Please sign in to comment.
Add compatibility with 'upstart' init daemons
- Added compatibility with 'upstart' init daemons with assistance from Tim Kramer. This change adds a new config variable 'ENABLE_PSADWATCHD' that can be used to disable psadwatchd when deployed with upstart since it has built-in process monitoring and restarting capabilities. In addition, a new init script located at init-scripts/upstart/psad has been added that is compatible with upstart - this script is meant to be copied to the /etc/init.d/ directory.
- Loading branch information...
Showing with 53 additions and 2 deletions.
|@@ -0,0 +1,26 @@|
|+# psad - the Port Scan Attack Detector daemon|
|+# The psad daemon parses iptables log messages for many different classes|
|+# of malicious behavior such as port scans, sweeps, connections to back door|
|+# ports, worm traffic, full malicious payload matches from fwsnort, and more.|
|+description "psad daemon"|
|+start on (local-filesystems and net-device-up IFACE!=lo)|
|+stop on runlevel [!2345]|
|+respawn limit 10 5|
|+### uncomment the post-start lines below if you want email notifications|
|+### whenever psad is (re)started - be sure to edit the EMAIL_ADDR variable|
|+# post-start script|
|+# mail -s "Starting psad on $HOST" $EMAIL_ADDR < /dev/null > /dev/null 2>&1|
|+# end script|