diff -up psad-2.4.6/init-scripts/systemd/psad.service.f psad-2.4.6/init-scripts/systemd/psad.service
--- psad-2.4.6/init-scripts/systemd/psad.service.f 2018-08-01 02:41:59.000000000 +0200
+++ psad-2.4.6/init-scripts/systemd/psad.service 2019-02-25 14:44:49.309638099 +0100
@@ -1,6 +1,7 @@
[Unit]
Description=The Port Scan Attack Detector (psad)
Documentation=man:psad(8) https://www.cipherdyne.org/psad/
+After=firewalld.service iptables.service ip6tables.service
[Service]
Type=forking
diff -up psad-2.4.6/psad.conf.f psad-2.4.6/psad.conf
--- psad-2.4.6/psad.conf.f 2018-08-01 02:41:59.000000000 +0200
+++ psad-2.4.6/psad.conf 2019-02-25 14:45:01.145742138 +0100
@@ -24,7 +24,7 @@
EMAIL_ADDRESSES root@localhost;
### Machine hostname
-HOSTNAME _CHANGEME_;
+HOSTNAME localhost;
### Specify the home and external networks. Note that by default the
### ENABLE_INTF_LOCAL_NETS is enabled, so psad automatically detects
@@ -64,8 +64,8 @@ FW_MSG_SEARCH DROP;
### "iproute2" if you want to use the iproute2 type configuration.
### iproute2 does not use aliases for multi-homed interfaces and
### ifconfig does not show secondary addresses for multi-homed interfaces.
-#IFCFGTYPE iproute2;
-IFCFGTYPE ifconfig;
+IFCFGTYPE iproute2;
+#IFCFGTYPE ifconfig;
### Danger levels. These represent the total number of packets required for a
### scan to reach each danger level. A scan may also reach a danger level if
@@ -181,7 +181,7 @@ SYSLOG_DAEMON syslogd;
### This is primarily used to acquire syslog messages from journalctl on
### systems where systemd is running.
-ENABLE_FW_MSG_READ_CMD N;
+ENABLE_FW_MSG_READ_CMD Y;
FW_MSG_READ_CMD /bin/journalctl;
FW_MSG_READ_CMD_ARGS -f -k;
USE_FW_MSG_READ_CMD_ARGS Y;
@@ -593,7 +593,7 @@ PSAD_FIFO_DIR $INSTALL_ROO
PSAD_LIBS_DIR $INSTALL_ROOT/usr/lib/psad;
PSAD_CONF_DIR $INSTALL_ROOT/etc/psad;
PSAD_ERR_DIR $PSAD_DIR/errs;
-CONF_ARCHIVE_DIR $PSAD_CONF_DIR/archive;
+CONF_ARCHIVE_DIR $PSAD_DIR/archive;
SCAN_DATA_ARCHIVE_DIR $PSAD_DIR/scan_archive;
ANALYSIS_MODE_DIR $PSAD_DIR/ipt_analysis;
SNORT_RULES_DIR $PSAD_CONF_DIR/snort_rules;
@@ -685,9 +685,7 @@ ipCmd /sbin/ip;
killallCmd /usr/bin/killall;
netstatCmd /bin/netstat;
unameCmd /bin/uname;
-whoisCmd $INSTALL_ROOT/usr/bin/whois_psad;
+whoisCmd /usr/bin/whois;
dfCmd /bin/df;
fwcheck_psadCmd $INSTALL_ROOT/usr/sbin/fwcheck_psad;
-psadwatchdCmd $INSTALL_ROOT/usr/sbin/psadwatchd;
-kmsgsdCmd $INSTALL_ROOT/usr/sbin/kmsgsd;
psadCmd $INSTALL_ROOT/usr/sbin/psad;