scanlogd is a system daemon which attempts to log all portscans of a host to the syslog, in a secure fashion.
|Tags||Security Logging Networking Monitoring Systems Administration|
|Licenses||BSD Original BSD Revised|
|Operating Systems||Windows POSIX AIX BSD BSD/OS FreeBSD NetBSD OpenBSD HP-UX IRIX Linux SCO Solaris|
Release Notes: An off-by-one bug in a safety check has been corrected. The bug did not affect scanlogd itself, but it may be a security issue in other projects reusing code from scanlogd. The license has been changed to heavily cut-down BSD.
Release Notes: The source code has been modified to use sysconf(_SC_CLK_TCK) instead of CLK_TCK when _SC_CLK_TCK is known to be available or CLK_TCK is not (needed for glibc 2.3.90+).
Release Notes: This release drops cleanup() because it was not async-signal-safe.
Release Notes: scanlogd will now chroot to /var/empty to further reduce the impact of potential bugs in scanlogd itself and in the libraries that it uses. When built with libnids or direct libpcap support, a smart pcap filter expression is now used to hopefully filter out most uninteresting packets while in the kernel. Many minor code cleanups and other enhancements have been made, and RPM spec file and startup script for Red Hat Linux and compatible distributions are now included.
Release Notes: This release improves support for libnids 1.14+.