Release Notes: Bugfix for various IGNORE_* keywords not being honored. Updated to version 0.2 of the IPTables::ChainMgr module. Updated to not truncate the fwdata file upon psad startup. --fw-dump, which produces a sanitized (i.e. no IP addresses) version of the local Netfilter policy, has been added. ulogd data collection mode has been added. There is a bugfix for FW_MSG_SEARCH default (at least "DROP" is included now, even if FW_SEARCH_ALL is set to "N"). Email alert prefixes (such as "[psad-alert]") are customizable via psad.conf.
Release Notes: This release added support for detection of Topera IPv6 scans, Nmap IP protocol scan detection (nmap -sO), a new test suite, email throttling, and per-danger level auto response timeouts.
Release Notes: This release adds detection of IPv6 attacks and malicious traffic by parsing ip6tables logs, validation of ICMP6 type/code combinations, a new comprehensive test suite in the test/ directory, a 15% speedup over previous psad releases, a bugfix for the &LOG_DAEMON() error noticed by a few users, and a bugfix for the "qw() used as parentheses" warning for recent versions of Perl.
Release Notes: SELinux policy files were added to make psad compatible with SELinux. The files are located in a new "selinux" directory in the sources. A bug was fixed in which local server ports were not reported correctly under netstat parsing. A bug was fixed in the start() function in the Gentoo init script which caused psad to not be started and the error "* ERROR: psad failed to start" to be generated. A bug that occurred when ENABLE_SYSLOG_FILE is enabled was fixed.
Release Notes: This release restructures Perl module paths to make it easy to introduce a "nodeps" distribution of psad that does not contain any Perl modules. This allows better integration with systems that already have all necessary modules installed (including the IPTables::ChainMgr and IPTables::Parse modules). The main driver for this work is to make all cipherdyne.org projects easily integrated with distributions based on Debian. A bugfix has been made to honor the IPT_SYSLOG_FILE variable in --Analyze-msgs mode. A switch has been made from the deprecated bleeding-all.rules file to the new emerging-all.rules available from Emerging Threats.
Release Notes: This release enables IPT_SYSLOG_FILE by default. This is a relatively important change, since it changes the default method of acquiring iptables log data from reading it from a named pipe from syslog to just parsing the /var/log/messages file. The whois client has been updated to version 4.7.26, Bit::Vector to 6.4, and Date::Calc to 5.4.