cipherdyne.org

24 March, 2007

The 2.0.6 release of psad is ready for download. This release focuses on better integration with fwsnort to anticipate the fwsnort chain and corresponding rule number, and Slackware package support was also added (thanks to pyllyukko for contributing a script for this). Here is the ChangeLog:

• Better integration with fwsnort; psad signature match syslog messages and email alerts now include the fwsnort rule number (for fwsnort version 0.9.0 and greater) and chain information.
• Added the Snort bleeding-all.rules signature file from the Bleeding Snort project (see http://www.bleedingsnort.com).
• Bugfix to allow interfaces that have IP aliases.
• Added uname, ifconfig, and syslog process information to --Dump-conf output (this can help diagnose various runtime issues).
• Changed the --Lib-dir command line argument to --lib-dir, and added --List (similar to iptables) to list the psad auto-blocking chain rules.
• Added psad.SlackBuild script contributed by pyllyukko for building psad on Slackware systems. It uses the Cipherdyne cd_rpmbuilder script to first build and RPM, and then uses it to build a Slackware package.