Version 2.1.2 of Port Scan Attack Detector
Release Notes: A bug was fixed so that kernel timestamps are not included in iptables log prefixes that contain spaces like "[ 65.026008] DROP". Non-resolved IP addresses are now skipped. p0f output in --debug mode was improved to display when a passive OS fingerprint cannot be calculated based on iptables log messages that include TCP options (i.e. with --log-tcp-options when building a LOG rule on the iptables command line).
Other releases
Release Notes: SELinux policy files were added to make psad compatible with SELinux. The files are located in a new "selinux" directory in the sources. A bug was fixed in which local server ports were not reported correctly under netstat parsing. A bug was fixed in the start() function in the Gentoo init script which caused psad to not be started and the error "* ERROR: psad failed to start" to be generated. A bug that occurred when ENABLE_SYSLOG_FILE is enabled was fixed.
Release Notes: This release restructures Perl module paths to make it easy to introduce a "nodeps" distribution of psad that does not contain any Perl modules. This allows better integration with systems that already have all necessary modules installed (including the IPTables::ChainMgr and IPTables::Parse modules). The main driver for this work is to make all cipherdyne.org projects easily integrated with distributions based on Debian. A bugfix has been made to honor the IPT_SYSLOG_FILE variable in --Analyze-msgs mode. A switch has been made from the deprecated bleeding-all.rules file to the new emerging-all.rules available from Emerging Threats.
Release Notes: This release enables IPT_SYSLOG_FILE by default. This is a relatively important change, since it changes the default method of acquiring iptables log data from reading it from a named pipe from syslog to just parsing the /var/log/messages file. The whois client has been updated to version 4.7.26, Bit::Vector to 6.4, and Date::Calc to 5.4.
Release Notes: A bug was fixed so that kernel timestamps are not included in iptables log prefixes that contain spaces like "[ 65.026008] DROP". Non-resolved IP addresses are now skipped. p0f output in --debug mode was improved to display when a passive OS fingerprint cannot be calculated based on iptables log messages that include TCP options (i.e. with --log-tcp-options when building a LOG rule on the iptables command line).
Release Notes: A new feature whereby iptables log data can be acquired just by parsing an existing file (/var/log/messages by default) that is written to by syslog was added. Better installation support was provided for various Linux distributions, including Fedora 8 and Ubuntu. Situations where either the /var/log/psad/fwdata file or the /var/log/messages file (whichever syslog is writing iptables log messages to) gets rotated are now handled automatically.
