psad.conf missing IP_INFO

Question

psad.conf missing IP_INFO

orangelynx opened this issue 6 years ago · 2 comments

I'm setting up psad on my server running latest Debian Stretch and first tried to use the apt package, but for some reason, even though the psad daemon seems to work, the psad command is not working (command not found). So I pulled the latest commit from this git repository and ran .\install.pl -n.

The last lines of the log say

[+] The latest psad signatures can be installed with "psad --sig-update"

    If you decide to answer 'y' to the next question, install.pl
    will require DNS and network access now.

    Would you like to install the latest signatures from
      http://www.cipherdyne.org/psad/signatures (y/n)?  y
[+] CMD: '/usr/sbin/psad --sig-update'
Subroutine main::tmpnam redefined at /usr/share/perl/5.24/Exporter.pm line 66.
 at /usr/sbin/psad line 139.
[*] The config file "/etc/psad/psad.conf" does not contain the
variable: "IP_INFO". Exiting! at /usr/sbin/psad line 11506.
[+] The latest reputation feed data can be installed with "psad --reputation-feeds-update"

    If you decide to answer 'y' to the next question, install.pl
    will require DNS and network access now.

    Would you like to install the latest reputation feed data (y/n)?  y
[+] CMD: '/usr/sbin/psad --reputation-feeds-update'
Subroutine main::tmpnam redefined at /usr/share/perl/5.24/Exporter.pm line 66.
 at /usr/sbin/psad line 139.
[*] The config file "/etc/psad/psad.conf" does not contain the
variable: "IP_INFO". Exiting! at /usr/sbin/psad line 11506.
[+] Installing psad.8 man page at /usr/share/man/man8/psad.8
[+] Compressing manpage /usr/share/man/man8/psad.8
[+] CMD: '/bin/gzip /usr/share/man/man8/psad.8'
[+] Installing psadwatchd.8 man page at /usr/share/man/man8/psadwatchd.8
[+] Compressing manpage /usr/share/man/man8/psadwatchd.8
[+] CMD: '/bin/gzip /usr/share/man/man8/psadwatchd.8'
[+] Installing kmsgsd.8 man page at /usr/share/man/man8/kmsgsd.8
[+] Compressing manpage /usr/share/man/man8/kmsgsd.8
[+] CMD: '/bin/gzip /usr/share/man/man8/kmsgsd.8'
[+] Installing nf2csv.1 man page at /usr/share/man/man1/nf2csv.1
[+] Compressing manpage /usr/share/man/man1/nf2csv.1
[+] CMD: '/bin/gzip /usr/share/man/man1/nf2csv.1'
[+] Copying init-scripts/systemd/psad.service -> /lib/systemd/system/psad.service
[+] Enable psad at boot time ([y]/n)?  y
[+] CMD: '/bin/systemctl enable psad'
Synchronizing state of psad.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable psad

========================================================

[+] psad has been installed.

[+] To start psad, run "/bin/systemctl start psad"

then

root@widow:/home/main/source/psad# /bin/systemctl start psad
Job for psad.service failed because the control process exited with error code.
See "systemctl status psad.service" and "journalctl -xe" for details.

checking psad.conf I see

IP_INFO "Talos Intelligence",https://www.talosintelligence.com/reputation_center/lookup?search=$SRC

So probably $SRC is not substituted correctly?

Answer 1 · 2018-11-09T03:53:20.000Z

Thanks, yes, this is work in progress code in git master. I’ll get this fixed by tomorrow. In the meantime, you might want to try the 2.4.6 release tag code.

Answer 2 · 2018-11-10T02:57:51.000Z

Fixed in git master.