Release Notes: This release added support for detection of Topera IPv6 scans, Nmap IP protocol scan detection (nmap -sO), a new test suite, email throttling, and per-danger level auto response timeouts.
Release Notes: This release adds detection of IPv6 attacks and malicious traffic by parsing ip6tables logs, validation of ICMP6 type/code combinations, a new comprehensive test suite in the test/ directory, a 15% speedup over previous psad releases, a bugfix for the &LOG_DAEMON() error noticed by a few users, and a bugfix for the "qw() used as parentheses" warning for recent versions of Perl.
Release Notes: SELinux policy files were added to make psad compatible with SELinux. The files are located in a new "selinux" directory in the sources. A bug was fixed in which local server ports were not reported correctly under netstat parsing. A bug was fixed in the start() function in the Gentoo init script which caused psad to not be started and the error "* ERROR: psad failed to start" to be generated. A bug that occurred when ENABLE_SYSLOG_FILE is enabled was fixed.
Release Notes: This release restructures Perl module paths to make it easy to introduce a "nodeps" distribution of psad that does not contain any Perl modules. This allows better integration with systems that already have all necessary modules installed (including the IPTables::ChainMgr and IPTables::Parse modules). The main driver for this work is to make all cipherdyne.org projects easily integrated with distributions based on Debian. A bugfix has been made to honor the IPT_SYSLOG_FILE variable in --Analyze-msgs mode. A switch has been made from the deprecated bleeding-all.rules file to the new emerging-all.rules available from Emerging Threats.
Release Notes: This release enables IPT_SYSLOG_FILE by default. This is a relatively important change, since it changes the default method of acquiring iptables log data from reading it from a named pipe from syslog to just parsing the /var/log/messages file. The whois client has been updated to version 4.7.26, Bit::Vector to 6.4, and Date::Calc to 5.4.
Release Notes: A bug was fixed so that kernel timestamps are not included in iptables log prefixes that contain spaces like "[ 65.026008] DROP". Non-resolved IP addresses are now skipped. p0f output in --debug mode was improved to display when a passive OS fingerprint cannot be calculated based on iptables log messages that include TCP options (i.e. with --log-tcp-options when building a LOG rule on the iptables command line).
Release Notes: A new feature whereby iptables log data can be acquired just by parsing an existing file (/var/log/messages by default) that is written to by syslog was added. Better installation support was provided for various Linux distributions, including Fedora 8 and Ubuntu. Situations where either the /var/log/psad/fwdata file or the /var/log/messages file (whichever syslog is writing iptables log messages to) gets rotated are now handled automatically.
Release Notes: The EMAIL_LIMIT model was changed to apply to scanning source addresses only instead of also factoring in the destination address. The original src/dst email limit behavior can be restored by setting a new variable "ENABLE_EMAIL_LIMIT_PER_DST" to "Y". The patches/iptables-1.3.8_LOG_prefix_space.patch file was added, which can be applied to the iptables-1.3.8 code to enforce a trailing space character before any log prefix when a LOG rule is added. A fix was implemented to ensure that parsing TCP options does not descend into an infinite loop in some some circumstances with obscure or maliciously constructed options.
Release Notes: A --gnuplot mode was added so that psad can output data that is suitable for plotting with gnuplot. The ability to negate match conditions on fields specified with the --CSV-fields argument was added. The Storable-2.16 module was added along with the --use-store-file argument so that in --gnuplot mode the Gnuplot data can be stored on disk and retrieved quickly. --analysis-fields was added so the iptables log messages that are parsed in -A mode can be restricted to those that meet certain criteria.
Release Notes: A bugfix to define a custom 'source' definition for syslog-ng daemons (this fixes a problem on SuSE systems where the existing syslog-ng reconfig caused the daemon to not start). A bugfix to allow specific signatures to be ignored by setting SID values of zero in /etc/psad/snort_rule_dl. An -X command line argument to allow the user to delete any psad chains (in auto-response mode). This is a synonym for the iptables -X command line argument.