Bug 459081 - Review Request: psad - Port Scan Attack Detector (psad) watches for suspect traffic
Review Request: psad - Port Scan Attack Detector (psad) watches for suspect t...
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Adam Tkac
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-08-14 08:01 EDT by Peter Vrabec
Modified: 2014-01-23 07:48 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-08-25 09:55:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
atkac: fedora‑review+
limburgher: fedora‑cvs+

Attachments (Terms of Use)

  None (edit)
Description Peter Vrabec 2008-08-14 08:01:12 EDT
Spec URL: http://people.redhat.com/pvrabec/rpms/psad-2.1.3-1.fc9.src.rpm
SRPM URL: http://people.redhat.com/pvrabec/rpms/psad.spec

Description: Port Scan Attack Detector (psad) is a collection of three lightweight system daemons written in Perl and in C that are designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source,
destination, scanned port range, begin and end times, tcp flags and
corresponding nmap options, reverse DNS info, email and syslog alerting,
automatic blocking of offending ip addresses via dynamic configuration of
iptables rulesets, and passive operating system fingerprinting.  In addition,
psad incorporates many of the tcp, udp, and icmp signatures included in the
snort intrusion detection system (http://www.snort.org) to detect highly
suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend,
SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin,
xmas) which are easily leveraged against a machine via nmap.  psad can also
alert on snort signatures that are logged via fwsnort
(http://www.cipherdyne.org/fwsnort/), which makes use of the
iptables string match module to detect application layer signatures.
Comment 1 Adam Tkac 2008-08-14 08:15:17 EDT
Package looks fine for me (rpmlint, spec, build process), reviewed
Comment 2 Peter Vrabec 2008-08-14 08:19:31 EDT
New Package CVS Request
Package Name: psad
Short Description: Port Scan Attack Detector (psad) watches for suspect traffic
Owners: pvrabec
Packager Commits: yes
Comment 3 Kevin Fenzi 2008-08-23 13:22:44 EDT
cvs done.
Comment 4 Adam Miller 2014-01-22 17:14:50 EST
Package Change Request
Package Name: psad
New Branches: el6 epel7
Owners: maxamillion
Comment 5 Gwyn Ciesla 2014-01-23 07:48:22 EST
Git done (by process-git-requests).

Note You need to log in before you can comment on or make changes to this bug.