--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-88e267a058
2018-08-14 21:06:35.949553
--------------------------------------------------------------------------------
Name : psad
Product : Fedora 28
Version : 2.4.6
Release : 1.fc28
URL :
https://www.cipherdyne.org/psad/
Summary : Port Scan Attack Detector (psad) watches for suspect traffic
Description :
Port Scan Attack Detector (psad) is a collection of three lightweight
system daemons written in Perl and in C that are designed to work with Linux
iptables firewalling code to detect port scans and other suspect traffic. It
features a set of highly configurable danger thresholds (with sensible
defaults provided), verbose alert messages that include the source,
destination, scanned port range, begin and end times, tcp flags and
corresponding nmap options, reverse DNS info, email and syslog alerting,
automatic blocking of offending ip addresses via dynamic configuration of
iptables rulesets, and passive operating system fingerprinting. In addition,
psad incorporates many of the tcp, udp, and icmp signatures included in the
snort intrusion detection system (
https://www.snort.org) to detect highly
suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend,
SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin,
xmas) which are easily leveraged against a machine via nmap. psad can also
alert on snort signatures that are logged via fwsnort
(
https://www.cipherdyne.org/fwsnort/), which makes use of the
iptables string match module to detect application layer signatures.
--------------------------------------------------------------------------------
Update Information:
* Add EMAIL_APPEND_HEADER to allow psad alerts to have custom email headers
appended to outbound emails. This uses the '-a' command line argument offered by
the 'mail' command. An example usage would be to set the 'From' email
header. *
Bug fix for ENABLE_OVERRIDE_FW_CMD feature to allow global option settings to
the underlying firewall command to be controlled via a new variable FW_CMD_ARGS.
This variable is only used when ENABLE_OVERRIDE_FW_CMD is enabled, and is set to
NONE by default. Normally, on systems running firewalld, the command line
arguments '--direct --passthrough ipv4' are set provided, but FW_CMD_ARGS can be
used to control this. * For iptables logs generated by fwsnort, include the
contents of the 'metadata' Snort rule field in psad email alerts. * Updated to
bundle the latest Emerging Threats rule set in deps/snort_rules.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 1 2018 Dominik Mierzejewski <rpm(a)greysector.net> - 2.4.6-1
- update to 2.4.6 (#1611013)
* Thu Jun 28 2018 Dominik Mierzejewski <rpm(a)greysector.net> - 2.4.5-1
- update to 2.4.5 (#1394902, #1476553)
- use upstream systemd unit
- include additional docs
- fix SELinux policy installation scriptlet logic (#1438190)
- drop HLL policy, CIL import is supported in 2.4+ and RHEL 7.3 ships 2.5
- add gcc to BRs, use set_build_flags macro
- add more missing SELinux rules
- silence last module removal semodule warning
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1612056 - ENABLE_OVERRIDE_FW_CMD config option not working
https://bugzilla.redhat.com/show_bug.cgi?id=1612056
[ 2 ] Bug #1611013 - psad-2.4.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1611013
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-88e267a058' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------