psadwatchd still not running and still firewall error after what I did
faxotherapy opened this issue · 1 comments
Hi,
I've got 3 issues.
Problem 1:
[-] psad: psadwatchd is not running on
[+] psad_fw_read (pid: 2256306) %CPU: 0.0 %MEM: 1.8
Running since: Wed Nov 8 10:34:48 2023
[+] psad (pid: 2256284) %CPU: 0.5 %MEM: 2.2
Running since: Wed Nov 8 10:34:48 2023
I have set ENABLE_PSADWATCHD to Y and I have followed the guide here: https://carteryagemann.com/psad-on-pi.html
psadwatchd does indeed start and run, but stops running after a few seconds.
Problem 2:
I still have an issue with firewall as mentioned by psad:
psad --fw-analyze
[+] Parsing INPUT chain rules.
[+] Parsing INPUT chain rules.
[-] Errors found in firewall config.
emailed to root@localhost
[+] Results in /var/log/psad/fw_check
[+] Exiting.
I have added the rules following this scheme:
-A INPUT -j LOG --log-tcp-options --log-prefix "[IPTABLES] "
-A FORWARD -j LOG --log-tcp-options --log-prefix "[IPTABLES] "
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT
Unfortunately, psad still find errors. I don't know what to do as I'm a perfect dum with iptables as I only use ufw front-end.
Problem 3:
Why do I keep having 2 psad processes at the same time:
2275815 ? 00:00:00 psad
2275835 ? 00:00:00 psad
Thanks for your help.
Problem 1 doesn't seem to be an issue.
Problem 2 solved: this is due to the fact I set IPV6 to no in /etc/default/ufw file.
Problem 3: still puzzled as to why I always have two running psad processes.
# ps ax -o ppid,pid,lstart,cmd | grep psad
1 2300796 Wed Nov 8 12:47:32 2023 /usr/bin/perl -w /usr/sbin/psad
2300796 2300816 Wed Nov 8 12:47:32 2023 /usr/bin/perl -w /usr/sbin/psad
603347 2303695 Wed Nov 8 12:55:14 2023 grep --color=auto psad