aboutsummaryrefslogtreecommitdiffstats
path: root/testing/psad/APKBUILD
Commit message (Collapse)AuthorAgeFilesLines
* testing/[various]: move to communityStuart Cardall2016-08-211-109/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | albatross-themes apk-post-messages autossh bitcoin btrbk entr ffmpegthumbnailer firejail firetools fwsnort gnome-colors imapsync inetutils-syslogd inotify-tools-inc isync junit ktsuss letsencrypt-nosudo libmbim libndp libqmi libteam mini-sendmail modemmanager namecoin networkmanager nginx-naxsi numix-themes nxapi opencl-headers opencl-icd-loader opus-tools perl-authen-ntlm perl-bit-vector perl-data-uniqid perl-file-copy-recursive perl-getopt-argvfile perl-io-tee perl-iptables-chainmgr perl-iptables-parse perl-module-scandeps perl-par-dist perl-par-packer perl-par perl-uri-escape psad py-crcmod py-graphviz py-lz4 py-opencl py-opengl-accelerate runit secpwgen secure-delete socklog spacefm tinyssh udevil virt-viewer virtualbricks whois wrk xpra zram-init
* testing/psad: update to 2.4.3Stuart Cardall2015-12-231-5/+5
| | | | | | | 'psad_fw_read.pid does not exist' warnings are not relevant in Busybox & can be ignored. They will be supressed in the next release: https://github.com/mrash/psad/issues/31
* testing/psad: update to 2.4.2Stuart Cardall2015-12-091-27/+24
| | | | this also fixes whois lookups causing reboots in psad / busybox
* testing/psad: temporarily disable whois lookupsStuart Cardall2015-07-011-3/+7
| | | | | | At the moment whois lookups trigger reboots on Alpine 3.1 & 3.2 so I don't think it's related to the new OpenRC version. Have raised an issue on github.
* testing/psad: update to 2.4.1Stuart Cardall2015-06-091-6/+6
| | | | | | | | | | | | | | | | | | | psad-2.4.1 (05/13/2015): - Bug fix to honor the IGNORE_PROTOCOLS configuration variable for non-tcp/udp/icmp protocols. This bug was reported by Paul Versloot. Also extended the IGNORE_PROTOCOLS feature to match on both protocol name and number as well regardless of what iptables reports within log messages. This is so the user does not have to know what iptables will report (which can be inconsistent, e.g. 'TCP' vs. '2' for IGMP). - Added two configuration variables ENABLE_WHOIS_LOOKUPS and ENABLE_DNS_LOOKUPS (set to 'Y' by default) to allow whois and reverse DNS lookups to be controlled from the command line. - Bug fix for an uninitialized variable in 'psad -L' mode when auto blocking is enabled. This bug was reported via github issue #19 by gihub user 'itoffshore'. (the last bug was also fixed by updating the dependent perl modules which we have already done).
* testing/psad: update to 2.4.0Stuart Cardall2015-04-301-8/+8
| | | | | The 2.2.4 PSAD package in the repos has no files (only folders) if you examine the apk.
* testing/psad: upgrade to 2.2.4Leonardo Arena2015-02-241-5/+5
|
* /testing/PSAD - version bump to 2.2.3Stuart Cardall2014-03-311-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Version bump to PSAD 2.2.3 ChangeLog psad-2.2.3 (03/01/2014): - Added compatibility with 'upstart' init daemons with assistance from Tim Kramer. This change adds a new config variable 'ENABLE_PSADWATCHD' that can be used to disable psadwatchd when deployed with upstart since it has built-in process monitoring and restarting capabilities. By default psadwatchd is not enabled anymore since this variable is set to "N". The reason for this change is that psad is extremely stable and so almost never needs to be restarted in practice, and process monitoring is better provided via other solutions (like upstart) anyway. In addition, a new init script located at init-scripts/upstart/psad.conf has been added that is compatible with upstart - this script is meant to be copied to the /etc/init/ directory. - (Wolfgang Breyha) Bug fix to allow VLAN interfaces and interface aliases in IGNORE_INTERFACES. This fixes issue #8 on github. - Bug fix to not modify /etc/hosts.deny permissions when removing tcpwrappers auto-block rules. This issue was reported as Debian bug #724267 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724267) and relayed via Franck Joncourt. Closes issue #7 on github. psad-2.2.2 (01/13/2014): - Added detection for Errata Security's "Masscan" port scanner that was used in an Internet-wide scan for port 22 on Sept. 12, 2013 (see: http://blog.erratasec.com/2013/09/we-scanned-internet-for-port-22.html). The detection strategy used by psad relies on the fact that masscan does not appear to set the options portion of the TCP header, and if the iptables LOG rules that generate log data for psad are built with the --log-tcp-options switch, then no options in a SYN scan can be seen. This is not to say that other scanning software always sets TCP options - Scapy seems to not set options by default when issuing a SYN scan like this either: http://www.secdev.org/projects/scapy/doc/usage.html#syn-scans There is a new psad.conf variable "EXPECT_TCP_OPTIONS" to assist with Masscan detection as well. When looking for Masscan SYN scans, psad requires at least one TCP options field to be populated within a LOG message (so that it knows --log-tcp-options has been set for at least some logged traffic), and after seeing this then SYN packets with no options are attributed to Masscan traffic. All usual psad threshold variables continue to apply however, so (by default) a single Masscan SYN packet will not trigger a psad alert. Masscan detection can be disabled altogether by setting EXPECT_TCP_OPTIONS to "N", and this will not affect any other psad detection techniques such as passive OS fingerprinting, etc. - RPM bug fix to include the protocols file.
* Patch for PSAD to fix sending mail & service starting.IT Offshore2013-11-191-6/+8
| | | | | | | | | Added start() to /etc/init.d/psad - it was not starting without it. Added a dependency for mailx to APKBUILD & fixed /etc/psad/psad.conf setting for mail (ssmtp on it's own was not enough - mail was incorrectly formed). Tested on a live server - scans are detected, blocked & email notifications sent.
* Initial APKBUILD for PSAD into TestingIT Offshore2013-11-151-0/+106
Corrected patch for PSAD - the APKBUILD now provides the answers required by install.pl so the package will build unattended. I looked at building the package the Redhat way but the perl install script also preserves configuration settings on upgrades.