albatross-themes
apk-post-messages
autossh
bitcoin
btrbk
entr
ffmpegthumbnailer
firejail
firetools
fwsnort
gnome-colors
imapsync
inetutils-syslogd
inotify-tools-inc
isync
junit
ktsuss
letsencrypt-nosudo
libmbim
libndp
libqmi
libteam
mini-sendmail
modemmanager
namecoin
networkmanager
nginx-naxsi
numix-themes
nxapi
opencl-headers
opencl-icd-loader
opus-tools
perl-authen-ntlm
perl-bit-vector
perl-data-uniqid
perl-file-copy-recursive
perl-getopt-argvfile
perl-io-tee
perl-iptables-chainmgr
perl-iptables-parse
perl-module-scandeps
perl-par-dist
perl-par-packer
perl-par
perl-uri-escape
psad
py-crcmod
py-graphviz
py-lz4
py-opencl
py-opengl-accelerate
runit
secpwgen
secure-delete
socklog
spacefm
tinyssh
udevil
virt-viewer
virtualbricks
whois
wrk
xpra
zram-init

'psad_fw_read.pid does not exist' warnings are not relevant in Busybox
& can be ignored. They will be supressed in the next release:

https://github.com/mrash/psad/issues/31

this also fixes whois lookups causing reboots in psad / busybox

At the moment whois lookups trigger reboots on Alpine 3.1 & 3.2 so
I don't think it's related to the new OpenRC version. Have raised an
issue on github.

psad-2.4.1 (05/13/2015):
    - Bug fix to honor the IGNORE_PROTOCOLS configuration variable for
      non-tcp/udp/icmp protocols. This bug was reported by Paul Versloot.
      Also extended the IGNORE_PROTOCOLS feature to match on both protocol
      name and number as well regardless of what iptables reports within log
      messages. This is so the user does not have to know what iptables will
      report (which can be inconsistent, e.g. 'TCP' vs. '2' for IGMP).
    - Added two configuration variables ENABLE_WHOIS_LOOKUPS and
      ENABLE_DNS_LOOKUPS (set to 'Y' by default) to allow whois and reverse
      DNS lookups to be controlled from the command line.
    - Bug fix for an uninitialized variable in 'psad -L' mode when auto
      blocking is enabled. This bug was reported via github issue #19 by
      gihub user 'itoffshore'.

(the last bug was also fixed by updating the dependent perl modules which we
have already done).

The 2.2.4 PSAD package in the repos has no files (only folders) if
you examine the apk.

Version bump to PSAD 2.2.3

ChangeLog

psad-2.2.3 (03/01/2014):
    - Added compatibility with 'upstart' init daemons with assistance from Tim
      Kramer.  This change adds a new config variable 'ENABLE_PSADWATCHD' that
      can be used to disable psadwatchd when deployed with upstart since it
      has built-in process monitoring and restarting capabilities.  By default
      psadwatchd is not enabled anymore since this variable is set to "N". The
      reason for this change is that psad is extremely stable and so almost
      never needs to be restarted in practice, and process monitoring is
      better provided via other solutions (like upstart) anyway.  In addition,
      a new init script located at init-scripts/upstart/psad.conf has been
      added that is compatible with upstart - this script is meant to be copied
      to the /etc/init/ directory.
    - (Wolfgang Breyha) Bug fix to allow VLAN interfaces and interface aliases
      in IGNORE_INTERFACES.  This fixes issue #8 on github.
    - Bug fix to not modify /etc/hosts.deny permissions when removing
      tcpwrappers auto-block rules. This issue was reported as Debian bug
      #724267 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724267) and
      relayed via Franck Joncourt. Closes issue #7 on github.

psad-2.2.2 (01/13/2014):
    - Added detection for Errata Security's "Masscan" port scanner that was
      used in an Internet-wide scan for port 22 on Sept. 12, 2013 (see:
      http://blog.erratasec.com/2013/09/we-scanned-internet-for-port-22.html).
      The detection strategy used by psad relies on the fact that masscan does
      not appear to set the options portion of the TCP header, and if the
      iptables LOG rules that generate log data for psad are built with the
      --log-tcp-options switch, then no options in a SYN scan can be seen.
      This is not to say that other scanning software always sets TCP options -
      Scapy seems to not set options by default when issuing a SYN scan like
      this either: http://www.secdev.org/projects/scapy/doc/usage.html#syn-scans
      There is a new psad.conf variable "EXPECT_TCP_OPTIONS" to assist with
      Masscan detection as well.  When looking for Masscan SYN scans, psad
      requires at least one TCP options field to be populated within a LOG
      message (so that it knows --log-tcp-options has been set for at least
      some logged traffic), and after seeing this then SYN packets with no
      options are attributed to Masscan traffic.  All usual psad threshold
      variables continue to apply however, so (by default) a single Masscan
      SYN packet will not trigger a psad alert.  Masscan detection can be
      disabled altogether by setting EXPECT_TCP_OPTIONS to "N", and this will
      not affect any other psad detection techniques such as passive OS
      fingerprinting, etc.
    - RPM bug fix to include the protocols file.

Added start() to /etc/init.d/psad - it was not starting without it.

Added a dependency for mailx to APKBUILD & fixed /etc/psad/psad.conf setting for mail (ssmtp on it's own was not enough - mail was
incorrectly formed).

Tested on a live server - scans are detected, blocked & email notifications sent.

Corrected patch for PSAD - the APKBUILD now provides the answers
required by install.pl so the package will build unattended. I looked
at building the package the Redhat way but the perl install script also
preserves configuration settings on upgrades.