-
-
Notifications
You must be signed in to change notification settings - Fork 255
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Psad v3 #93
Psad v3 #93
Conversation
New Version
Update to last commit
add Psad v3
And for some reason the script freezes at the end with this PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
I have a 'dejavu' about that issue.. (actually cannot have avaliable machines to test it) Update: |
I wrote this diff, but it didn't actually fix the freeze: diff --git a/scripts/44_psad b/scripts/44_psad
index 44efd81..bfa9a96 100644
--- a/scripts/44_psad
+++ b/scripts/44_psad
@@ -12,7 +12,7 @@ function f_psad {
fi
echo "127.0.0.1 0;" >> "$PSADDL"
- echo "$($WBIN -ih | awk '{print $3}' | head -n1) 0;" >> "$PSADDL"
+ echo "$SERVERIP 0;" >> "$PSADDL"
sed -i "s/EMAIL_ADDRESSES root@localhost;/EMAIL_ADDRESSES $MYEMAIL;/" "$PSADCONF"
sed -i "s/HOSTNAME _CHANGEME_;/HOSTNAME $(hostname --fqdn);/" "$PSADCONF"
sed -i 's/ENABLE_AUTO_IDS N;/ENABLE_AUTO_IDS Y;/' "$PSADCONF"
@@ -43,4 +43,4 @@ function f_psad {
fi
((SCRIPT_COUNT++))
-}
\ No newline at end of file
+}
diff --git a/ubuntu.sh b/ubuntu.sh
index 5bfb8cf..cac6c95 100644
--- a/ubuntu.sh
+++ b/ubuntu.sh
@@ -36,6 +36,7 @@ function main {
ARPBIN="$(command -v arp)"
WBIN="$(command -v w)"
LXC="0"
+ SERVERIP="$(ip route | grep '^default' | awk '{print $9}')"
if grep -qE 'container=lxc|container=lxd' /proc/1/environ; then
LXC="1"
@@ -90,6 +91,7 @@ function main {
readonly RESOLVEDCONF
readonly RKHUNTERCONF
readonly SECURITYACCESS
+ readonly SERVERIP
readonly SSHDFILE
readonly SSHFILE
readonly SSH_GRPS |
ok. Are you running as a SSH Terminal client. or directly on server? (this matters about the 'dejavu') |
SSH to server |
Try directly on server ;) (i have feeling was because psad/ufw restarting... loose the current connection .... THE DÉJAVU! ) |
diff --git a/scripts/44_psad b/scripts/44_psad
index bfa9a96..d2223d3 100644
--- a/scripts/44_psad
+++ b/scripts/44_psad
@@ -29,12 +29,9 @@ function f_psad {
sed -i 's/IGNORE_PORTS *;/IGNORE_PORTS NONE;/' "$PSADCONF"
sed -i 's/IPT_SYSLOG_FILE \/var\/log\/messages;/IPT_SYSLOG_FILE \/var\/log\/syslog;/' "$PSADCONF"
- psad -R
psad --sig-update
psad -H
- psad -R
psad --fw-analyze
- psad -F
if [[ $VERBOSE == "Y" ]]; then
systemctl status psad.service --no-pager Flushing the created iptables rules causes the connection issues. |
Sorry for the delay, will test as soon as possible. |
Sorry for the late reply, LGTM. |
seems nice! |
well. next step, fail2ban? what you say friend ? |
Hope this are respecting your code!
Have done a "Quick Manual Merge"