Hi, On Mon, Feb 01, 2010 at 01:08:41AM +0000, Justin B Rye wrote: > PSAD's package description could do with some attention.
I agree :) [...] > > HomePage: http://www.cipherdyne.org/psad/ > > (That camelcase is unconventional, but should be harmless. So I > don't know why psad's PTS page doesn't show a link...) Good catch. I have not even noticed the homepage missing :( > > Package: psad > > Architecture: any > > (Does the dependency on iptables save it from needing to specify > "except the kfreebsd-* release arches"?) You are right I have to do something for that for Fwknop as well. > Discard all this; instead I've taken some text from the upstream > website. My patch has this instead: > > Description: Port Scan Attack Detector > PSAD is a collection of four lightweight system daemons (in Perl and > C) designed to work with iptables to detect port scans. It features: > * a set of highly configurable danger thresholds (with sensible > defaults provided); > * verbose alert messages that include the source, destination, > scanned port range, beginning and end times, TCP flags, and > corresponding Nmap options; > * reverse DNS information; > * alerts via email; > * automatic blocking of offending IP addresses via dynamic firewall > configuration. > . > When combined with fwsnort and the Netfilter string match extension, > PSAD is capable of detecting many attacks described in the Snort rule > set that involve application layer data. I like it. I will forward the description to upstream since most of it comes from its README file. Thanks. -- Franck Joncourt
signature.asc
Description: Digital signature

