Wednesday, February 20, 2008
Article on psad at Linuxsecurity.com
Eckie Silapaswang has written an article on psad entitled "Meet the Anti-Nmap: PSAD" at linuxsecurity.com. This article focuses on installing and using psad on the EnGarde secure linux distribution. Topics covered include disabling SELinux, installation of psad via the Guardian Digital Secure Network (GDSN), psad configuration, and psad alerting. Eckie also covers the concept of active response with psad, and illustrates how psad responds to an attacker with the dynamic instantiation of iptables blocking rules.