This is a tutorial how to install psad (intrusion detection system) on Ubuntu.
This program detects attempts of port scanning of your server.
Firstly, psad can be install from the repository
sudo apt-get install psad
To detect all ingoing traffic to your server, you must set your iptables to log ingoing and forwarded packages.
sudo iptables -A INPUT -j LOG sudo iptables -A FORWARD -j LOG
Psad must now be configured. This can be done through the main settings file of Psad.
sudo vim /etc/psad/psad.conf
In that before managed file psad.conf these following settings must be changed according to this.
EMAIL_ADDRESSES here_comes_your_email@here_comes_your_email.org HOSTNAME your_hostname_or_your_domain ENABLE_AUTO_IDS Y; IPT_SYSLOG_FILE /var/log/syslog;
Psad needs to be restarted to activate all changes that are done in this config file. This must be done after every change of the config file.
service psad restart
Finally, do not forget to update your psad signature by this command
The above mentioned command can be run also as a cronjob.
These following command can be used to check the status of psad.
service psad status psad -S
Beware that psad only can not protect your network against any major attacks. You have to consider also other security measurements.