PSAD on Raspberry Pi
I have never gotten a full intrusion detection system (IDS) working correctly on a Raspberry Pi. The two most popular – Snort and Bro IDS – either have problems with their dependencies or the ARM architecture.
I recently came across PSAD – the Port Scan Attack Detector. It is essentially a collection of daemons that analyze iptables logs to identify patterns of malicious traffic. When used in conjunction with fwsnort, PSAD can also correlate blocked traffic with many of the “Emerging Threats” Snort rules.
PSAD was extremely easy to set up on a Raspberry Pi that’s deployed as a catch-all DMZ host on my home network. Before diving into the details, you can see live data being collected by that host here: http://psad.disloops.com
Continue reading...