🚨 Real-Time Intrusion Detection with PSAD
I configured PSAD (Port Scan Attack Detector) to monitor my system for suspicious scan attempts. It’s now actively watching iptables logs for any port scans and alerting me when danger levels go up. Some highlights:
-
Successfully enabled email alerts using Postfix to notify me when threat levels cross critical thresholds.
-
Created a Zenity-based popup alert system that triggers when PSAD detects dangerous activity (like
DL ≥ 3, signature matches, or rapid port scans). -
Converted the alert mechanism into a lightweight systemd service, making it more efficient and persistent across reboots.
📧 Local Mail Monitoring (No GUI Needed)
Since I wasn’t using a traditional email client, I:
-
Configured local mail delivery using Postfix.
-
Built a minimal mail-watcher script that monitors
/var/mail/vfor new security alerts. -
Although I later disabled the popups to avoid clutter, I still have logs to check incoming alerts easily.
Comments
Post a Comment