PSAD Install

From BackTrack Linux
Jump to: navigation, search

psad: Intrusion Detection and Log Analysis with iptables

What is PSAD?

PSAD is a collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze #iptables log messages to detect port scans and other suspicious traffic. A typical deployment is to run psad on the iptables firewall where it #has #the fastest access to log data.

Installation Process:

  • Verify md5sum, and public key:
root@bt:~# cd /usr/local/src
root@bt: /usr/local/src# wget
root@bt: /usr/local/src# wget
root@bt: /usr/local/src# wget
root@bt: /usr/local/src# wget
root@bt: /usr/local/src# md5sum -c psad-2.1.7.tar.bz2.md5
psad-2.1.7.tar.bz2: OK

root@bt: /usr/local/src# gpg --import public_key
root@bt: /usr/local/src# gpg --verify psad-2.1.7.tar.bz2.asc
#gpg: Signature made Wed 14 Jul 2010 06:01:06 PM EDT using DSA key ID 0D3E7410
#gpg: Good signature from "Michael Rash (Signing key for projects) <>"


  • Install PSAD:
root@bt: /usr/local/src# tar xfj psad-2.1.7.tar.bz2
root@bt: /usr/local/src# cd psad-2.1.7
root@bt: /usr/local/src/psad-2.1.7# ./

#    Would you like to install the latest signatures from
# (y/n)?  y


  • Start PSAD:

Notice you will get the following error:

root@bt:/usr/local/src/psad-2.1.7# /etc/init.d/psad start
Starting psad: [*] Could not find mail, edit /etc/psad/psad.conf at /usr/sbin/psad line 9679.


To fix this we will need to edit psad.conf located in /etc/psad/ and add an email address as follows:

root@bt:/usr/local/src/psad-2.1.7# vim /etc/psad/psad.conf


Also check out: More References

  • Author Bio: My passions are nanoEngineering, Ruby programming, software exploitation, exploit development, embedded hardware hacking. I also enjoy lifting weights, combat-swimming, Ninjutsu, Parkour (free-running), Krav Maga and MMA. I 'believe" you can evolve into anything you wish with the right mental discipline, toughness and physical conditioning.