Install arno firewall with psad - iptables on steroids

Overview

arno an IPTABLES Firewall Script is a secure stateful firewall for both single and multi-homed machines. psad is a collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic. This post is about setting arno firwall with psad

Install arno firewall with psad – iptables on steroids

Download and install argo firewall.


# wget http://rocky.eld.leidenuniv.nl/arno-iptables-firewall/arno-iptables-firewall_2.0.1d.tar.gz
# tar zxvf arno-iptables-firewall_2.0.1d.tar.gz
# cd arno-iptables-firewall_2.0.1d
# ./install.sh

arno01 300x176 Install arno firewall with psad   iptables on steroids

Open the firewall.conf and uncomment Line 501


# vi /etc/arno-iptables-firewall/firewall.conf

FIREWALL_LOG="/var/log/firewall.log"

Next open the rsyslog.conf if on CentOS/RHEL 6 or syslog.conf on CentOS/RHEL 5


# vi /etc/rsyslog.conf

Append the following the lines to it


# Log all the iptables messages in one place.
kern.* -/var/log/firewall.log

Next download and install psad


# wget http://cipherdyne.org/psad/download/psad-2.2.tar.gz
# cd psad-2.2
# ./install.pl

Open ths psad.conf file in an editor of choice


# vi /etc/psad/psad.conf

Set the IPT_SYSLOG_FILE value on line 144 and set AUTO IDS to Y on line 325


IPT_SYSLOG_FILE /var/log/firewall.log;
ENABLE_AUTO_IDS Y;

Start the psad service


# /etc/init.d/psad start

Login to a different machine and run a nmap scan to test our installation

# nmap -PT80 192.168.209.148

An alert has been sent to the email address provided.
psad04 300x176 Install arno firewall with psad   iptables on steroids

psad02 300x176 Install arno firewall with psad   iptables on steroids