Michael Rash [Wed, 14 Dec 2011 02:51:22 +0000]
bumped version to 3.0-pre1
Michael Rash [Wed, 14 Dec 2011 02:49:50 +0000]
bug fix to parse iptables syslog date into a proper numeric time
Michael Rash [Wed, 14 Dec 2011 01:28:46 +0000]
minor bug fix to call older passive OS fingerprinting routine for non-IPv6 packets
Michael Rash [Tue, 13 Dec 2011 02:00:39 +0000]
interim commit to maintain better separation between IPv4 and IPv6 passive OS fingerprinting code
Michael Rash [Sat, 10 Dec 2011 19:49:21 +0000]
Added MAX_SCAN_IP_PAIRS
Thic commit allows psad memory usage to be constrained by restricting the
number of unique IP pairs that psad tracks via a new config variable
MAX_SCAN_IP_PAIRS. This is useful for when psad is deployed on systems with
little memory, and is best utilized in conjunction with disabling
ENABLE_PERSISTENCE so that old scans will also be deleted (and thereby making
room for tracking new scans under the MAX_SCAN_IP_PAIRS threshold).
Michael Rash [Sat, 10 Dec 2011 17:53:23 +0000]
reworked how old scans are deleted, and added a new PERSISTENCE_CTR_THRESHOLD variable to control this
Michael Rash [Sat, 10 Dec 2011 15:37:25 +0000]
update to not collect err packets in --no-ipt-errors mode
Michael Rash [Fri, 9 Dec 2011 20:40:26 +0000]
Completed conversion to NetAddr::IP module
This commit completes the conversion to the NetAddr::IP module for all IP
address comparisions. Also re-worked Snort keyword matching to maximize
performance.
Michael Rash [Tue, 6 Dec 2011 01:52:15 +0000]
added the deps/NetAddr-IP directory
Michael Rash [Tue, 6 Dec 2011 01:46:33 +0000]
made --packets apply to --Analyze mode, man page doc fixes relative to the old psadfifo file
Michael Rash [Mon, 1 Aug 2011 01:23:28 +0000]
Removed Net::IPv4Addr module for NetAddr:IP replacement
The Net::IPv4Addr module does not handle IPv6 addresses, and so it will be
replaced with the NetAddr:IP module.
Michael Rash [Sat, 30 Jul 2011 02:15:12 +0000]
Added code to separate ipv4 vs. ipv6 p0f attempts
There are not yet any IPv6 fingerprints for p0f, so psad needs to ensure that
its p0f implementation over iptables log messages is restricted to IPv4
packets. This change will make it easier to integrate an IPv6 implementation
of p0f as well.
Michael Rash [Wed, 27 Jul 2011 02:42:33 +0000]
Renamed ChangeLog -> ChangeLog.old
Renamed the original ChangeLog -> ChangeLog.old and replace it with output from
'git log'.
Michael Rash [Wed, 27 Jul 2011 00:54:24 +0000]
Updated to the latest p0f signatures from OpenBSD
Updated to the latest p0f signatures in the pf.os file from the OpenBSD
project.
Michael Rash [Wed, 27 Jul 2011 00:41:35 +0000]
Bug fix for scan sources reported as destinations
In the /var/log/psad/<ip>/ directories, whois information is stored in the
<IP>_whois files, the IP in the filename was included as a destination IP under
the psad -S output. This commit fixes this bug. Here is an example of the
invalid output:
[+] IP Status Detail:
SRC: 123.123.123.221, DL: 2, Dsts: 2, Pkts: 1, Unique sigs: 1, Email alerts: 1
DST: 1.2.3.4, Local IP
Scanned ports: TCP 1433, Pkts: 1, Chain: INPUT, Intf: eth0
Signature match: "MISC Microsoft SQL Server communication attempt"
TCP, Chain: INPUT, Count: 1, DP: 1433, SYN, Sid: 100205
DST: 123.123.123.221
Michael Rash [Wed, 27 Jul 2011 00:38:52 +0000]
Added 'udplite' as a supported protocol
iptables can produce log message for the udplite protocol (IP protocol 136),
and this commit starts to work in udplite support after such messages have
been parsed.
Michael Rash [Tue, 26 Jul 2011 02:13:09 +0000]
Added the ENABLE_IPV6_DETECTION variable
The ENABLE_IPV6_DETECTION variable controls whether psad will parse or ignore
IPv6 iptables log messages. This is enabled by default.
Michael Rash [Tue, 26 Jul 2011 02:09:11 +0000]
Make ENABLE_* vars accept case-insensitive values
Allow ENABLE_* psad.conf variables to have values like 'y', 'n', 'Yes', 'No',
etc.
Michael Rash [Tue, 26 Jul 2011 01:42:57 +0000]
Bug fix for ICMP time exceeded packets for TCP
TCP connections can be met with ICMP time exceeded messages, and this fix
ensures that they are recognized. Here is an example of such a message:
Jan 24 23:21:46 minastirith kernel: [711473.921049] DROP IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:5c:24:ea:81:08:00 SRC=123.123.123.1 DST=255.255.255.255 LEN=355 TOS=0x00 Jan 25 11:31:32 minastirith kernel: [755260.336492] DROP INVALID IN=eth0 OUT= MAC=00:13:46:3a:41:36:00:01:5c:24:ea:81:08:00 SRC=202.97.39.53 DST=1.1.1.1 LEN=56 TOS=0x00 PREC=0x20 TTL=240 ID=11594 PROTO=ICMP TYPE=11 CODE=0 [SRC=1.1.1.1 DST=2.2.2.2 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=18273 MF PROTO=TCP INCOMPLETE [8 bytes] ]
Michael Rash [Tue, 26 Jul 2011 01:17:24 +0000]
Added call to get_connected_subnets() in -A mode.
Make sure to get local networks in --Analyze mode for is_local() checks.
Michael Rash [Tue, 26 Jul 2011 01:07:20 +0000]
Bugfix introduced by
edc028d46d83cd3f6952e0dde99ebd731366a2f6
Bugfix to make sure that protocol counters are written to the counters file
via the proper filehandle.
Michael Rash [Tue, 26 Jul 2011 01:00:29 +0000]
Minor wording update for syslog messages parsing
Minor documentation update to better describe the default parsing behavior of
psad (non-usage of the psadfifo and kmsgsd by default).
Michael Rash [Tue, 26 Jul 2011 00:27:55 +0000]
Minor update Netfilter -> iptables wording
It is more proper to refer to iptables in the context of psad operations, so
changed all "Netfilter" references to "iptables".
Michael Rash [Mon, 25 Jul 2011 02:06:54 +0000]
Minor change to rework global protocol counters
Minor restructuring to be able to more easily support protocols that are
logged via iptables via a 'defined' check on a global protocol tracking
hash.
Michael Rash [Sun, 24 Jul 2011 19:54:28 +0000]
Minor filehandle warning bug fix.
perl likes to generate warnings like the one seen below if the STDOUT or STDERR
filehandles are closed when going into daemon mode and other filehandles are
used. This change removes closing these filehandles when psad is run as a
daemon:
Sun Jul 24 14:27:44 2011 psad v2.1.8-pre2 pid: 11675 Filehandle STDOUT reopened as F only for input at /usr/sbin/psad line 9924.
Michael Rash [Sat, 23 Jul 2011 14:39:17 +0000]
Minor update in filehandle usage for mail messages
Minor change to try and avoid the following warning messages logged to
/var/log/psad/errs/psad.warn:
Sun Nov 28 12:09:44 2010 psad v2.1.8-pre1 (file rev: 2309) pid: 1600 Filehandle STDERR reopened as F only for input at /usr/sbin/psad line 9756.
It is likely that other changes will be necessary in order to completely stop
these messages.
Michael Rash [Sat, 23 Jul 2011 14:18:56 +0000]
Implemented parsing support for IPv6 via ip6tables
This is the first major commit for IPv6 support, and starts with the ability to
parse IPv6 log messages for the following protocols: TCP, UDP, UDPLITE, and
ICMP6. Scans and signature matches are not yet detected, but that is coming
soon. Here are a few example ip6tables logging messages that psad now
supports:
Jul 21 19:07:39 minastirith kernel: [1912155.755862] IPv6 Packet IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:86:dd SRC=0000:0000:0000:0000:0000:0000:0000:0001 DST=0000:0000:0000:0000:0000:0000:0000:0001 LEN=59 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=UDP SPT=35186 DPT=12345 LEN=19
Jul 21 19:07:39 minastirith kernel: [1912155.755921] IPv6 Packet IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:86:dd SRC=0000:0000:0000:0000:0000:0000:0000:0001 DST=0000:0000:0000:0000:0000:0000:0000:0001 LEN=107 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=1 CODE=4 [SRC=0000:0000:0000:0000:0000:0000:0000:0001 DST=0000:0000:0000:0000:0000:0000:0000:0001 LEN=59 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=UDP SPT=35186 DPT=12345 LEN=19 ]
Jul 21 19:07:40 minastirith kernel: [1912156.845421] IPv6 Packet IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:86:dd SRC=0000:0000:0000:0000:0000:0000:0000:0001 DST=0000:0000:0000:0000:0000:0000:0000:0001 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=21264 SEQ=1
Jul 21 19:07:40 minastirith kernel: [1912156.845478] IPv6 Packet IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:86:dd SRC=0000:0000:0000:0000:0000:0000:0000:0001 DST=0000:0000:0000:0000:0000:0000:0000:0001 LEN=104 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=ICMPv6 TYPE=129 CODE=0 ID=21264 SEQ=1
Jul 21 19:08:15 minastirith kernel: [1912191.806437] IPv6 Packet IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:86:dd SRC=0000:0000:0000:0000:0000:0000:0000:0001 DST=0000:0000:0000:0000:0000:0000:0000:0001 LEN=80 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=TCP SPT=55551 DPT=22 WINDOW=32752 RES=0x00 SYN URGP=0
Jul 21 19:08:15 minastirith kernel: [1912191.806509] IPv6 Packet IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:86:dd SRC=0000:0000:0000:0000:0000:0000:0000:0001 DST=0000:0000:0000:0000:0000:0000:0000:0001 LEN=80 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=TCP SPT=22 DPT=55551 WINDOW=32728 RES=0x00 ACK SYN URGP=0
Jul 21 19:08:15 minastirith kernel: [1912191.806570] IPv6 Packet IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:86:dd SRC=0000:0000:0000:0000:0000:0000:0000:0001 DST=0000:0000:0000:0000:0000:0000:0000:0001 LEN=72 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=TCP SPT=55551 DPT=22 WINDOW=256 RES=0x00 ACK URGP=0
Jul 21 19:08:15 minastirith kernel: [1912191.835221] IPv6 Packet IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:86:dd SRC=0000:0000:0000:0000:0000:0000:0000:0001 DST=0000:0000:0000:0000:0000:0000:0000:0001 LEN=111 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=TCP SPT=22 DPT=55551 WINDOW=256 RES=0x00 ACK PSH URGP=0
Jul 21 19:08:15 minastirith kernel: [1912191.835292] IPv6 Packet IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:86:dd SRC=0000:0000:0000:0000:0000:0000:0000:0001 DST=0000:0000:0000:0000:0000:0000:0000:0001 LEN=72 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=TCP SPT=55551 DPT=22 WINDOW=256 RES=0x00 ACK URGP=0
Jul 21 19:08:17 minastirith kernel: [1912194.391506] IPv6 Packet IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:86:dd SRC=0000:0000:0000:0000:0000:0000:0000:0001 DST=0000:0000:0000:0000:0000:0000:0000:0001 LEN=72 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=TCP SPT=55551 DPT=22 WINDOW=256 RES=0x00 ACK FIN URGP=0
Jul 21 19:08:17 minastirith kernel: [1912194.392596] IPv6 Packet IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:86:dd SRC=0000:0000:0000:0000:0000:0000:0000:0001 DST=0000:0000:0000:0000:0000:0000:0000:0001 LEN=72 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=TCP SPT=22 DPT=55551 WINDOW=256 RES=0x00 ACK FIN URGP=0
Jul 21 19:08:17 minastirith kernel: [1912194.392678] IPv6 Packet IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:86:dd SRC=0000:0000:0000:0000:0000:0000:0000:0001 DST=0000:0000:0000:0000:0000:0000:0000:0001 LEN=72 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=TCP SPT=55551 DPT=22 WINDOW=256 RES=0x00 ACK URGP=0
Michael Rash [Wed, 13 Jul 2011 02:07:29 +0000]
Moved running as root check into is_root()
Minor update to put the running as root check into a new is_root() function.
Michael Rash [Wed, 13 Jul 2011 02:05:12 +0000]
Minor copyright update
Updated the copyright date to 2011.
Michael Rash [Wed, 13 Jul 2011 02:02:30 +0000]
Minor variable initialization update
Minor change to make sure to initialize a few global variables.
Michael Rash [Fri, 17 Jun 2011 11:59:29 +0000]
Removed "$Id$" tags (meaningless for git)
All "$Id$" expansion tags were removed since they were a hold-over from the
svn days. This also meant that the "file revision: <N>" output for "psad -V"
was removed too.
Michael Rash [Wed, 29 Dec 2010 01:28:27 +0000]
minor comment bug fix
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2315
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Thu, 25 Nov 2010 18:01:57 +0000]
bumped version to 2.1.8-pre2
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2313
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Thu, 25 Nov 2010 18:01:43 +0000]
- Altered the 'ET MALWARE Bundleware Spyware CHM Download' Snort rule in
the bundled Emerging Threats rule set to make sure that ClamAV does not
flag on the pattern "mhtml\:file\://" which is associated with the
following ClamAV signature:
$ grep Exploit.HTML.MHTRedir-8 main.ndb
Exploit.HTML.MHTRedir-8:3:*:
6d68746d6c3a66696c653a2f2f{1-20}2168
An analysis of this issue was posted here:
http://www.cipherdyne.org/blog/2010/08/22.html
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2312
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Thu, 25 Nov 2010 16:02:29 +0000]
- Bug fix for ICMP packet handling where psad would incorrectly interpret
ICMP port unreachable messages as UDP packets because the UDP specifics
are included in the iptables log message. This bug was first reported by
Lukas Baxa to the Debian maintainers and was followed up by Franck
Joncourt:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596240
An example ICMP log message that exposed the bug is included below:
Sep 8 18:04:26 baxic kernel: [28241.572876] IN_DROP IN=wlan0
OUT= MAC=00:1a:9f:91:df:ae:00:21:27:e8:0a:a0:08:00
SRC=10.0.0.138 DST=192.168.1.103 LEN=96 TOS=0x00 PREC=0xC0 TTL=254
ID=63642 PROTO=ICMP TYPE=3 CODE=3
[SRC=192.168.1.103 DST=10.0.0.138 LEN=68 TOS=0x00 PREC=0x00 TTL=0
ID=22458 PROTO=UDP SPT=35080 DPT=33434 LEN=48 ]
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2311
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sat, 7 Aug 2010 12:50:18 +0000]
bumped version to 2.1.8-pre1
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2309
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sat, 7 Aug 2010 12:49:55 +0000]
minor date update
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2308
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sat, 7 Aug 2010 12:49:18 +0000]
changed all instances of 'href' to 'hr'
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2307
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Wed, 28 Jul 2010 02:45:39 +0000]
updated to whois-5.0.6
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2306
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Wed, 28 Jul 2010 02:44:29 +0000]
updated to whois-5.0.6
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2305
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Thu, 15 Jul 2010 03:42:11 +0000]
Changed all '_aref' instances to '_ar'
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2304
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Wed, 14 Jul 2010 23:06:00 +0000]
minor typo fix
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2303
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Wed, 14 Jul 2010 22:45:45 +0000]
minor whois comment update
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2302
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Wed, 14 Jul 2010 21:52:07 +0000]
psad-2.1.7 release
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2298
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Wed, 14 Jul 2010 21:02:07 +0000]
- Updated psad to issues whois lookups against IP addresses that are not
directly connected to the local system. This is useful for example when
an internal system is scanning an external destination system, and the
scan is logged in the FORWARD chain. Issuing whois lookups on the
internal system (frequently on RFC 1918 address space) is not usually
very useful, but issuing the whois lookup against the destination system
gives much more interesting data. This feature can be disabled with the
new ENABLE_WHOIS_FORCE_SRC_IP variable.
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2297
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Wed, 14 Jul 2010 15:00:07 +0000]
- Added ENABLE_WHOIS_FORCE_ASCII to replace any non-ascii characters in
whois data (which is common with whois lookups against Chinese IP
addresses for example) with the string "NA". This option is disabled by
default, but can be useful if errors like the following are seen upon
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2296
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Mon, 12 Jul 2010 01:06:13 +0000]
bumped version to 2.1.7-pre1
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2294
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Mon, 12 Jul 2010 01:05:46 +0000]
(Dan A. Dickey) Added the ability to use the "ip" command from the
iproute2 tools to acquire IP addresses from local interfaces. Dan's
description is as follows: "...A main reason for doing this is in the
case of multi-homed hosts. ifconfig sets these up on an interface using
aliases, iproute2 does not. So, for a multi-homed interface (eth0 with
multiple addresses), ifconfig -a only shows the first one configured and
not the rest. ip addr shows all of the configured addresses...".
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2293
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Fri, 9 Jul 2010 19:27:52 +0000]
updated RPM spec files for the 2.1.6 release
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2289
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Fri, 9 Jul 2010 19:23:46 +0000]
psad-2.1.6 release date
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2288
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Fri, 9 Jul 2010 11:49:29 +0000]
added ChangeLog detail to the Decode_Month() bug (specifically the error message itself)
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2287
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Thu, 8 Jul 2010 11:47:19 +0000]
minor bug fix in legacy code to reference the selected syslog.conf for existance problems
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2286
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Thu, 8 Jul 2010 00:18:16 +0000]
bumped version to 2.1.6
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2285
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Thu, 8 Jul 2010 00:16:29 +0000]
minor ChangeLog update
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2284
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Fri, 2 Jul 2010 01:02:53 +0000]
tagged psad-2.1.6-pre4
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2282
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Fri, 2 Jul 2010 01:02:04 +0000]
- Bug fix for Decode_Month() call in DShield processing code to ensure
proper month handling for iptables log message time stamps.
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2281
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Tue, 2 Feb 2010 03:42:59 +0000]
applied man page spelling fix from Franck
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2280
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Tue, 2 Feb 2010 03:39:06 +0000]
minor spaces fix
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2279
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Wed, 23 Dec 2009 02:13:47 +0000]
minor copyright update
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2278
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Wed, 2 Dec 2009 01:47:57 +0000]
minor formatting fix
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2277
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sat, 14 Nov 2009 03:17:33 +0000]
minor wording fix
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2276
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sat, 14 Nov 2009 03:16:28 +0000]
minor wording fix (found by Simon)
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2275
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sat, 5 Sep 2009 18:56:06 +0000]
minor usage() dashes fix
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2274
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sat, 5 Sep 2009 18:55:49 +0000]
For all RPM's built on the local system (Ubuntu for now), updated to reference the
"-nobuildreqs.spec" file so that the "BuildRequires: perl-ExtUtils-MakeMaker" directive
is not used. Using this results in the following error on an Ubuntu system where no
software is installed/upgrade with RPM:
rpm: To install rpm packages on Debian systems, use alien. See README.Debian.
error: cannot open Packages index using db3 - No such file or directory (2)
error: cannot open Packages database in /var/lib/rpm
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2273
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sat, 5 Sep 2009 18:55:39 +0000]
For all RPM's built on the local system (Ubuntu for now), updated to reference the
"-nobuildreqs.spec" file so that the "BuildRequires: perl-ExtUtils-MakeMaker" directive
is not used. Using this results in the following error on an Ubuntu system where no
software is installed/upgrade with RPM:
rpm: To install rpm packages on Debian systems, use alien. See README.Debian.
error: cannot open Packages index using db3 - No such file or directory (2)
error: cannot open Packages database in /var/lib/rpm
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2272
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Thu, 3 Sep 2009 02:18:57 +0000]
applied update patch to the psad.SlackBuild file from pyllyukko
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2271
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Thu, 30 Jul 2009 06:11:13 +0000]
updated to include Sourcefire trademark mention
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2270
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Thu, 30 Jul 2009 06:10:52 +0000]
(Franc Joncourt) Found psad man page section errors with manpage-alert.
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2269
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Wed, 1 Apr 2009 03:49:02 +0000]
bumped version to 2.1.6-pre3
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2267
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Wed, 1 Apr 2009 03:48:41 +0000]
(Franck Joncourt) finished off the --Override-config code for kmsgsd and HUP signal handling, and added man page updates as well
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2266
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sat, 28 Mar 2009 14:09:49 +0000]
bumped version to 2.1.6-pre2
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2264
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sat, 28 Mar 2009 14:09:34 +0000]
- (Franck Joncourt) Added --Override-config feature so that alternate
configuration files can be specified on the command line to override
configuration variables in the standard /etc/psad/psad.conf file.
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2263
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Tue, 24 Mar 2009 03:10:34 +0000]
bumped version to 2.1.6-pre1
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2261
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Tue, 24 Mar 2009 03:09:35 +0000]
- (Franck Joncourt) Submitted patches to fix stderr redirection for the
usage of the mail binary, and to close stdout, stdin, and stderr when
running psad as a daemon.
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2260
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sun, 22 Mar 2009 12:33:59 +0000]
minor quoting update for mail command execution
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2259
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sat, 21 Feb 2009 04:47:04 +0000]
added Miroslav Grepl
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2258
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sat, 21 Feb 2009 04:29:50 +0000]
psad-2.1.5 release
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2253
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sat, 21 Feb 2009 04:25:42 +0000]
- Updated IPTables::Parse to 0.7.
- Updated IPTables::ChainMgr to 0.9.
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2252
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sat, 21 Feb 2009 04:22:05 +0000]
- Bug fix when ENABLE_SYSLOG_FILE is enabled to run a preliminary regex
match on each syslog message because kmsgsd is not running and therefore
has not gone through the kmsgsd tests for a properly structured iptables
message.
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2251
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sat, 21 Feb 2009 02:44:49 +0000]
minor wording update for SELinux policy path
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2250
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sat, 24 Jan 2009 21:42:40 +0000]
(Miroslav Grepl) Contributed policy file to make psad compatible with SELinux.
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2249
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sat, 24 Jan 2009 21:38:35 +0000]
updated man page to remove confusing tab chars in syslog.conf psadfifo line
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2248
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sun, 26 Oct 2008 22:58:35 +0000]
minor comment update to psad.conf
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2247
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Tue, 14 Oct 2008 11:43:06 +0000]
version 2.1.5-pre3
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2245
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Tue, 14 Oct 2008 11:42:43 +0000]
- Bug fix for local server ports not reported correctly under netstat
parsing (Franck Joncourt).
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2244
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sun, 31 Aug 2008 13:46:47 +0000]
added check for the 'auto' directory in order to import all appropriate perl module directories
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2243
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sun, 31 Aug 2008 13:45:23 +0000]
Applied patch from Franck Joncourt to fix missing check for the 'mail' command
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2242
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Fri, 29 Aug 2008 04:13:04 +0000]
bumped version to 2.1.5-pre2
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2240
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Fri, 29 Aug 2008 04:11:50 +0000]
dash fixes from Franck
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2239
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Fri, 29 Aug 2008 04:09:32 +0000]
dash fixes from Franck
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2238
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Fri, 29 Aug 2008 04:06:20 +0000]
added fwcheck_psad.8 file
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2237
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Wed, 27 Aug 2008 00:08:56 +0000]
bumped version to 2.1.5-pre1
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2235
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Wed, 27 Aug 2008 00:08:36 +0000]
- (Steve B) Submitted patch to fix a bug in the start() function in the
Gentoo init script which caused psad to not be started and the error
"* ERROR: psad failed to start" to be generated.
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2234
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Wed, 27 Aug 2008 00:08:17 +0000]
applied 'auto' heuristic from the fwknop project for finding perl module import subdirectories
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2233
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Fri, 22 Aug 2008 03:48:43 +0000]
added deps/ blurb for Franck
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2232
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Fri, 22 Aug 2008 03:31:23 +0000]
updated 2.1.4 release date
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2226
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Fri, 22 Aug 2008 03:30:59 +0000]
version 2.1.4
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2225
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Fri, 22 Aug 2008 03:29:55 +0000]
updated RPM release date
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2224
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Fri, 22 Aug 2008 03:29:05 +0000]
added --no-deps support
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2223
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
Michael Rash [Sat, 16 Aug 2008 14:05:18 +0000]
added blurb to ChangeLog about switching to the emerging-all.rules file
git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2222
91a0a83b-1414-0410-bf9a-
c3dbc33e90b6
projects / psad.git / log