd.conf, psadwatchd.conf, alert.conf, and fw_search.conf files were all removed since the daemons just reference the psad.conf now. Updated to archive and remove these files if they exist from a previous psad installation.
  • Added version and Subversion file revision numbers to die and warn messages that are written to /var/log/psad/errs/. This helps when trying to track these messages down to a specific file revisions when psad is being upgraded on the local system.
  • Added version and Subversion file revision numbers to --Dump-conf output.
  • Minor update to allow --fw-dump to be used on the command line without also having to use the -D argument.
  • Updated the default_log() function in the IPTables::Parse module to handle iptables policies that were dumped with -v, such as when --Dump-conf is used.