English English

psad: installation and configuration

This is a tutorial how to install psad (intrusion detection system) on Ubuntu.

This program detects attempts of port scanning of your server.



Firstly, psad can be install from the repository

sudo apt-get install psad


To detect all ingoing traffic to your server, you must set your iptables to log ingoing and forwarded packages.

sudo iptables -A INPUT -j LOG
sudo iptables -A FORWARD -j LOG

Psad must now be configured. This can be done through the main settings file of Psad.

sudo vim /etc/psad/psad.conf

In that before managed file psad.conf these following settings must be changed according to this.

EMAIL_ADDRESSES here_comes_your_email@here_comes_your_email.org
HOSTNAME your_hostname_or_your_domain

IPT_SYSLOG_FILE        /var/log/syslog;

Psad needs to be restarted to activate all changes that are done in this config file. This must be done after every change of the config file.

service psad restart


Finally, do not forget to update your psad signature by this command

psad --sig-update

The above mentioned command can be run also as a cronjob.


These following command can be used to check the status of psad.

service psad status
psad -S

Beware that psad only can not protect your network against any major attacks. You have to consider also other security measurements.



Cookies erleichtern die Bereitstellung unserer Dienste. Mit der Nutzung unserer Dienste erklären Sie sich damit einverstanden, dass wir Cookies verwenden.