Results 1 to 6 of 6

Thread: PSAD is Giving a Firewall Setup Warning. But UFW Logging is enabled.

  1. #1
    Join Date
    Jan 2012
    Beans
    67

    PSAD is Giving a Firewall Setup Warning. But UFW Logging is enabled.

    I have setup PSAD on my server. It asks me to add the following iptables rules:

    Code:
    iptables -A INPUT -j LOG
    iptables -A FORWARD -j LOG
    ip6tables -A INPUT -j LOG
    ip6tables -A FORWARD -j LOG
    I'm using UFW to manage iptables. So, I simply ran the command sudo ufw logging on But, whenever I restart PSAD or restart my server, I get an email saying:

    message subject : [psad-status] firewall setup warning on server!

    HTML Code:
    [-] You may just need to add a default logging rule to the /sbin/iptables
        'filter' 'INPUT' chain on *server*.  For more information,
        see the file "FW_HELP" in the psad sources directory or visit:
    
        http://www.cipherdyne.org/psad/docs/fwconfig.html
    
    [-] You may just need to add a default logging rule to the /sbin/ip6tables
        'filter' 'INPUT' chain on *server*.  For more information,
        see the file "FW_HELP" in the psad sources directory or visit:
    
        http://www.cipherdyne.org/psad/docs/fwconfig.html
    PS : The machine have Ubuntu 12.04 and the latest PSAD 2.2 (compiled from the source)

  2. #2
    Join Date
    Jul 2011
    Beans
    3,037
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: PSAD is Giving a Firewall Setup Warning. But UFW Logging is enabled.

    Since ufw has several log levels and the command you run turned on just the lowest log level. I guess that PSAD requires more than that and you can turn on high log levels for ufw:

    http://manpages.ubuntu.com/manpages/...an8/ufw.8.html

    The log levels available are off, low, medium, high and full.

  3. #3
    Join Date
    Jan 2012
    Beans
    67

    Re: PSAD is Giving a Firewall Setup Warning. But UFW Logging is enabled.

    Quote Originally Posted by 2F4U View Post
    Since ufw has several log levels and the command you run turned on just the lowest log level. I guess that PSAD requires more than that and you can turn on high log levels for ufw:

    http://manpages.ubuntu.com/manpages/...an8/ufw.8.html

    The log levels available are off, low, medium, high and full.
    Tried both high and full but still PSAD sends the warning

  4. #4
    Join Date
    Jan 2012
    Beans
    67

    Re: PSAD is Giving a Firewall Setup Warning. But UFW Logging is enabled.

    No solution?

  5. #5
    Join Date
    Feb 2011
    Location
    Coquitlam, B.C. Canada
    Beans
    3,506
    Distro
    Ubuntu Development Release

    Re: PSAD is Giving a Firewall Setup Warning. But UFW Logging is enabled.

    Enabling logging on UFW just enables logging of some specific rules.
    To me, it seems as though this PSAD thing wants you to log every single packet (oh my goodness!!!) The only thing I can think of is to toss out UFW and write your iptable rules directly so as to satify PSAD.

  6. #6
    Join Date
    Sep 2012
    Beans
    1

    Re: PSAD is Giving a Firewall Setup Warning. But UFW Logging is enabled.

    So, do a “ufw logging on” in order for ufw to propagate several files in the /etc/ufw directory, amongst them before(6).rules & after(6).rules. Edit both of the before.rules (before and before6 .rules files) and append “-A INPUT -j LOG” & “-A FORWARD -j LOG” (on separate lines) accordingly, making sure to not append them after the COMMIT line. Reboot, then run “psad --fw-analyze” to see the problem is resolved.
    Last edited by nosebb; September 27th, 2012 at 04:50 AM.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •