Difference between revisions of "Psad: Instalasi"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (New page: ==Install== apt-get update apt-get install psad ==Edit File Konfigurasi== vi /etc/psad/psad.conf Edit EMAIL_ADDRESSES HOSTNAME ENABLE_AUTO_IDS - set ke Y jika anda ingin PSAD m...) |
Onnowpurbo (talk | contribs) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 16: | Line 16: | ||
ENABLE_AUTO_IDS_EMAILS - set ke Y jika anda ingin menerima email notifikasi. | ENABLE_AUTO_IDS_EMAILS - set ke Y jika anda ingin menerima email notifikasi. | ||
| − | |||
| − | + | ==Tambahkan LOG rules ke iptables== | |
| − | |||
iptables -A INPUT -j LOG | iptables -A INPUT -j LOG | ||
| Line 26: | Line 24: | ||
ip6tables -A FORWARD -j LOG | ip6tables -A FORWARD -j LOG | ||
| − | + | ==Reload & update PSAD== | |
| − | |||
| − | |||
psad -R | psad -R | ||
| Line 34: | Line 30: | ||
psad -H | psad -H | ||
| − | + | Setelah psad --sig-update signature akan di letakan di | |
| − | psad | + | /etc/psad/signatures |
| + | ==Cek Status== | ||
| + | psad --Status | ||
| + | Tampilan kira-kira | ||
| + | [+] psadwatchd (pid: 21150) %CPU: 0.0 %MEM: 0.0 | ||
| + | Running since: Tue Jun 2 17:14:12 2015 | ||
| + | |||
| + | [+] psad (pid: 21148) %CPU: 0.8 %MEM: 0.3 | ||
| + | Running since: Tue Jun 2 17:14:12 2015 | ||
| + | Command line arguments: [none specified] | ||
| + | Alert email address(es): onno@indo.net.id | ||
| + | |||
| + | [+] Version: psad v2.2.1 | ||
| + | |||
| + | [+] Top 50 signature matches: | ||
| + | [NONE] | ||
| + | |||
| + | [+] Top 25 attackers: | ||
| + | [NONE] | ||
| + | |||
| + | [+] Top 20 scanned ports: | ||
| + | [NONE] | ||
| + | |||
| + | [+] iptables log prefix counters: | ||
| + | [NONE] | ||
| + | |||
| + | Total protocol packet counters: | ||
| + | |||
| + | [+] IP Status Detail: | ||
| + | [NONE] | ||
| + | |||
| + | Total scan sources: 0 | ||
| + | Total scan destinations: 0 | ||
| + | |||
| + | [+] These results are available in: /var/log/psad/status.out | ||
==Referensi== | ==Referensi== | ||
Latest revision as of 17:15, 2 June 2015
Install
apt-get update apt-get install psad
Edit File Konfigurasi
vi /etc/psad/psad.conf
Edit
EMAIL_ADDRESSES HOSTNAME ENABLE_AUTO_IDS - set ke Y jika anda ingin PSAD men-set firewall automatis. ENABLE_AUTO_IDS_EMAILS - set ke Y jika anda ingin menerima email notifikasi.
Tambahkan LOG rules ke iptables
iptables -A INPUT -j LOG iptables -A FORWARD -j LOG ip6tables -A INPUT -j LOG ip6tables -A FORWARD -j LOG
Reload & update PSAD
psad -R psad --sig-update psad -H
Setelah psad --sig-update signature akan di letakan di
/etc/psad/signatures
Cek Status
psad --Status
Tampilan kira-kira
[+] psadwatchd (pid: 21150) %CPU: 0.0 %MEM: 0.0
Running since: Tue Jun 2 17:14:12 2015
[+] psad (pid: 21148) %CPU: 0.8 %MEM: 0.3
Running since: Tue Jun 2 17:14:12 2015
Command line arguments: [none specified]
Alert email address(es): onno@indo.net.id
[+] Version: psad v2.2.1
[+] Top 50 signature matches:
[NONE]
[+] Top 25 attackers:
[NONE]
[+] Top 20 scanned ports:
[NONE]
[+] iptables log prefix counters:
[NONE]
Total protocol packet counters:
[+] IP Status Detail:
[NONE]
Total scan sources: 0
Total scan destinations: 0
[+] These results are available in: /var/log/psad/status.out