IDS/IPS, Network

Detect attempted intrusions with psad

If you would like to know every moment of the day, what’s going on with your server then psad is the right tool for the job. Psad is an intrusion Detection and log analysis tool working above iptables. Psad is a collection of lightweight daemons that log attempted intrusions, in particular monitoring iptables.

For Ubuntu users:

sudo apt-get install psad

The daemons will run automatically.

To check status:

sudo psad -S

You can modify psad settings to e-mail the admin in the event of intrusion detection.
Open file /etc/psad/psad.conf for editing and locate line: EMAIL_ADDRESSES, put your email in this line.