I try to install psad-2.4.6 and fwsnort-1.6.8 on SuSE Linux Enterprise Server 15 SP4 as detailed here: Software Release: psad-2.4.6 and fwsnort-1.6.8
I can download everything but I then realize that I do not have /sbin/rc-update standing in install.pl script prerequisites …
Is there any clue for SuSE Linux Enterprise 15 please ?
Your time and answer will be very much appreciated.
Thanks a lot by now.
Have a nice and safe day.
@support_110250 why install third-party unsupported applications, I suspect it’s designed for a specific distribution… You would need to find said script and adapt for your setup.
Why not use AIDE? https://documentation.suse.com/sles/15-SP4/html/SLES-all/cha-aide.html it’s supported, so if have issue can raise a Support Request?
Thanks for your answer. I thought that psad would be a small tool good enough for port scan detection and alert since this all I wanted to achieve.
In fact, I realize that I should install openrc before and that this does not seem possible for SuSE so you are right and I should look for AIDE which is supported.
Thanks again for your time.
That said, I realize that AIDE may help when it’s maybe too late … What I am looking for is really that:
(extract from https://support.quest.com/fr-fr/technical-documents/foglight/5.9.5/security-and-compliance-guide/14):
Layer 2: Port scan detection and blocking tool
Many network intruders begin an attack by scanning the target network. Detection of such a scan offers one indication that an attack is about to begin. Appliance software attempts to detect such scans by monitoring access to ports that are not active on the appliance system, but are typically exploited by hackers (for example, FTP, POP3, IMAP). Upon detection, the appliance automatically adds the source IP address of the potential attacker to the firewall rule-set and blocks all future packets that appear to originate from that address. This functionality is implemented using the Port Sentry tool (for details, see Sentry Tools download | SourceForge.net).
I don’t know if AIDE is providing that.
@support_110250 Interesting it still refers to software from 2003 , iptables and SuSEFirewall (firewalld) should give you all you need.
I suggest a peruse here https://documentation.suse.com/sles/15-SP4/ to find what is available on SLES, eg https://documentation.suse.com/sles/15-SP4/html/SLES-all/cha-security-firewall.html should give details on what you can achieve?
Note: have you fired up YaST to see either the ncurses or qt GUI version to assist in your configuration?
Thanks for your answer.
You are right and advice from 2003 are probably a bit old (like me ) …
I will have a look at YaST2 → Security and Users → Security Center (and also Firewall as well as AppArmor) to see if I can better implement what I want to achieve.
Thanks a lot again for your precious time and answers.
Have a nice and safe day.