diff -up psad-2.4.5/init-scripts/systemd/psad.service.f psad-2.4.5/init-scripts/systemd/psad.service
--- psad-2.4.5/init-scripts/systemd/psad.service.f 2017-06-14 04:23:48.000000000 +0200
+++ psad-2.4.5/init-scripts/systemd/psad.service 2018-02-13 14:46:47.995387999 +0100
@@ -1,6 +1,7 @@
[Unit]
Description=The Port Scan Attack Detector (psad)
Documentation=man:psad(8) https://www.cipherdyne.org/psad/
+After=firewalld.service iptables.service ip6tables.service
[Service]
Type=forking
diff -up psad-2.4.5/Makefile.f psad-2.4.5/Makefile
--- psad-2.4.5/Makefile.f 2017-06-14 04:23:48.000000000 +0200
+++ psad-2.4.5/Makefile 2018-02-13 14:46:47.995387999 +0100
@@ -25,9 +25,10 @@
#
### default
+OPTS=-O
all : kmsgsd.c psadwatchd.c psad_funcs.c strlcpy.c strlcat.c psad.h
- /usr/bin/gcc -Wall -O kmsgsd.c psad_funcs.c strlcpy.c strlcat.c -o kmsgsd
- /usr/bin/gcc -Wall -O psadwatchd.c psad_funcs.c strlcpy.c strlcat.c -o psadwatchd
+ /usr/bin/gcc -Wall $(OPTS) kmsgsd.c psad_funcs.c strlcpy.c strlcat.c -o kmsgsd
+ /usr/bin/gcc -Wall $(OPTS) psadwatchd.c psad_funcs.c strlcpy.c strlcat.c -o psadwatchd
### debug mode
debug : kmsgsd.c psadwatchd.c psad_funcs.c strlcpy.c strlcat.c psad.h
diff -up psad-2.4.5/psad.conf.f psad-2.4.5/psad.conf
--- psad-2.4.5/psad.conf.f 2017-06-14 04:23:48.000000000 +0200
+++ psad-2.4.5/psad.conf 2018-02-13 14:47:45.046745650 +0100
@@ -24,7 +24,7 @@
EMAIL_ADDRESSES root@localhost;
### Machine hostname
-HOSTNAME _CHANGEME_;
+HOSTNAME localhost;
### Specify the home and external networks. Note that by default the
### ENABLE_INTF_LOCAL_NETS is enabled, so psad automatically detects
@@ -64,8 +64,8 @@ FW_MSG_SEARCH DROP;
### "iproute2" if you want to use the iproute2 type configuration.
### iproute2 does not use aliases for multi-homed interfaces and
### ifconfig does not show secondary addresses for multi-homed interfaces.
-#IFCFGTYPE iproute2;
-IFCFGTYPE ifconfig;
+IFCFGTYPE iproute2;
+#IFCFGTYPE ifconfig;
### Danger levels. These represent the total number of packets required for a
### scan to reach each danger level. A scan may also reach a danger level if
@@ -181,7 +181,7 @@ SYSLOG_DAEMON syslogd;
### This is primarily used to acquire syslog messages from journalctl on
### systems where systemd is running.
-ENABLE_FW_MSG_READ_CMD N;
+ENABLE_FW_MSG_READ_CMD Y;
FW_MSG_READ_CMD /bin/journalctl;
FW_MSG_READ_CMD_ARGS -f -k;
USE_FW_MSG_READ_CMD_ARGS Y;
@@ -586,7 +586,7 @@ PSAD_FIFO_DIR $INSTALL_ROO
PSAD_LIBS_DIR $INSTALL_ROOT/usr/lib/psad;
PSAD_CONF_DIR $INSTALL_ROOT/etc/psad;
PSAD_ERR_DIR $PSAD_DIR/errs;
-CONF_ARCHIVE_DIR $PSAD_CONF_DIR/archive;
+CONF_ARCHIVE_DIR $PSAD_DIR/archive;
SCAN_DATA_ARCHIVE_DIR $PSAD_DIR/scan_archive;
ANALYSIS_MODE_DIR $PSAD_DIR/ipt_analysis;
SNORT_RULES_DIR $PSAD_CONF_DIR/snort_rules;
@@ -678,7 +678,7 @@ ipCmd /sbin/ip;
killallCmd /usr/bin/killall;
netstatCmd /bin/netstat;
unameCmd /bin/uname;
-whoisCmd $INSTALL_ROOT/usr/bin/whois_psad;
+whoisCmd /usr/bin/whois;
dfCmd /bin/df;
fwcheck_psadCmd $INSTALL_ROOT/usr/sbin/fwcheck_psad;
psadwatchdCmd $INSTALL_ROOT/usr/sbin/psadwatchd;