psad Administration

Once you've installed psad, it's time to fire it up. This section gives an overview of basic psad administration and shows you how psad acquires log data from iptables. Run-time activities such as attack detection and passive OS fingerprinting are discussed in the next two chapters.

Starting and Stopping psad

Initialization scripts bundled with psad are suitable for Red Hat, Fedora, Slackware, Debian, Mandrake, and Gentoo Linux systems. As with many system daemons (such as syslog and Apache), psad should normally be started and stopped via the init script:

# /etc/init.d/psad start
 * Starting psad ...                             [ ok ]
# /etc/init.d/psad stop
 * Stopping psadwatchd ...                       [ ok ]
 * Stopping kmsgsd ...                           [ ok ]
 * Stopping psad ...                             [ ok ]

When psad ...

Get Linux Firewalls now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.