This is a tutorial how to install psad (intrusion detection system) on Ubuntu.

This program detects attempts of port scanning of your server.

 

 

Firstly, psad can be install from the repository

sudo apt-get install psad

 

To detect all ingoing traffic to your server, you must set your iptables to log ingoing and forwarded packages.

sudo iptables -A INPUT -j LOG
sudo iptables -A FORWARD -j LOG

Psad must now be configured. This can be done through the main settings file of Psad.

sudo vim /etc/psad/psad.conf

In that before managed file psad.conf these following settings must be changed according to this.

EMAIL_ADDRESSES here_comes_your_email@here_comes_your_email.org
 
HOSTNAME your_hostname_or_your_domain

ENABLE_AUTO_IDS        Y;
 
IPT_SYSLOG_FILE        /var/log/syslog;

Psad needs to be restarted to activate all changes that are done in this config file. This must be done after every change of the config file.

service psad restart

 

Finally, do not forget to update your psad signature by this command

psad --sig-update

The above mentioned command can be run also as a cronjob.

 

These following command can be used to check the status of psad.

service psad status
psad -S

Beware that psad only can not protect your network against any major attacks. You have to consider also other security measurements.