cipherdyne.org

31 December, 2006

The 2.0.3 release of psad is ready for download. This release removes the Psad.pm perl module in favor of keeping the functions within the psad daemon itself, and the obselete kmsgsd.pl and psadwatch.pl scripts were the only other things to use Psad.pm so it was not necessary to keep. A few other enhancements and bugfixes were made, particularly in the -S and -A output modes. Here is the ChangeLog:

• Removed Psad.pm perl module and kmsgsd.pl and psadwatchd.pl scripts. This is a major change that allows psad to be more flexible and completely derive its config from the psad.conf file and from the command line. In the previous scheme, psad imported its config with a function within Psad.pm, and this required that psad imported the Psad perl module before reading its config. A consequence was that the PSAD_LIBS_DIR var could not be specified usefully within the config file.
• Added the ability to recursively resolve embedded variables from *.conf files (with a limit of 20 resolution attempts).
• Added IGNORE_KERNEL_TIMESTAMP so that Linux distros that add a timestamp to all kernel messages (Ubuntu for example) can be ignored.
• Consolidated code to import data out of /var/log/psad/<ip> directories with code to display status and analysis output (-S and -A). Essentially the %scan hash is built by the filesystem data import routine and the remainder of the code references this single data structure.