NIDS – psad and fwsnort

I have been playing with psad and fwsnort as a NIDS tool. They are light weight and very capable tools and I highly recommend both of them.

I was going to post a blog about these tools, but it kept growing longer and longer and involved init scripts, selinux policies, and apparmor profiles.

Rather then spamming the Ubuntu planet with all the details, I made a web page.

Nids – psad & fwsnort

Sorry this blog is brief, but the above link will get you started using psad / fwsnort on Debian (squeeze) , Fedora 13 , or Ubuntu 10.04.

Feel free to post any feedback or comments here.

2 Responses to NIDS – psad and fwsnort

  1. Seraphyn says:

    There is something wrong in your Howto:
    Update psad signatures:
    psad –sid-update
    psad -H

    Should be psad –sig-update.

  2. bodhi.zazen says:

    Thank you Seraphyn, fixed that.

