--- /dev/null
+commit 98debf7924cfaae1541e7684f7ec3ac30e3eaaf7 (HEAD, refs/heads/master)
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Wed Jan 2 23:12:43 2013 -0500
+
+ minor date update for psad-2.2.1 release
+
+ ChangeLog | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+commit da758cc9fffdc49bbf4ccf2236761e0f85da1f25
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Tue Jan 1 22:23:18 2013 -0500
+
+ bumped version to 2.2.1
+
+ VERSION | 2 +-
+ nf2csv | 2 +-
+ packaging/psad-nodeps.spec | 5 ++++-
+ packaging/psad-require-makemaker.spec | 5 ++++-
+ packaging/psad.spec | 5 ++++-
+ psad | 4 ++--
+ 6 files changed, 16 insertions(+), 7 deletions(-)
+
+commit 996ef41711b48643029c31c7d5c7e7cd9a9d035b
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Tue Jan 1 22:20:00 2013 -0500
+
+ Added EMAIL_THROTTLE for email throttling
+
+ Added the ability to throttle emails generated by psad via a new
+ EMAIL_THROTTLE variable which is implemented as a per-IP threshold. That
+ is, if EMAIL_THROTTLE is set to "10", then psad will only send 1/10th as
+ many emails for each scanning IP as it would have normally. This feature
+ was suggested by Naji Mouawad.
+
+ CREDITS | 4 ++++
+ ChangeLog | 10 +++++++++-
+ psad | 10 +++++++++-
+ psad.conf | 8 ++++++++
+ test/conf/auto_blocking.conf | 8 ++++++++
+ test/conf/default_psad.conf | 8 ++++++++
+ test/conf/disable_ipv6_detection.conf | 8 ++++++++
+ test/conf/enable_ack_detection.conf | 8 ++++++++
+ test/conf/ignore_tcp.conf | 8 ++++++++
+ test/conf/ignore_udp.conf | 8 ++++++++
+ test/conf/require_DROP_syslog_prefix_str.conf | 8 ++++++++
+ test/conf/require_missing_syslog_prefix_str.conf | 8 ++++++++
+ 12 files changed, 94 insertions(+), 2 deletions(-)
+
+commit b39dc01133d7b0e981c58622b5f0a9c48c979b81
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Tue Jan 1 20:56:00 2013 -0500
+
+ Configurable auto-blocking timeout values.
+
+ Oscar Marley suggested configurable auto-blocking timeout values depending on
+ the danger level that a scan or attack achieves. This resulted in the
+ implementation of the AUTO_BLOCK_DL*_TIMEOUT variables.
+
+ CREDITS | 5 ++
+ psad | 73 +++++++++++++++-------
+ psad.conf | 9 +++
+ test/conf/auto_blocking.conf | 11 +++-
+ test/conf/default_psad.conf | 9 +++
+ test/conf/disable_ipv6_detection.conf | 9 +++
+ test/conf/enable_ack_detection.conf | 9 +++
+ test/conf/ignore_tcp.conf | 9 +++
+ test/conf/ignore_udp.conf | 9 +++
+ test/conf/require_DROP_syslog_prefix_str.conf | 9 +++
+ test/conf/require_missing_syslog_prefix_str.conf | 9 +++
+ test/test-psad.pl | 26 +++++++-
+ 12 files changed, 162 insertions(+), 25 deletions(-)
+
+commit d78f288f0577e59e1b36447604ea040dc302caea
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Sat Dec 22 22:19:19 2012 -0500
+
+ added --analysis-auto-block mode to allow auto-responses to be testing in -A mode
+
+ psad | 36 +++++++++++++++++++++++-------------
+ psad.8 | 8 +++++++-
+ 2 files changed, 30 insertions(+), 14 deletions(-)
+
+commit 1d2602e6ba83f27042c6e59fa39d2320e0477ef3
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Sat Dec 22 22:15:14 2012 -0500
+
+ Added --enable-auto-block-tests for testing the auto-blocking functionality in psad
+
+ test/conf/auto_blocking.conf | 579 ++++++++++++++++++++++++++++++++++++++++++
+ test/test-psad.pl | 72 ++++--
+ 2 files changed, 633 insertions(+), 18 deletions(-)
+
+commit 574d31aff2702412d78016d509beedf8e866b7db (refs/remotes/web/master, refs/remotes/origin/master)
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Thu Dec 20 21:06:46 2012 -0500
+
+ Detect Topera IPv6 scans when IP options are logged
+
+ Added detection for Topera IPv6 scans when --log-ip-options is used in
+ the ip6tables logging rule. When this option is not used, the previous psad-2.2 release detected Topera scans. An example TCP SYN packet
+ generated by Topera when --log-ip-options is used looks like this (note the series of empty IP options strings "OPT ( )":
+
+ Dec 20 20:10:40 rohan kernel: [ 488.495776] DROP IN=eth0 OUT= MAC=00:1b:b9:76:9c:e4:00:13:46:3a:41:36:86:dd
+ SRC=2012:1234:1234:0000:0000:0000:0000:0001 DST=2012:1234:1234:0000:0000:0000:0000:0002 LEN=132 TC=0 HOPLIMIT=64
+ FLOWLBL=0 OPT ( ) OPT ( ) OPT ( ) OPT ( ) OPT ( ) OPT ( ) OPT ( ) OPT ( ) OPT ( ) PROTO=TCP SPT=61287 DPT=1 WINDOW=8192 RES=0x00 SYN
+ URGP=0
+
+ ChangeLog | 14 +
+ psad | 62 +-
+ .../scans/iptables/topera_ipv6_syn_scan_no_ip_opts | 1058 ++++++++++++++++++++
+ .../iptables/topera_ipv6_syn_scan_with_ip_opts | 1046 +++++++++++++++++++
+ test/test-psad.pl | 36 +
+ 5 files changed, 2200 insertions(+), 16 deletions(-)
+
+commit bd89cfbad0cdc4540f1b983811e40803b8fa29b9
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Mon Dec 17 23:05:56 2012 -0500
+
+ Parse fwsnort rules for 'msg' fields
+
+ Added the ability to acquire Snort rule 'msg' fields from fwsnort if
+ it's also installed. A new variable FWSNORT_RULES_DIR tells psad where
+ to look for the fwsnort rule set. This fixes a problem reported by Pui
+ Edylie to the psad mailing list where fwsnort logged an attack that psad
+ could not map back to a descriptive 'msg' field.
+
+ CREDITS | 6 ++
+ ChangeLog | 6 ++
+ psad | 106 ++++++++++++----------
+ psad.conf | 1 +
+ test/conf/default_psad.conf | 1 +
+ test/conf/disable_ipv6_detection.conf | 1 +
+ test/conf/enable_ack_detection.conf | 1 +
+ test/conf/ignore_tcp.conf | 1 +
+ test/conf/ignore_udp.conf | 1 +
+ test/conf/require_DROP_syslog_prefix_str.conf | 1 +
+ test/conf/require_missing_syslog_prefix_str.conf | 1 +
+ 11 files changed, 77 insertions(+), 49 deletions(-)
+
+commit 361281e7d38c68b8e8c201ca31ea9be0bc7ec858
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Sat Dec 15 22:12:22 2012 -0500
+
+ added nmap scan style details to syslog output
+
+ psad | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+commit 9659621061cd1a8032e736294cedcb3d79b7ae72
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Sat Dec 15 22:06:31 2012 -0500
+
+ completed IP protocol scan detection task
+
+ todo.org | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+commit 19bee218741a725a8085a937046164fea47ec310
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Sat Dec 15 22:03:26 2012 -0500
+
+ added IP protocol scan output to psad emails
+
+ psad | 69 +++++++++++++++++++++++++++++++++---------------------------------
+ 1 file changed, 35 insertions(+), 34 deletions(-)
+
+commit 6383941e87c5cadbc6f34eed99adcf26e2264818
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Sat Dec 15 22:02:42 2012 -0500
+
+ additional regex's to look for perl warnings
+
+ test/test-psad.pl | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+commit 8018338cd7668da7447fc5e106f4ae2285a972bf
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Fri Dec 14 21:04:31 2012 -0500
+
+ [test suite] added --analysis-write-data to psad test command line
+
+ test/test-psad.pl | 34 +++++++++++++++++-----------------
+ 1 file changed, 17 insertions(+), 17 deletions(-)
+
+commit 668453375e2256c6a7e182b211ac2acce0cb4764
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Sun Dec 9 21:31:22 2012 -0500
+
+ added 'Other' protocols to per-IP 'Global stats' output for protocol scans
+
+ psad | 35 +++++++++++++++++++++++++++++------
+ 1 file changed, 29 insertions(+), 6 deletions(-)
+
+commit 1e9afc6f82328f16ca415524484b0fc3b354fe9e
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Sun Dec 9 21:22:50 2012 -0500
+
+ remove 'multiproto' hash key in favor of new 'tot_protocols' hash key (used in -sO protocol scan detection)
+
+ psad | 7 +------
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+commit 760e02b3c2c796e4856ec1338684c84679a15580
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Sun Dec 9 21:14:46 2012 -0500
+
+ minor bug fix for uninitialized variable usage in ICMP6 invalid type/code detection
+
+ psad | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+commit 4e059858de6bf4d553591c83fe022c17b3904732
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Fri Dec 7 22:34:08 2012 -0500
+
+ added IP protocol scan test
+
+ test/test-psad.pl | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+commit 9fd7ce6cdb2303b1d698decb9708980e4e1997ee
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Fri Dec 7 22:32:46 2012 -0500
+
+ removed ununsed is_digit() function
+
+ psad | 6 ------
+ 1 file changed, 6 deletions(-)
+
+commit 91dfe52f4a340ba52d70e03b40fb43b71774b0d5
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Fri Dec 7 21:23:22 2012 -0500
+
+ first cut at IP protocol scan detection (nmap -sO)
+
+ ChangeLog | 11 +-
+ VERSION | 2 +-
+ nf2csv | 2 +-
+ psad | 213 +++++++--
+ psad.conf | 6 +
+ test/conf/default_psad.conf | 6 +
+ test/conf/disable_ipv6_detection.conf | 6 +
+ test/conf/enable_ack_detection.conf | 6 +
+ test/conf/ignore_tcp.conf | 6 +
+ test/conf/ignore_udp.conf | 6 +
+ test/conf/require_DROP_syslog_prefix_str.conf | 6 +
+ test/conf/require_missing_syslog_prefix_str.conf | 6 +
+ test/scans/iptables/proto_scan | 510 ++++++++++++++++++++++
+ 13 files changed, 745 insertions(+), 41 deletions(-)
+
+commit 518880f270688cd903112395db97db85a89212ed
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Fri Dec 7 21:18:58 2012 -0500
+
+ added 'protocols' file in support of IP protocol scan detection (nmap -sO)
+
+ install.pl | 6 +++---
+ protocols | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 67 insertions(+), 3 deletions(-)
+
+commit f20a57a6a37963ea1b27931d297f0791fbca544f
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Sat Dec 1 14:36:08 2012 -0500
+
+ replaced TODO with todo.org org mode file
+
+ TODO | 91 --------------------------------------------------------------
+ todo.org | 85 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 85 insertions(+), 91 deletions(-)
+
+commit eab733f4f51270116daba9eae8d221e236af9c26
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Thu Nov 22 22:17:00 2012 -0500
+
+ another hyphen fix
+
+ psad.8 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+commit f2c44bbd02f8db51758a3160c527245ba8879599
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Thu Nov 22 22:16:00 2012 -0500
+
+ applied hyphen fix from Franck Joncourt
+
+ psad.8 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+commit a3d8daabbc60da23116141fd5d899573c3bda199
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Tue Nov 20 21:00:00 2012 -0500
+
+ added Gregorio Narvaez
+
+ CREDITS | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+commit ff46fe12b238b7f7b63b2f31345bb6a8f99f7efe
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Tue Nov 20 20:58:00 2012 -0500
+
+ Bug fix for NetAddr::IP usage in --analysis-fields IP search mode
+
+ Bug fix in --Analyze mode when IP fields are to be searched with the
+ --analysis-fields argument (such as --analysis-fields "SRC:1.2.3.4").
+ The bug was reported by Gregorio Narvaez, and looked like this:
+
+ Use of uninitialized value $_[0] in length at
+ ../../blib/lib/NetAddr/IP/UtilPP.pm (autosplit into
+ ../../blib/lib/auto/NetAddr/IP/UtilPP/hasbits.al) line 126.
+ Use of uninitialized value $_[0] in length at
+ ../../blib/lib/NetAddr/IP/UtilPP.pm (autosplit into
+ ../../blib/lib/auto/NetAddr/IP/UtilPP/hasbits.al) line 126.
+ Bad argument length for NetAddr::IP::UtilPP::hasbits, is 0, should be
+ 128 at ../../blib/lib/NetAddr/IP/UtilPP.pm (autosplit into
+ ../../blib/lib/auto/NetAddr/IP/UtilPP/_deadlen.al) line 122.
+
+ Added --stdin argument to allow psad to collect iptables log data from
+ STDIN in --Analyze mode.
+
+ ChangeLog | 18 +++++
+ psad | 59 +++++++++++----
+ psad.8 | 6 ++
+ test/install.answers | 24 ++++++
+ test/test-psad.pl | 197 +++++++++++++++++++++++++++++++++++++++++++++++++-
+ 5 files changed, 289 insertions(+), 15 deletions(-)
+
+commit 30120fbc5d44519aa378333c494e456e6aded331 (tag: refs/tags/psad-2.3-pre1)
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Mon Jun 11 20:58:36 2012 -0400
+
+ bumped version to psad-2.3-pre1
+
+ VERSION | 2 +-
+ nf2csv | 2 +-
+ psad | 4 ++--
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+commit 99ac4ab1eed310adbe4d24bdee9b67ee6dfb7905
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Mon Jun 11 20:56:19 2012 -0400
+
+ minor comment wording update w.r.t. SYSLOG_DAEMON usage
+
+ psad.conf | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+commit e5ada77ddf8dbec564fee5e50734460e28b5a185
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Mon Jun 11 20:55:50 2012 -0400
+
+ INSTALL_ROOT resolution bug fix (found by Kat)
+
+ CREDITS | 4 ++++
+ kmsgsd.c | 20 ++++++++++++++++++++
+ 2 files changed, 24 insertions(+)
+
+commit 8dedbcad794e3b539f2df202feb8a15b50e6e75a
+Author: Michael Rash <mbr@cipherdyne.org>
+Date: Sat May 26 21:30:50 2012 -0400
+
+ removed legacy psadwatchd.conf file references
+
+ packaging/psad-nodeps.spec | 4 +---
+ packaging/psad-require-makemaker.spec | 4 +---
+ packaging/psad.spec | 4 +---
+ 3 files changed, 3 insertions(+), 9 deletions(-)
projects / psad.git / commitdiff