{"id":732,"date":"2009-09-08T08:34:00","date_gmt":"2009-09-08T08:34:00","guid":{"rendered":"http:\/\/pchero21.com\/?p=732"},"modified":"2009-09-08T08:34:00","modified_gmt":"2009-09-08T08:34:00","slug":"psad-%ec%84%a4%ec%a0%95","status":"publish","type":"post","link":"http:\/\/pchero21.com\/?p=732","title":{"rendered":"psad \uc124\uc815"},"content":{"rendered":"<p>&nbsp;\ubaa8\ub4e0 psad \ub370\ubaac\uc740 \/etc\/psad \uc5d0 \uc787\ub294 \ud30c\uc77c psad.conf \ub97c \ucc38\uc870\ud558\uba70, \uc774 \ud30c\uc77c\uc740 \uac04\ub2e8\ud55c \uaddc\uc57d\uc744 \ub530\ub978\ub2e4. \uc8fc\uc11d\uc740 # \uae30\ud638\ub85c \uc2dc\uc791\ud558\uba70 \uc124\uc815 \ub9e4\uac1c\ubcc0\uc218\ub294 \ud0a4-\uac12 \ud615\uc2dd\uc73c\ub85c \uba85\uc2dc\ud55c\ub2e4. \uc608\ub97c \ub4e4\uc5b4 psad.conf \uc758 HOSTNAME \ubcc0\uc218\ub294 psad \uac00 \uc124\uce58\ub41c \uc2dc\uc2a4\ud15c\uc758 \ud638\uc2a4\ud2b8 \uba85\uc744 \uc815\uc758\ud55c\ub2e4.<\/p>\n<blockquote><p>&nbsp;### Machine hostname<br \/>HOSTNAME &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; Ultra60.kongju.ac.kr;<\/p><\/blockquote>\n<p>&nbsp;\ubaa8\ub4e0 \uc124\uc815 \ubcc0\uc218 \uac12\uc740 \uac12\uc744 \uc758\ubbf8\ud558\ub294 \ubb38\uc790\uc5f4\uc758 \ub05d\uc744 \ub098\ud0c0\ub0b4\uae30 \uc704\ud574 \uc138\ubbf8\ucf5c\ub860\uc73c\ub85c \ub05d\ub098\uc57c \ud55c\ub2e4. \uadf8\ub7ec\ubbc0\ub85c \ub2e4\uc74c\uacfc \uac19\uc774 \ubb38\uc11c\ud654\ub97c \uc704\ud574 \uc138\ubbf8\ucf5c\ub860 \ub2e4\uc74c\uc5d0 \uc8fc\uc11d\uc744 \ud3ec\ud568\uc2dc\ud0ac \uc218 \uc788\ub2e4.<\/p>\n<blockquote><p>SCAN_TIMEOUT &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; 3600;&nbsp; ### seconds<\/p><\/blockquote>\n<p>&nbsp;\ub05d\uc73c\ub85c psad \ubcc0\uc218 \uac12\uc740 psad \uac00 \uc124\uc815\uc744 \uad6c\ubb38 \ubd84\uc11d\ud560 \ub54c \ud655\uc7a5\ub418\ub294 \ud558\uc704 \ubcc0\uc218\ub97c \ud3ec\ud568\ud560 \uc218 \uc788\ub2e4. \uc608\ub97c \ub4e4\uc5b4 psad \uc758 \uc8fc\uc694 \ub85c\uae45 \ub514\ub809\ud1a0\ub9ac\ub294 PSAD_DIR \ubcc0\uc218\uac00 \uc815\uc758\ud558\uba70, \uae30\ubcf8\uc801\uc73c\ub85c \/var\/log\/psad \ub85c \uc124\uc815\ub41c\ub2e4. \ub2e4\ub978 \uc124\uc815 \ubcc0\uc218\ub294 $PSAD_DIR \ubcc0\uc218\ub97c \ucc38\uc870\ud560 \uc218 \uc788\ub2e4.<\/p>\n<p>&nbsp;* \/etc\/psad\/psad.conf<\/p>\n<p>&nbsp;psad.conf \ud30c\uc77c\uc740 psad\uc758 \uc8fc\uc694 \uc124\uc815 \ud30c\uc77c\ub85c psad \ub3d9\uc791\uc758 \ub2e4\uc591\ud55c \uba74\uc744 \uc81c\uc5b4\ud558\uae30 \uc704\ud55c 100\uac1c \uc774\uc0c1\uc758 \uc124\uc815 \ubcc0\uc218\ub97c \ud3ec\ud568\ud55c\ub2e4.<\/p>\n<blockquote><p>&nbsp;* http:\/\/www.cipherdyne.org\/psad\/docs\/index.html \uc5d0\uc11c \uc790\uc138\ud55c \uc124\uba85\uc744 \ubcfc \uc218 \uc788\ub2e4.<\/p><\/blockquote>\n<p>&nbsp;&#8211; EMAIL_ADDRESSES<br \/>&nbsp;EMAIL_ADDRESSES \ubcc0\uc218\ub294 psad \uac00 \uc2a4\uce94 \uacbd\uace0, \uc815\ubcf4 \uba54\uc2dc\uc9c0, \uae30\ud0c0 \uacf5\uc9c0\ub97c \uc804\uc1a1\ud560 \uba54\uc77c \uc8fc\uc18c\ub97c \uc815\uc758\ud55c\ub2e4. \ucf64\ub9c8\uc744 \uc0ac\uc6a9\ud574\uc11c \uc5ec\ub7ec \uac1c\uc758 \uba54\uc77c \uc8fc\uc18c\ub97c \ud568\uaed8 \ub098\ud0c0\ub0bc \uc218\ub3c4 \uc788\ub2e4.<\/p>\n<blockquote><p>EMAIL_ADDRESSES &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; root@localhost;<\/p><\/blockquote>\n<p>&nbsp;&#8211; DANGER_LEVEL{n}<br \/>&nbsp;psad \ub294 \uacbd\uace0\uc5d0 \uc6b0\uc120\uc21c\uc704\ub97c \ub450\uae30 \uc704\ud574 \uc545\uc758\uc801\uc778 \ubaa8\ub4e0 \ud65c\ub3d9\uc744 \uc704\ud5d8 \uc218\uc900\uc5d0 \ub530\ub77c \ub098\ub208\ub2e4. \uc704\ud5d8 \uc218\uc900\uc740 1\uc5d0\uc11c 5\uae4c\uc9c0(5\uac00 \uac00\uc7a5 \uc548 \uc88b\uc740 \uac83)\uc774\uba70, \uacf5\uaca9\uc774\ub098 \uc2a4\uce94\uc774 \ud0d0\uc9c0\ub41c \uac01 IP \uc8fc\uc18c\uc5d0 \ud560\ub2f9\ub41c\ub2e4. \uc704\ud5d8 \uc218\uc900 \uac12\uc740 \uc2a4\uce94\uc758 \ud2b9\uc131(\ud328\ud0b7 \uc218, \ud3ec\ud2b8 \ubc94\uc704, \uc2dc\uac04 \uac04\uaca9), \ud2b9\uc815 \ud328\ud0b7\uc774 \/etc\/psad\/signatures \ud30c\uc77c\uc5d0 \uc815\uc758\ub41c \uc11c\uba85\uacfc \uc77c\uce58\ud558\ub294\uc9c0 \uc5ec\ubd80, \ud328\ud0b7\uc774 \/etc\/psad\/auto_dl \ud30c\uc77c\uc5d0 \uc788\ub294 IP \ub098 \ub124\ud2b8\uc6cc\ud06c\ub85c\ubd80\ud130 \uc2dc\uc791\ub410\ub294\uc9c0 \uc5ec\ubd80\uc640 \uac19\uc740 \uc138 \uac00\uc9c0 \uc694\uc18c\uc5d0 \uae30\ubc18\ud574 \ud560\ub2f9\ub41c\ub2e4.<\/p>\n<p>&nbsp;\ud3ec\ud2b8 \uc2a4\uce94\uc758 \uacbd\uc6b0 \uc2a4\uce94\uc758 \ud328\ud0b7 \uc218\uc5d0 \ub530\ub77c DANGER_LEVEL{n} \ubcc0\uc218 \uac12\uc774 \ub2ec\ub77c\uc9c0\uba70, psad.conf \ud30c\uc77c\uc5d0 \ub2e4\uc74c\uacfc \uac19\uc774 \uc815\uc758\ub3fc \uc788\ub2e4.<\/p>\n<blockquote><p>DANGER_LEVEL1 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 5; &nbsp;&nbsp; ### Number of packets.<br \/>DANGER_LEVEL2 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 15;<br \/>DANGER_LEVEL3 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 150;<br \/>DANGER_LEVEL4 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 1500;<br \/>DANGER_LEVEL5 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 10000;<\/p><\/blockquote>\n<p>&nbsp;&#8211; HOME_NET<br \/>&nbsp;psad \ub294 \uc758\uc2ec\uc2a4\ub7ec\uc6b4 \ub124\ud2b8\uc6cc\ud06c \ud2b8\ub798\ud53d\uc744 \ud0d0\uc9c0\ud558\uae30 \uc704\ud574 \uc218\uc815\ub41c \uc2a4\ub178\ud2b8 \uaddc\uce59\uc744 \uc0ac\uc6a9\ud558\uae30 \ub54c\ubb38\uc5d0 psad.conf \ud30c\uc77c\uc5d0\uc11c psad \uac00 \uc0ac\uc6a9\ud558\ub294 \ubcc0\uc218\ub294 \uc2a4\ub178\ud2b8\uac00 \uc0ac\uc6a9\ud558\ub294 \ubcc0\uc218\uc640 \uc720\uc0ac\ud558\ub2e4. HOME_NET \ubcc0\uc218\ub294 \uc2e4\ud589 \uc911\uc778 psad \uac00 \uc124\uce58\ub41c \uc2dc\uc2a4\ud15c\uc758 \ub85c\uceec \ub124\ud2b8\uc6cc\ud06c\ub97c \uc815\uc758\ud55c\ub2e4. \uadf8\ub7ec\ub098 psad \uc640 \uc2a4\ub178\ud2b8\uac00 HOME_NET \ubcc0\uc218\ub97c \ucc98\ub9ac\ud558\ub294 \ub370\uc5d0\ub294 \ud55c\uac00\uc9c0 \ucc28\uc774\uc810\uc774 \uc788\ub2e4. psad \ub294 INPUT \uccb4\uc778\uc5d0 \uae30\ub85d\ub41c \ubaa8\ub4e0 \ud328\ud0b7\uc758 \ubaa9\uc801\uc9c0\ub97c \ucd9c\ubc1c\uc9c0 \uc8fc\uc18c\uc640  \ubb34\uad00\ud558\uac8c \ud648 \ub124\ud2b8\uc6cc\ud06c\ub85c \ucde8\uae09\ud55c\ub2e4. \uc774\ub294 \ud328\ud0b7\uc774 iptables \ubc29\ud654\ubcbd \uc790\uccb4\uc5d0\uc11c \ub77c\uc6b0\ud305\ub410\uae30 \ub54c\ubb38\uc774\ub2e4. ENABLE_INTF_LOCAL_NETS \ubcc0\uc218\ub97c N \uc73c\ub85c \uc124\uc815\ud574\uc11c \uc774\ub7ec\ud55c \ub3d9\uc791\uc744 \uc7ac\uc815\uc758\ud560 \uc218 \uc788\ub2e4. \uc774 \uacbd\uc6b0 \ud648 \ub124\ud2b8\uc6cc\ud06c\ub97c \ub2e4\uc74c\uacfc \uac19\uc774 \uc815\uc758\ud560 \uc218 \uc788\ub2e4.<\/p>\n<blockquote><p>### HOME_NET &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; 192.168.10.4\/24;<br \/>### HOME_NET &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; 10.1.1.0\/24, 192.168.10.4\/24;<br \/>### HOME_NET &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; NOT_USED;&nbsp; ### only one interface on box<br \/>HOME_NET &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; _CHANGEME_;<\/p><\/blockquote>\n<p>&nbsp;&#8211; EXTERNAL_NET<br \/>&nbsp;EXTERNAL_NET \ubcc0\uc218\ub294 \uc678\ubd80 \ub124\ud2b8\uc6cc\ud06c\ub97c \uc815\uc758\ud55c\ub2e4. \uae30\ubcf8 \uac12\uc740 any \uc9c0\ub9cc HOME_NET \ubcc0\uc218\ucc98\ub7fc \uc784\uc758\uc758 \ub124\ud2b8\uc6cc\ud06c \ubaa9\ub85d\uc73c\ub85c \uc124\uc815\ud560 \uc218 \uc788\ub2e4. \ub300\ubd80\ubd84\uc758 \uacbd\uc6b0 \uae30\ubcf8 \uac12\uc774 \uac00\uc7a5 \uc88b\uc740 \uac83\uc774\ub2e4.<\/p>\n<p>&nbsp;&#8211; SYSLOG_DAEMON<br \/>&nbsp;SYSLOG_DAEMON \ubcc0\uc218\ub294 psad \uc5d0\uac8c \ub85c\uceec \uc2dc\uc2a4\ud15c\uc5d0\uc11c \uc2e4\ud589 \uc911\uc778 syslog \ub370\ubaac\uc774 \ubb34\uc5c7\uc778\uc9c0 \uc54c\ub824\uc900\ub2e4. \uc774 \ubcc0\uc218\ub294 syslogd, syslog-ng, ulogd, metalog \uc911 \ud558\ub098\uc758 \uac12\uc744 \uac00\uc9c4\ub2e4. psad \ub294 \uc774 \ubcc0\uc218 \uac12\uc744 \uc774\uc6a9\ud574\uc11c \ud574\ub2f9 syslog \uc124\uc815 \ud30c\uc77c\uc774 kern.info \uba54\uc2dc\uc9c0\ub97c \uba85\uba85\ub41c \ud30c\uc774\ud504 \/var\/lib\/psad\/psadfifo \uc5d0 \uae30\ub85d\ud558\uac8c \uc801\uc808\ud788 \uc124\uc815\ub410\ub294\uc9c0 \ud655\uc778\ud55c\ub2e4. \ub2e8, psad \uac00 ulogd \ub97c \ud1b5\ud574 iptables \ub85c\uadf8 \uba54\uc2dc\uc9c0\ub97c \uc5bb\ub294 \uacbd\uc6b0\ub294 \uc608\uc678\uc778\ub370 ulogd \uac00 \uba54\uc2dc\uc9c0\ub97c \uc9c1\uc811 \ub514\uc2a4\ud06c\uc5d0 \uae30\ub85d\ud558\uae30 \ub54c\ubb38\uc5d0 syslog \ub370\ubaac\uc774 \uc2e4\ud589 \uc911\uc774\uc9c0 \uc54a\uc544\ub3c4 \ub41c\ub2e4. \uc774 \uacbd\uc6b0 psad \ub294 kmsgsd \ub370\ubaac\uc744 \uc2dc\uc791\ud558\uc9c0 \uc54a\ub294\ub2e4.<\/p>\n<p>&nbsp;* ulogd \ub294 \ub137\ud544\ud130 \ud504\ub85c\uc81d\ud2b8\uc5d0\uc11c \uc81c\uacf5\ud558\ub294 \uc0ac\uc6a9\uc790 \uacf5\uac04 \ub85c\uae45 \ub370\ubaac\uc73c\ub85c \ud45c\uc900 LOG \ud0c0\uac9f\uc774 \uc81c\uacf5\ud558\ub294 \uac83\ubcf4\ub2e4 \uc720\uc5f0\ud558\uac8c \ub85c\uae45 \uc635\uc158\uc744 \uc124\uc815\ud560 \uc218 \uc788\ub2e4. \ud2b9\ud788 \ud328\ud0b7\uc740 \ub2e4\uc591\ud55c ulogd \ud50c\ub7ec\uadf8\uc778\uc5d0 \uc758\ud574 \uad00\ub9ac\ub418\uba70, \ud50c\ub7ec\uadf8\uc778\uc740 \ub2e4\uc591\ud55c \ub3d9\uc791\uc744 \uc9c0\uc6d0\ud558\ub294\ub370 \uc608\ub97c \ub4e4\uc5b4 \ud328\ud0b7\uc744 pcap \ud615\uc2dd\uc73c\ub85c \ub514\uc2a4\ud06c\uc5d0 \uae30\ub85d\ud558\uac70\ub098 MySQL \ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0 \uae30\ub85d\ud560 \uc218\ub3c4 \uc788\ub2e4. ulogd\ub294 http:\/\/www.gnumonks.org\/ \ud504\ub85c\uc81d\ud2b8\uc5d0\uc11c \ubc1b\uc744 \uc218 \uc788\ub2e4.<\/p>\n<p>&nbsp;&#8211; CHECK_INTERVAL<br \/>&nbsp;psad \ub294 \ub300\ubd80\ubd84\uc758 \uc2dc\uac04\uc744 \ub300\uae30\ud558\uba74\uc11c \ubcf4\ub0b4\uba70 \uc0c8\ub85c\uc6b4 iptables \ub85c\uadf8 \uba54\uc2dc\uc9c0\uac00 \/var\/log\/psad\/fwdata \ud30c\uc77c\uc5d0 \uae30\ub85d\ub420 \ub54c\ub9cc \ud65c\uc131\ud654\ub41c\ub2e4. \ud655\uc778 \uc2dc\uac04 \uac04\uaca9\uc744 CHECK_INTERVAL \ubcc0\uc218\ub85c \uc815\uc758\ud558\uba70 \ucd08\ub85c \ub098\ud0c0\ub0b8\ub2e4. \uae30\ubcf8 \uac12\uc740 5\ucd08\ub2e4. \uc774 \uac04\uaca9\uc740 \ucd5c\uc18c 1\ucd08\uae4c\uc9c0 \uc124\uc815\ud560 \uc218 \uc788\uc9c0\ub9cc \uacbd\uace0\uac00 \ucd5c\ub300\ud55c \ube68\ub9ac \uc0dd\uc131\ub418\uae38 \uc6d0\ud558\ub294 \uacbd\uc6b0\uac00 \uc544\ub2c8\ub77c\uba74 \ubcf4\ud1b5 \uc774\ub807\uac8c \uc791\uc740 \uac12\uc73c\ub85c \uc124\uc815\ud560 \ud544\uc694\ub294 \uc5c6\ub2e4.<\/p>\n<p>&nbsp;&#8211; SCAN_TIMEOUT<br \/>&nbsp;\ub9ac\ubcf8\uc801\uc73c\ub85c SCAN_TIMEOUT \ubcc0\uc218\ub294 3600\ucd08(1\uc2dc\uac04)\ub85c \uc124\uc815\ub418\uba70 psad\ub294 \uc774 \uac12\uc744 \uc2a4\uce94\uc774 \ucd94\uc801\ub418\ub294 \uc2dc\uac04 \uac04\uaca9\uc73c\ub85c \uc0ac\uc6a9\ud55c\ub2e4. \uc989, \ud2b9\uc815 IP \uc8fc\uc18c\uc5d0\uc11c \uc545\uc758\uc801\uc778 \ud2b8\ub798\ud53d\uc774 \uc774 \uc2dc\uac04 \uac04\uaca9\ub3d9\uc548 \uc704\ud5d8 \uc218\uc900 1\uc5d0 \ub3c4\ub2ec\ud558\uc9c0 \uc54a\uc73c\uba74 psad \ub294 \uacbd\uace0\ub97c \uc0dd\uc131\ud558\uc9c0 \uc54a\ub294\ub2e4. ENABLE_PERSISTENCE \ub97c Y\ub85c \uc124\uc815\ud558\uba74 psad\ub294 SCAN_TIMEOUT \ubcc0\uc218\ub97c \ubb34\uc2dc\ud55c\ub2e4.<\/p>\n<blockquote><p>### This is used only if ENABLE_PERSISTENCE = &#8220;N&#8221;;<br \/>SCAN_TIMEOUT &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; 3600;&nbsp; ### seconds<\/p><\/blockquote>\n<p>&nbsp;&#8211; ENABLE_PERSISTENCE<br \/>&nbsp;\ud3ec\ud2b8 \uc2a4\uce94 \ud0d0\uc9c0 \uc18c\ud504\ud2b8\uc6e8\uc5b4\ub294 \uc77c\ubc18\uc801\uc73c\ub85c \ud3ec\ud2b8 \uc2a4\uce94\uc744 \uc7a1\uae30 \uc704\ud574 \ub450 \uac1c\uc758 \uc784\uacc4\uce58\ub97c \uc124\uc815\ud574\uc57c \ud558\ub294\ub370, \uc870\uc0ac\ub418\ub294 \ud3ec\ud2b8 \uc218\uc640 \uc2dc\uac04 \uac04\uaca9\uc774 \uadf8\uac83\uc774\ub2e4. \uacf5\uaca9\uc790\ub294 \uc2a4\uce94\ub418\ub294 \ud3ec\ud2b8\uc758 \uc218\ub97c \uc904\uc774\uac70\ub098 \uc2a4\uce94\uc758 \uc18d\ub3c4\ub97c \uc904\uc5ec\uc11c \ud3ec\ud2b8 \uc2a4\uce94\uc774 \uc774 \uc784\uacc4\uce58\uc5d0 \ub3c4\ub2ec\ud558\uc9c0 \uc54a\uac8c \ud560 \uc218 \uc788\ub2e4. ENABLE_PERSISTENCE \ubcc0\uc218\ub294 psad\uac00 SCAN_TIMEOUT \ubcc0\uc218\ub97c \uc2a4\uce94 \ud0d0\uc9c0\uc758 \uc694\uc18c\ub85c \uc0ac\uc6a9\ud558\uc9c0 \uc54a\uac8c \ud574\uc900\ub2e4. \uc774\ub294 \uc2a4\uce90\ub108\uac00 \uc218\uc77c\uc774\ub098 \uc218\uc8fc\uc5d0 \uac78\uccd0 \ubaa9\ud45c \uc2dc\uc2a4\ud15c\uc744 \ucc9c\ucc9c\ud788 \uc2a4\uce94\ud568\uc73c\ub85c\uc368 \uc2dc\uac04 \ub9cc\ub8cc \uc784\uacc4\uce58\ubcf4\ub2e4 \ub0ae\uc740 \uc218\uc900\uc5d0 \uba38\ubb3c\uac8c \ud558\ub824\ub294 \uc2dc\ub3c4\ub97c \ubb34\ub825\ud654\ud558\ub294 \ub370 \uc720\uc6a9\ud558\ub2e4. \uc2a4\uce94\uc774 \ucd5c\uc18c DANGER_LEVEL1 \ubcc0\uc218\uc5d0 \uc758\ud574 \uc815\uc758\ub41c \ud328\ud0b7 \uc218\uc5d0 \ub3c4\ub2ec\ud558\uba74(\uc774 \uc218\uc5d0 \ub3c4\ub2ec\ud558\ub294 \ub370 \uac78\ub9b0 \uc2dc\uac04\uc774 \uc5bc\ub9c8\ub098 \uae34\uc9c0\uc5d0 \ubb34\uad00\ud558\uac8c) psad\ub294 \uacbd\uace0\ub97c \uc804\uc1a1\ud55c\ub2e4.<\/p>\n<blockquote><p>### If &#8220;Y&#8221;, means that scans will never timeout.&nbsp; This is useful<br \/>### for catching scans that take place over long periods of time<br \/>### where the attacker is trying to slip beneath the IDS thresholds.<br \/>ENABLE_PERSISTENCE &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; Y;<\/p><\/blockquote>\n<p>&nbsp;&#8211; PORT_RANGE_SCAN_THRESHOLD<br \/>&nbsp;\uc774 \ubcc0\uc218\ub97c \ud1b5\ud574 psad\uac00 \uc704\ud5d8 \uc218\uc900\uc744 \ud3ec\ud2b8 \uc2a4\uce94\uc5d0 \ud560\ub2f9\ud558\uae30 \uc804\uc5d0 \uc2a4\uce94\ub3fc\uc57c \ud558\ub294 \ud3ec\ud2b8\uc758 \ucd5c\uc18c \ubc94\uc704\ub97c \uc815\uc758\ud560 \uc218 \uc788\ub2e4. \uae30\ubcf8\uc801\uc73c\ub85c PORT_RANGE_SCAN_THRESHOLD \ub294 1\ub85c \uc124\uc815\ub418\uba70, \uc774\ub294 \uc704\ud5d8 \uc218\uc900 1\uc5d0 \uc774\ub974\uae30 \uc804\uc5d0 \ucd5c\uc18c\ud55c \ub450 \uac1c\uc758 \uc11c\ub85c \ub2e4\ub978 \ud3ec\ud2b8\uac00 \uc2a4\uce94\ub3fc\uc57c \ud568\uc744 \uc758\ubbf8\ud55c\ub2e4. \ud55c IP \uc8fc\uc18c\uac00 \ud55c \ud3ec\ud2b8\ub9cc\uc744 \ubc18\ubcf5\uc801\uc73c\ub85c \uc2a4\uce94\ud560 \uc218 \uc788\ub294\ub370, \uc774 \uacbd\uc6b0 psad\ub294 \uacbd\uace0\ub97c \uc804\uc1a1\ud558\uc9c0 \uc54a\ub294\ub2e4(\ucd5c\uc18c \uc704\ud5d8 \uc218\uc900 1\uc774 \ud560\ub2f9\ub418\uc9c0 \uc54a\uc740 \ud65c\ub3d9\uc5d0 \ub300\ud574\uc11c\ub294 \uc808\ub300 \uacbd\uace0\uac00 \uc804\uc1a1\ub418\uc9c0 \uc54a\uc73c\uba70, psad\uc5d0\uc11c\ub294 \uacbd\uace0\uac00 \uc804\uc1a1\ub418\ub294 \ucd5c\uc18c \uc704\ud5d8 \uc218\uc900\uc744 1\uc5d0\uc11c 5\uae4c\uc9c0\ub85c \uc124\uc815\ud560 \uc218 \uc788\ub2e4. &#8220;EMAIL_ALERT_DANGER_LEVEL&#8221; \ucc38\uc870). psad\uac00 \uc2a4\uce94\ub418\ub294 \ud3ec\ud2b8\uc758 \ubc94\uc704\ub97c \ud0d0\uc9c0 \uc694\uc18c\ub85c \uc0ac\uc6a9\ud558\uac8c \ud558\uace0 \uc2f6\uc9c0 \uc54a\ub2e4\uba74 PORT_RANGE_SCAN_THRESHOLD \ub97c 0\uc73c\ub85c \uc124\uc815\ud558\uba74 \ub41c\ub2e4.<\/p>\n<blockquote><p>### Set the minimum range of ports that must be scanned before<br \/>### psad will send an alert.&nbsp; The default is 1 so that at<br \/>### least two port must be scanned (p2-p1 &gt;= 1).&nbsp; This can be set<br \/>### to 0 if you want psad to be extra paranoid, or 30000 if not.<br \/>PORT_RANGE_SCAN_THRESHOLD &nbsp; 1;<\/p><\/blockquote>\n<p>&nbsp;&#8211; EMAIL_ALERT_DANGER_LEVEL<br \/>&nbsp;\uc774 \ubcc0\uc218\ub294 \uc5b4\ub5a4 IP \uc8fc\uc18c\uac00 \ucd5c\uc18c \uc774 \uac12\uacfc \ub3d9\uc77c\ud55c \uc704\ud5d8 \uc218\uc900\uc73c\ub85c \ud560\ub2f9\ub418\uc9c0 \uc54a\ub294 \ud55c psad \uac00 \uba54\uc77c \uacbd\uace0\ub97c \uc804\uc1a1\ud558\uc9c0 \uc54a\uac8c \ud558\ub294 \uc704\ud5d8 \uc218\uc900\uc758 \ucd5c\uc18c \uac12\uc744 \uc124\uc815\ud558\ub294\ub370 \uc4f0\uc778\ub2e4. \uae30\ubcf8 \uac12\uc740 1\uc774\ub2e4.<\/p>\n<blockquote><p>### Send email alert if danger level &gt;= to this value.<br \/>EMAIL_ALERT_DANGER_LEVEL &nbsp;&nbsp; 1;<\/p><\/blockquote>\n<p>&nbsp;&#8211; MIN_DANGER_LEVEL<br \/>&nbsp;MIN_DANGER_LEVEL \uc784\uacc4\uce58\ub294 psad\uac00 \uc218\ud589\ud558\ub294 \ubaa8\ub4e0 \uacbd\uace0\uc640 \ucd94\uc801 \uae30\ub2a5\uc744 \uc704\ud55c \uc804\uc5ed \uc784\uacc4\uce58\uc774\ub2e4. \uc608\ub97c \ub4e4\uc5b4 MIN_DANGER_LEVEL\uc774 2\ub85c \uc124\uc815\ub418\uba74 psad\ub294 \ud2b9\uc815 IP \uc8fc\uc18c\uac00 \uc704\ud5d8 \uc218\uc900 2\uc5d0 \ub3c4\ub2ec\ud558\uae30 \uc804\uc5d0\ub294 \uc774\ub97c \/var\/log\/psad\/ip \ub514\ub809\ud130\ub9ac\uc5d0 \uae30\ub85d\ud558\uc9c0\ub3c4 \uc54a\ub294\ub2e4. \uadf8\ub7ec\ubbc0\ub85c MIN_DANGER_LEVEL \ubcc0\uc218\ub294 \ud56d\uc0c1 EMAIL_ALERT_DANGER_LEVEL \ubcc0\uc218\uc758 \uac12\ubcf4\ub2e4 \uc791\uac70\ub098 \uac19\uac8c \uc124\uc815\ud574\uc57c \ud55c\ub2e4. \uae30\ubcf8 MIN_DANGER_LEVEL \uac12\uc740 1\uc774\ub2e4. (psad 1.4.8 \ubc84\uc804\uc758 \uacbd\uc6b0 MIN_ARCHIVE_DANGER_LEVEL \uc9c0\uc2dc\uc5b4\ub85c \ub098\ud0c0\ub098 \uc788\uc5c8\ub2e4.)<\/p>\n<blockquote><p>### Only archive scanning ip directories that have reached a danger<br \/>### level greater than or equal to this value.&nbsp; Archiving old<br \/>### scanning ip directories only takes place at psad startup.<br \/>MIN_ARCHIVE_DANGER_LEVEL &nbsp;&nbsp; 1;<\/p><\/blockquote>\n<p>&nbsp;<br \/>&nbsp;&#8211; SHOW_ALL_SIGNATURES<br \/>&nbsp;\uc774 \ubcc0\uc218\ub294 psad\uac00 \ubaa8\ub4e0 \uacbd\uace0\uc5d0\uc11c IP \uc8fc\uc18c\uc640 \uad00\ub828\ub41c \ubaa8\ub4e0 \uc11c\uba85 \uacbd\uace0 \uc815\ubcf4\ub97c \ud3ec\ud568\ud558\uac8c \ud560\uc9c0 \uc5ec\ubd80\ub97c \uacb0\uc815\ud55c\ub2e4. \uc774 \ubcc0\uc218\ub97c \ud654\uc124\ud654\ud560 \uacbd\uc6b0 \ud2b9\uc815 IP \uc8fc\uc18c\uac00 \uc624\ub7ab\ub3d9\uc548 \uc758\uc2ec\uc2a4\ub7ec\uc6b4 \ud2b8\ub798\ud53d\uc73c\ub85c \ud55c \uc0ac\uc774\ud2b8\uc5d0 \uc811\uc18d\ud560 \ub54c \ub9e4\uc6b0 \uae34 \uba54\uc77c \uacbd\uace0\uac00 \ucd08\ub798\ub420 \uc218 \uc788\uae30 \ub54c\ubb38\uc5d0 \uc774\ub294 \uae30\ubcf8\uc801\uc73c\ub85c \ube44\ud65c\uc124\ud654\ub41c\ub2e4. \uadf8\ub7ec\ub098 SHOW_ALL_SIGNATURES \uac00 \ube44\ud65c\uc131\ud654\ub41c \uacbd\uc6b0\uc5d0\ub3c4 psad \uba54\uc77c \uacbd\uace0\ub294 \ub9c8\uc9c0\ub9c9 CHECK_INTERVAL \uc5d0\uc11c \uc0c8\ub85c \ucd09\ubc1c\ub41c \uc11c\uba85\uc740 \ubaa8\ub450 \ud3ec\ud568\ud55c\ub2e4.<\/p>\n<blockquote><p>### If &#8220;Y&#8221;, means all signatures will be shown since<br \/>### the scan started instead of just the current ones.<br \/>SHOW_ALL_SIGNATURES &nbsp; &nbsp; &nbsp; &nbsp; N;<\/p><\/blockquote>\n<p>&nbsp;&#8211; ALERT_ALL<br \/>&nbsp;\uc774 \ubcc0\uc218\uac00 Y\ub85c \uc124\uc815\ub418\uba74 psad\ub294 \uc5b4\ub5a4 IP \uc8fc\uc18c\ub85c\ubd80\ud130\uc758 \uc0c8\ub85c\uc6b4 \uc545\uc758\uc801\uc778 \ud65c\ub3d9\uc774 \uc704\ud5d8\uc218\uc900 1\uc5d0 \ub3c4\ub2ec\ud558\ub294 \ud55c \uc774\ub7ec\ud55c \ud65c\ub3d9\uc774 \ud0d0\uc9c0\ub420 \ub54c\ub9c8\ub2e4 \uba54\uc77c\uc774\ub098 syslog \uacbd\uace0, \ub610\ub294 \ub458 \ubaa8\ub450\ub97c \uc0dd\uc131\ud55c\ub2e4. N\uc73c\ub85c \uc124\uc815\ub418\uba74 IP \uc8fc\uc18c\uc5d0 \ud560\ub2f9\ub41c \uc704\ud5d8 \uc218\uc900\uc774 \uc99d\uac00\ud560 \ub54c\ub9cc \uacbd\uace0\ub97c \uc0dd\uc131\ud55c\ub2e4.<\/p>\n<blockquote><p>### If &#8220;Y&#8221;, send email for all newly logged packets from the same<br \/>### source ip instead of just when a danger level increases.<br \/>ALERT_ALL &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Y;<\/p><\/blockquote>\n<p>&nbsp;&#8211; SNORT_SID_STR<br \/>&nbsp;\uc774 \ubcc0\uc218\ub294 \uc5b4\ub5a4 iptables \ub85c\uadf8 \uba54\uc2dc\uc9c0\uac00 \uc2a4\ub178\ud2b8 \uaddc\uce59 \ud558\ub098\ub97c \uc644\uc804\ud558\uac8c \uae30\uc220\ud558\ub294 iptables \uaddc\uce59\uc5d0 \uc758\ud574 \uc0dd\uc131\ub410\ub294\uc9c0 \uc54c\uc544\ubcf4\uae30 \uc704\ud574 iptables \ub85c\uadf8 \uba54\uc2dc\uc9c0\uc640 \ub9e4\uce6d\uc2dc\ud0ac \ubd80\ubd84 \ubb38\uc790\uc5f4\uc744 \uc815\uc758\ud55c\ub2e4. \uc774\ub7f0 iptables \uaddc\uce59\uc740 fwsnort\uac00 \uc0dd\uc131\ud558\uba70 \uc77c\ubc18\uc801\uc73c\ub85c \ub85c\uae45 \uc811\ub450\uc5b4 SID{n}\uc744 \ud3ec\ud568\ud55c\ub2e4. \uc5ec\uae30\uc11c {n}\uc740 \uc6d0\ubcf8 \uc2a4\ub178\ud2b8 \uaddc\uce59\uc5d0\uc11c \uc5bb\uc740 \uc2a4\ub178\ud2b8 ID \ubc88\ud638\uc774\ub2e4. SNORT_SID_STR\uc758 \uae30\ubcf8 \uac12\uc740 \ub2e8\uc21c\ud788 SID\ub2e4.<\/p>\n<blockquote><p>### Search for snort &#8220;sid&#8221; values generated by fwsnort<br \/>### or snort2iptables<br \/>SNORT_SID_STR &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; SID;<\/p><\/blockquote>\n<p>&nbsp;&#8211; ENABLE_AUTO_IDS<br \/>&nbsp;\uc774 \ubcc0\uc218\ub294 Y\ub85c \uc124\uc815\ub418\ub294 \uacbd\uc6b0 psad\ub97c \uc218\ub3d9\uc801 \ubaa8\ub2c8\ud130\ub9c1 \ub370\ubaac\uc5d0\uc11c, (INPUT \uccb4\uc778\uacfc OUTPUT \uccb4\uc778\uc744 \ud1b5\ud574) \ub85c\uceec \uc2dc\uc2a4\ud15c\uacfc (FORWARD \uccb4\uc778\uc744 \ud1b5\ud574) \ub85c\uceec \uc2dc\uc2a4\ud15c\uc5d0 \uc758\ud574 \ubcf4\ud638\ub418\ub294 \ubaa8\ub4e0 \uc2dc\uc2a4\ud15c\uacfc \uc5f0\ub3d9\ud574\uc11c \uacf5\uaca9\uc790 IP \uc8fc\uc18c\ub97c \ucc28\ub2e8\ud558\uae30 \uc704\ud574 \ub85c\uceec iptables \uc815\ucc45\uc744 \ub3d9\uc801\uc73c\ub85c \uc7ac\uc124\uc815\ud568\uc73c\ub85c\uc368 \uacf5\uaca9\uc5d0 \ub2a5\ub3d9\uc801\uc73c\ub85c \uc751\ub2f5\ud558\ub294 \ud504\ub85c\uadf8\ub7a8\uc73c\ub85c \ubcc0\ud658\ud55c\ub2e4.<\/p>\n<blockquote><p>### If &#8220;Y&#8221;, enable automated IDS response (auto manages<br \/>### firewall rulesets).<br \/>ENABLE_AUTO_IDS &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; N;<\/p><\/blockquote>\n<p>&nbsp;&#8211; IMPORT_OLD_SCANS<br \/>&nbsp;psad\uac00 \ud3ec\ud2b8 \uc2a4\uce94\uacfc \uae30\ud0c0 \uc758\uc2ec\uc2a4\ub7ec\uc6b4 \ud65c\ub3d9\uc5d0 \ub300\ud574 \uc218\uc9d1\ud558\ub294 \uc815\ubcf4\ub294 \/var\/log\/psad \ub514\ub809\ud130\ub9ac\uc5d0 \uae30\ub85d\ub41c\ub2e4. \uc704\ud5d8 \uc218\uc900 1\uc5d0 \ub3c4\ub2ec\ud55c \ubaa8\ub4e0 IP \uc8fc\uc18c\uc5d0 \ub300\ud574 \uc0c8 \ub514\ub809\ud130\ub9ac \/var\/log\/psad\/ip \uac00 \uc0dd\uc131\ub41c\ub2e4. \uc774 \ub514\ub809\ud130\ub9ac\uc5d0 \uc800\uc7a5\ub418\ub294 \ub2e4\uc591\ud55c \ud30c\uc77c\uc5d0\ub294 \uac00\uc7a5 \ucd5c\uadfc\uc758 \uba54\uc77c \uacbd\uace0, whois \ucd9c\ub825, \uc11c\uba85 \ub9e4\uce6d, \uc704\ud5d8 \uc218\uc900, \ud328\ud0b7 \uc218\uac00 \ud3ec\ud568\ub41c\ub2e4. \ucc98\uc74c \uc2dc\uc791 \uc2dc psad\ub294 \ubcf4\ud1b5 \uae30\uc874\uc758 \/var\/log\/psad\/ip \ub514\ub809\ud130\ub9ac\ub97c \uc81c\uac70\ud558\uc9c0\ub9cc IMPORT_OLD_SCANS\ub97c Y\ub85c \uc124\uc815\ud574\uc11c \uae30\uc874\uc758 \ub514\ub809\ud130\ub9ac\ub85c\ubd80\ud130 \ubaa8\ub4e0 \ub370\uc774\ud130\ub97c \uac00\uc838\uc62c \uc218 \uc788\ub2e4.\uc774 \uae30\ub2a5\uc744 \ud1b5\ud574 \uc774\uc804 psad \uc778\uc2a4\ud134\uc2a4\uc758 \uc2a4\uce94 \ub370\uc774\ud130\ub97c \uc77c\uc9c0 \uc54a\uace0 psad\ub97c \uc7ac\uc2dc\uc791\ud558\uac70\ub098 \uc804\uccb4 \uc2dc\uc2a4\ud15c\uc744 \uc7ac\ubd80\ud305\ud560 \uc218 \uc788\ub2e4.<\/p>\n<blockquote><p>### If &#8220;Y&#8221;, then psad will import old scan source ip directories<br \/>### as current scans instead of moving the directories into the<br \/>### archive directory.<br \/>IMPORT_OLD_SCANS &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; N;<\/p><\/blockquote>\n<p>&nbsp;&#8211; ENABLE_DSHIELD_ALERTS<br \/>&nbsp;\uc774 \ubcc0\uc218\ub97c Y\ub85c \uc124\uc815\ud558\uba74 psad\ub294 \uc2a4\uce94 \ub370\uc774\ud130\ub97c DSHIELD \ubd84\uc0b0 \uce68\uc785 \ud0d0\uc9c0 \uc2dc\uc2a4\ud15c\uc73c\ub85c \uc804\uc1a1\ud55c\ub2e4. \uc2a4\uce94 \uc815\ubcf4\ub294 \ubbfc\uac10\ud55c \uc815\ubcf4\uc77c \uc218 \uc788\uae30 \ub54c\ubb38\uc5d0 \uc2a4\uce94 \ub370\uc774\ud130\ub97c DSHIELD\ub85c \ub118\uae30\uba74 \ud574\ub2f9 \uc2a4\uce94 \ub370\uc774\ud130\ub294 \ub354 \uc774\uc0c1 \uc5ec\ub7ec\ubd84\uc758 \uc81c\uc5b4 \ud558\uc5d0 \uc788\uc9c0 \uc54a\uc73c\uba70 \uc0c1\ub300\uc801\uc73c\ub85c \uc5f4\ub9b0 \ub370\uc774\ud130\ubca0\uc774\uc2a4\ub85c \uad6c\ubb38 \ubd84\uc11d\ub41c\ub2e4\ub294 \uc810\uc744 \uc54c\uc544\uc57c \ud55c\ub2e4. \uadf8\ub7ec\ub098 DSHIELD\ub294 \uac00\uc7a5 \uc77c\ubc18\uc801\uc73c\ub85c \uacf5\uaca9\ub2f9\ud558\ub294 \uc11c\ube44\uc2a4\ub098 \ud604\uc7ac \ub300\ubd80\ubd84\uc758 \uc2dc\uc2a4\ud15c\uc744 \uacf5\uaca9\ud558\ub294 \uc5b4\ub5a4 IP \uc8fc\uc18c\uac00 \ubb34\uc5c7\uc778\uc9c0(\uc774\ub7f0 IP \uc8fc\uc18c\ub294 \uc5c4\uaca9\ud55c \ubc29\ud654\ubcbd \uaddc\uce59\uc758 \uc88b\uc740 \ud6c4\ubcf4\uac00 \ub41c\ub2e4.)\uc5d0 \ub300\ud55c \uc815\ubcf4\ub97c \uc0ac\uc6a9\uc790\uac00 \uc880 \ub354 \uc798 \uc774\ud574\ud560 \uc218 \uc788\uac8c \ud574\uc900\ub2e4. \ub9ce\uc740 \uc0ac\ub78c\ub4e4\uc774 \uc774 \uae30\ub2a5\uc744 \ud65c\uc131\ud654\ud560\uc218\ub85d \uc778\ud130\ub137\uc740 \uc880 \ub354 \uc548\uc804\ud574\uc9c4\ub2e4.<\/p>\n<blockquote><p>### Send scan logs to dshield.org.&nbsp; This is disabled by default,<br \/>### but is a good idea to enable it (subject to your site security<br \/>### policy) since the DShield service helps to track the bad guys.<br \/>### For more information visit http:\/\/www.dshield.org<br \/>ENABLE_DSHIELD_ALERTS &nbsp; &nbsp; &nbsp; N;<\/p><\/blockquote>\n<p>&nbsp;&#8211; IGNORE_PORTS<br \/>&nbsp;\ub9ce\uc740 \uce68\uc785 \ud0d0\uc9c0 \uc2dc\uc2a4\ud15c\uc758 \uc8fc\uc694 \uae30\ub2a5\uc740 \uad00\ub9ac\uc790\uac00 IDS\ub85c \ud558\uc5ec\uae08 \uc644\uc804\ud788 \ubb34\uc2dc\ud558\uac8c \ud558\uace0 \uc2f6\uc740 \ub370\uc774\ud130 \uc870\uac01\uc744 \ud544\ud130\ub9c1\ud558\ub294 \uae30\ub2a5\uc774\ub2e4. IGNORE_PORTS \ubcc0\uc218\ub294 psad\uac00 \ubaa9\uc801\uc9c0 \ud3ec\ud2b8 \ubc88\ud638\uc640 \ud504\ub85c\ud1a0\ucf5c(TCP\ub098 UDP)\uc5d0 \uae30\ubc18\ud574\uc11c iptables \ub85c\uadf8 \uba54\uc2dc\uc9c0\ub97c \ubb34\uc2dc\ud558\uac8c \ud55c\ub2e4. \ud3ec\ud2b8 \ubc94\uc704\uc640 \ub2e4\uc911 \ud3ec\ud2b8, \ud504\ub85c\ud1a0\ucf5c \uc870\ud569\uc740 \ub2e4\uc74c\uacfc \uac19\uc774 \uc9c0\uc815\ud560 \uc218 \uc788\ub2e4.<\/p>\n<blockquote><p>&nbsp;### define a set of ports to ignore (this is useful particularly<br \/>### for port knocking applications since the knock sequence will<br \/>### look to psad like a scan).&nbsp; This variable may be defined as<br \/>### a comma-separated list of port numbers or port ranges and<br \/>### corresponding protocol,&nbsp; For example, to have psad ignore all<br \/>### tcp in the range 61000-61356 and udp ports 53 and 5000, use:<br \/>### IGNORE_PORTS &nbsp; &nbsp; &nbsp;&nbsp; tcp\/61000-61356, udp\/53, udp\/5000;<br \/>IGNORE_PORTS &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; NONE;<\/p><\/blockquote>\n<p>&nbsp;IGNORE_PORTS \ubcc0\uc218\ub97c \uc0ac\uc6a9\ud558\uae30\ubcf4\ub2e4\ub294 \ubb34\uc2dc\ud558\uace0 \uc2f6\uc740 \ud3ec\ud2b8\ub85c\uc758 \ud328\ud0b7\uc774 LOG \uaddc\uce59\uacfc \uc77c\uce58\ub418\uae30 \uc804\uc5d0 \ub2e4\ub978 \uaddc\uce59\uacfc \ub9e4\uce6d\ub418\uac8c iptables \uc815\ucc45\uc744 \uc870\uc808\ud558\ub294 \uac83\uc774 \ub0ab\ub2e4.<\/p>\n<p>&nbsp;&#8211; IGNORE_PROTOCOLS<br \/>&nbsp;IGNORE_PROTOCOLS \ubcc0\uc218\ub97c \uc0ac\uc6a9\ud558\uba74 psad\ub294 \uc804\uccb4 \ud504\ub85c\ud1a0\ucf5c\uc744 \ubb34\uc2dc\ud560 \uc218 \uc788\ub2e4. \ub300\uac1c\ub294 iptables \uc815\ucc45\uc744 \uc870\uc815\ud574\uc11c \ubb34\uc2dc\ud558\uace0 \uc2f6\uc740 \ud504\ub85c\ud1a0\ucf5c\uc744 \uae30\ub85d\ud558\uc9c0 \uc54a\ub294 \uac83\uc774 \ub354 \uc88b\uc9c0\ub9cc \uc608\ub97c \ub4e4\uc5b4 psad\uac00 \ubaa8\ub4e0 ICMP \ud328\ud0b7\uc744 \ubb34\uc2dc\ud558\uac8c \ud558\uace0 \uc2f6\ub2e4\uba74 IGNORE_PROTOCOLS \uc9c0\uc2dc\uc5b4\ub97c \uc124\uc815\ud558\uba74 \ub41c\ub2e4.<\/p>\n<blockquote><p>### allow entire protocols to be ignored.&nbsp; This keyword can accept<br \/>### a comma separated list of protocols.&nbsp; Each protocol must match<br \/>### the protocol that is specified in a Netfilter log message (case<br \/>### insensitively, so both &#8220;TCP&#8221; or &#8220;tcp&#8221; is ok).<br \/>### IGNORE_PROTOCOL &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; tcp,udp;<br \/>IGNORE_PROTOCOLS &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; NONE;<\/p><\/blockquote>\n<p>&nbsp;&#8211; IGNORE_LOG_PREFIXES<br \/>&nbsp;iptables \uc815\ucc45\uc740 \ub9e4\uc6b0 \ubcf5\uc7a1\ud560 \uc218 \uc788\uc73c\uba70, \ub2e4\uc218\uc758 \uc5ec\ub7ec \uac00\uc9c0 \ub85c\uae45 \uaddc\uce59\uc744 \ud3ec\ud568\ud560 \uc218 \uc788\ub2e4. \ub610 \uac01 \ub85c\uae45 \uaddc\uce59\uc740 \uc790\uc2e0\ub9cc\uc758 \ub85c\uae45 \uc811\ub450\uc5b4\ub97c \uac00\uc9c8 \uc218\ub3c4 \uc788\ub2e4. IGNORE_LOG_PREFIXES \uc9c0\uc2dc\uc5b4\ub97c \uc774\uc6a9\ud558\uba74 \ubb34\uc2dc\ud558\uace0 \uc2f6\uc740 \ud2b9\uc815 \ub85c\uae45 \uc811\ub450\uc5b4\ub97c \uc124\uc815\ud560 \uc218 \uc788\ub2e4.<\/p>\n<blockquote><p>### Ignore these specific logging prefixes<br \/>IGNORE_LOG_PREFIXES &nbsp; &nbsp; &nbsp; &nbsp; NONE;<\/p><\/blockquote>\n<p>&nbsp;&#8211; EMAIL_LIMIT<br \/>&nbsp;\uc5b4\ub5a4 \uacbd\uc6b0\uc5d0\ub294 iptables \uc815\ucc45\uc774 \ud2b9\uc815 \ud2b8\ub798\ud53d\uc744 \uae30\ub85d\ud558\uac8c \uc124\uc815\ub418\ub294\ub370, \uc774 \ud2b8\ub798\ud53d\uc774 \ub124\ud2b8\uc6cc\ud06c\uc0c1\uc5d0\uc11c \uc5ec\ub7ec \ubc88 \ubc18\ubcf5\ub420 \uc218 \uc788\ub2e4(\uc608\ub97c \ub4e4\uc5b4 \ud2b9\uc815 DNS \uc11c\ubc84\ub85c\uc758 DNS \uc694\uccad). \uc774\ub7ec\ud55c \ud2b8\ub798\ud53d\uc774 \uc2a4\uce94\uc774\ub77c\uace0 \ud574\uc11d\ub418\uba74 \ud574\ub2f9 \ud2b8\ub798\ud53d \uc790\uccb4\uac00 \ubc18\ubcf5\ub418\uae30 \ub54c\ubb38\uc5d0 psad\ub294 \uc774 \ud2b8\ub798\ud53d\uc5d0 \ub300\ud574 \ub2e4\ub7c9\uc758 \uba54\uc77c \uacbd\uace0\ub97c \uc804\uc1a1\ud560 \uc218 \uc788\ub2e4. EMAIL_LIMIT \ubcc0\uc218\ub97c \uc0ac\uc6a9\ud558\uba74 psad\uac00 \uc2a4\uce90\ub2dd IP \uc8fc\uc18c\uc5d0 \ub300\ud574 \uc804\uc1a1\ub418\ub294 \uba54\uc77c \uacbd\uace0\uc758 \uc218\uc5d0 \uc81c\ud55c\uc744 \ub450\uac8c \uac15\uc81c\ud560 \uc218 \uc788\ub2e4. \uae30\ubcf8 \uac12\uc740 0\uc73c\ub85c \uc774\ub294 \uc81c\ud55c\uc774 \uc5c6\ub2e4\ub294 \uac83\uc744 \uc758\ubbf8\ud55c\ub2e4. \uadf8\ub7ec\ub098 EMAIL_LIMIT \uac12\uc744 50\uc73c\ub85c \uc124\uc815\ud558\uba74 psad\ub294 \ud2b9\uc815 IP \uc8fc\uc18c\uc5d0 \ub300\ud574 50\uac1c \uc774\uc0c1\uc758 \uba54\uc77c \uacbd\ub85c\ub97c \uc804\uc1a1\ud558\uc9c0 \uc54a\ub294\ub2e4.<\/p>\n<blockquote><p>### Send no more than this number of emails for a single<br \/>### scanning source IP.&nbsp; Note that enabling this feature may cause<br \/>### alerts for real attacks to not be generated if an attack is sent<br \/>### after the email threshold has been reached for an IP address.<br \/>### This is why the default is set to &#8220;0&#8221;.<br \/>EMAIL_LIMIT &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 0;<\/p><\/blockquote>\n<p>&nbsp;&#8211; ALERTING_METHODS<br \/>&nbsp;\ub300\ubd80\ubd84\uc758 \uad00\ub9ac\uc790\ub294 psad\uac00 \uc81c\uacf5\ud558\ub294 \uba54\uc77c\uacfc syslog \ubcf4\uace0 \ubaa8\ub4dc\ub97c \ubaa8\ub450 \uc0ac\uc6a9\ud55c\ub2e4. \uadf8\ub7ec\ub098 ALERTING_METHODS \ubcc0\uc218\ub97c \uc774\uc6a9\ud558\uba74 psad\uac00 \uba54\uc77c \uacbd\uace0\uc640 syslog \uacbd\uace0 \uc911 \uc5b4\ub5a4 \uac83\uc744 \uc0dd\uc131\ud558\uac8c \ud560\uc9c0 \uc81c\uc5b4\ud560 \uc218 \uc788\ub2e4. ALERTING_METHODS \ubcc0\uc218\ub294 noemail, nosyslog, ALL\uacfc \uac19\uc740 \uc138 \uac00\uc9c0 \uac12\uc744 \uac00\uc9c8 \uc218 \uc788\ub2e4. noemail\uacfc nosyslog \uac12\uc740 psad\uac00 \uba54\uc77c\uc774\ub098 syslog \uacbd\uace0\ub97c \uc804\uc1a1\ud558\uc9c0 \uc54a\uac8c \ud55c\ub2e4. \uc774 \uac12\ub4e4\uc744 \uc870\ud569\ud574\uc11c \ubaa8\ub4e0 \uacbd\uace0\ub97c \ube44\ud65c\uc131\ud654\ud560 \uc218\ub3c4 \uc788\ub2e4. \uae30\ubcf8 \uac12\uc740 \ub450 \ubaa8\ub450\ub97c \uc0dd\uc131\ud558\ub294 \uac83\uc774\ub2e4.(psad 1.4.8 \ubc84\uc804\uc758 \uacbd\uc6b0 \/etc\/psad\/alert.conf \ud30c\uc77c\uc5d0 \uc774 \uc9c0\uc2dc\uc5b4\uac00 \ub098\ud0c0\ub098\uc788\ub2e4.)<\/p>\n<blockquote><p>### Allow reporting methods to be enabled\/restricted.&nbsp; This keyword can<br \/>### accept values of &#8220;nosyslog&#8221; (don&#8217;t write any messages to syslog),<br \/>### &#8220;noemail&#8221; (don&#8217;t send any email messages), or &#8220;ALL&#8221; (to generate both<br \/>### syslog and email messages).&nbsp; &#8220;ALL&#8221; is the default.&nbsp; Both &#8220;nosyslog&#8221;<br \/>### and &#8220;noemail&#8221; can be combined with a comma to disable all logging<br \/>### and alerting.<br \/>ALERTING_METHODS &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; ALL;<\/p><\/blockquote>\n<p>&nbsp;&#8211; FW_MSG_SEARCH<br \/>&nbsp;FW_MSG_SEARCH \ubcc0\uc218\ub294 psad\uac00 iptables \ub85c\uadf8 \uba54\uc2dc\uc9c0\ub97c \uc5b4\ub5bb\uac8c \uac80\uc0c9\ud560\uc9c0 \uc815\uc758\ud55c\ub2e4. psad\uac00 (iptables\uc5d0 \uc8fc\ub294 &#8211;log-prefix \uc778\uc790\ub97c \uc0ac\uc6a9\ud574 iptables LOG \uaddc\uce59\uc5d0 \uc815\uc758\ub41c) \ud2b9\uc815 \ub85c\uadf8 \uc811\ub450\uc5b4\ub97c \ud3ec\ud568\ud558\ub294 \ub85c\uadf8 \uba54\uc2dc\uc9c0\ub9cc\uc744 \ubd84\uc11d\ud558\uac8c \uc81c\ud55c\ud558\ub824\uba74 FW_MSG_SEARCH \ubcc0\uc218\ub85c \uc811\ub450\uc5b4\ub97c \uc815\uc758\ud558\uba74 \ub41c\ub2e4. iptables\ub294 \ud328\ud0b7\uc5d0 FW_MSG_SEARCH \ubcc0\uc218 \uac12\uacfc \ub2e4\ub978 \ub85c\uadf8 \uc811\ub450\uc5b4\ub97c \ud560\ub2f9\ud558\uac8c \uc124\uc815\ud560 \uc218 \uc788\uc73c\uba70 \uc774 \uacbd\uc6b0 psad\ub294 \ud574\ub2f9 \ud328\ud0b7\uc744 \ubd84\uc11d\ud558\uc9c0 \uc54a\ub294\ub2e4.<\/p>\n<blockquote><p>### The FW_MSG_SEARCH variable can be modified to look for logging messages<br \/>### that are specific to your firewall configuration (specified by the<br \/>### &#8220;&#8211;log-prefix&#8221; option.&nbsp; For example, if your firewall uses the<br \/>### string &#8220;Audit&#8221; for packets that have been blocked, then you could<br \/>### set FW_MSG_SEARCH to &#8220;Audit&#8221;;&nbsp; The default string to search for is<br \/>### &#8220;DROP&#8221;.&nbsp; Both psad and kmsgsd reference this file.&nbsp; NOTE: You can<br \/>### specify this variable multiple times to have psad search for multiple<br \/>### strings.&nbsp; For example to have psad search for the strings &#8220;Audit&#8221; and<br \/>### &#8220;Reject&#8221;, you would use the following two lines:<br \/>#FW_MSG_SEARCH &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Audit;<br \/>#FW_MSG_SEARCH &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; REJECT;<\/p>\n<p>FW_MSG_SEARCH &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; DROP;<\/p><\/blockquote>\n<p><span style=\"font-weight: bold;\">&nbsp;* \/etc\/psad\/auto_dl<\/span><\/p>\n<p>&nbsp;\ubaa8\ub4e0 IDS\ub294 \ud56d\uc0c1 \ub192\uc740 \ud655\ub960\ub85c \uae0d\uc815 \uc624\ub958\ub97c \ubc94\ud55c\ub2e4. \uadf8\ub7ec\ubbc0\ub85c IDS\ub294 \ud2b9\uc815 \uc2dc\uc2a4\ud15c, \ub124\ud2b8\uc6cc\ud06c, \ud504\ub85c\ud1a0\ucf5c\uc774 \ubaa8\ub4e0 \ud0d0\uc9c0 \ub3d9\uc791\uacfc (\uac00\uc7a5 \uc911\uc694\ud558\uac8c\ub294)\uc790\ub3d9\ud654\ub41c \ubaa8\ub4e0 \uc751\ub2f5 \uae30\ub2a5\uc5d0\uc11c \uc81c\uc678\ub420 \uc218 \uc788\uac8c \ud574\uc8fc\ub294 \ud5c8\uc6a9 \ubaa9\ub85d \uae30\ub2a5\uc744 \uac16\ucdb0\uc57c \ud55c\ub2e4. \ub610 \ud2b9\uc815 IP \uc8fc\uc18c\ub098 \ub124\ud2b8\uc6cc\ud06c\uac00 \uacf5\uaca9\uc790\ub85c \uc54c\ub824\uc9c8 \uc218\ub3c4 \uc788\uc73c\ubbc0\ub85c \uc774\ub4e4\uc744 \ucc28\ub2e8\ud560 \ucc28\ub2e8 \ubaa9\ub85d \uae30\ub2a5\ub3c4 \ud544\uc694\ud558\ub2e4.<br \/>&nbsp;\uc774\ub7ec\ud55c \uc694\uad6c \uc0ac\ud56d\uc740 \ub2e4\uc74c\uacfc \uac19\uc740 \uad6c\ubb38\uc744 \ub530\ub974\ub294 psad\uc758 auto_dl \ud30c\uc77c\uc774 \ucda9\uc871\uc2dc\ud0a8\ub2e4.<\/p>\n<blockquote><p>#&nbsp; &lt;IP address&gt;&nbsp; &lt;danger level&gt;&nbsp; &lt;optional protocol&gt;\/&lt;optional ports&gt;;<br \/>#<br \/># Examples:<br \/>#<br \/>#&nbsp; 10.111.21.23 &nbsp;&nbsp; 5; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; # Very bad IP.<br \/>#&nbsp; 127.0.0.1 &nbsp; &nbsp; &nbsp; 0; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; # Ignore this IP.<br \/>#&nbsp; 10.10.1.0\/24 &nbsp;&nbsp; 0; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; # Ignore traffic from this entire class C.<br \/>#&nbsp; 192.168.10.4 &nbsp;&nbsp; 3 &nbsp;&nbsp; tcp; &nbsp; # Assign danger level 3 if protocol is tcp.<br \/>#&nbsp; 10.10.1.0\/24 &nbsp;&nbsp; 3 &nbsp;&nbsp; tcp\/1-1024;&nbsp; # Danger level 3 for tcp port range<\/p>\n<p># 82.96.96.0\/24 &nbsp; 0; # please.read.http.proxyscan.freenode.net<\/p><\/blockquote>\n<p>&nbsp;\uc704\ud5d8 \uc218\uc900\uc774 0\uc73c\ub85c \uc124\uc815\ub418\uba74 psad\ub294 \ud574\ub2f9 IP\uc8fc\uc18c\ub098 \ub124\ud2b8\uc6cc\ud06c\ub97c \uc644\uc804\ud788 \ubb34\uc2dc\ud55c\ub2e4. \ubc18\ub300\ub85c \ud2b9\uc815 IP \uc8fc\uc18c\ub098 \ub124\ud2b8\uc6cc\ud06c\uac00 \uadf9\ub3c4\ub85c \uc545\uc758\uc801\uc774\ub77c\uace0 \uc54c\ub824\uc9c0\ub294 \uacbd\uc6b0\uc5d0\ub294 \uc704\ud5d8 \uc218\uc900\uc744 5\ub85c \uc124\uc815\ud560 \uc218 \uc788\ub2e4.<\/p>\n<p><span style=\"font-weight: bold;\">&nbsp;* \/etc\/psad\/signatures<\/span><\/p>\n<p>&nbsp;\/etc\/psad\/signatures \ud30c\uc77c\uc740 \uc57d\uac04 \uc218\uc815\ub41c \uc2a4\ub178\ud2b8 \uaddc\uce59\uc744 \uc57d 200\uac1c \uc815\ub3c4 \ud3ec\ud568\ud55c\ub2e4. \uc774 \uaddc\uce59\ub4e4\uc740 psad\uac00 iptables \ub85c\uadf8 \uba54\uc2dc\uc9c0\ub85c\ubd80\ud130 \ubc14\ub85c \ud0d0\uc9c0\ud560 \uc218 \uc788\ub294 \uacf5\uaca9\uc744 \ub098\ud0c0\ub0b8\ub2e4. \uc774 \uaddc\uce59 \uc911 \uc5b4\ub5a4 \uac83\ub3c4 \ub124\ud2b8\uc6cc\ud06c \ud2b8\ub798\ud53d\uc5d0 \ub300\ud55c \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \uacc4\uce35 \uac80\uc0ac\ub97c \ud544\uc694\ub85c \ud558\uc9c0 \uc54a\ub294\ub2e4. \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \uacc4\uce35 \uac80\uc0ac\ub294 fwsnort \uac00 \uc218\ud589\ud55c\ub2e4. \uc774 \ud30c\uc77c\uc5d0 \uc788\ub294 \uaddc\uce59\uc744 \ud558\ub098 \uc608\ub85c \ub4e4\uba74 \ub2e4\uc74c\uacfc \uac19\ub2e4.<\/p>\n<blockquote><p>alert tcp $EXTERNAL_NET any -&gt; $HOME_NET 1080 (msg:&#8221;SCAN SOCKS Proxy attempt&#8221;; flags:S; reference:url,help.undernet.org\/proxyscan\/; classtype:attempted-recon; sid:615; rev:3; psad_dlevel:2)<\/p><\/blockquote>\n<p><span style=\"font-weight: bold;\">&nbsp;* \/etc\/psad\/snort_rule_dl<\/span><\/p>\n<p>&nbsp;\/etc\/psad\/auto_dl \uacfc \uc720\uc0ac\ud558\uac8c snort_rule_dl \ud30c\uc77c\uc740 psad\uac00 \uc2a4\ub178\ud2b8 \uaddc\uce58\uace0\uac00 \ub9e4\uce6d\ub418\ub294 \ubaa8\ub4e0 IP \uc8fc\uc18c\uc758 \uc704\ud5d8 \uc218\uc900\uc744 \uc790\ub3d9\uc73c\ub85c \uc124\uc815\ud558\uac8c \ud55c\ub2e4. \uc774 \ud30c\uc77c\uc758 \uad6c\ubb38\uc740 \ub2e4\uc74c\uacfc \uac19\ub2e4.<\/p>\n<blockquote><p># Syntax: Each non-comment line of this file contains a snort ID number, and<br \/># &nbsp; &nbsp; &nbsp; &nbsp; the corresponding psad danger level like so: &lt;sid&gt; &lt;danger level&gt;.<\/p><\/blockquote>\n<p>&nbsp; \uc704\ud5d8 \uc218\uc900\uc774 0\uc774\ub77c\uba74 psad\ub294 \ud574\ub2f9 \uc11c\uba85 \ub9e4\uce6d\uc744 \ubb34\uc2dc\ud558\uace0 \uc5b4\ub5a4 \uacbd\uace0\ub3c4 \uc804\uc1a1\ud558\uc9c0 \uc54a\ub294\ub2e4. \uc77c\ubd80 \uc11c\uba85 \ub9e4\uce6d\uc740 \ub2e4\ub978 \uac83\ubcf4\ub2e4 \ub354 \uc548 \uc88b\uc744 \uc218 \uc788\ub2e4. \uc608\ub97c \ub4e4\uc5b4 psad\uac00 \uc2a4\ub178\ud2b8 \uaddc\uce59 ID 1812(EXPLOIT gobbles SSH exploit attempt)\uc640 \ub9e4\uce6d\ub418\ub294 \ud2b8\ub798\ud53d\uc744 \ud0d0\uc9c0 \ud588\ub2e4\uba74 \uc774\ub294 \uc7a0\uc7ac\uc801\uc73c\ub85c \uc2a4\ub178\ud2b8 \uaddc\uce59 ID 469(ICMP PINGN MAP)\uc5d0 \ub300\ud55c \ub9e4\uce6d\ubcf4\ub2e4 \ud6e8\uc52c \ub354 \uc704\ud5d8\ud558\ub2e4. \ubb3c\ub860 \uace0\ube14\uc2a4(Gobbles) SSH \uacf5\uaca9\uc758 \ud6a8\uacfc\ub97c \uc81c\ud55c\ud558\ub294 \uac00\uc7a5 \uc88b\uc740 \uc804\ub7b5\uc740 \uc560\ucd08\uc5d0 \ucde8\uc57d\ud55c SSH \ub370\ubaac\uc744 \uc2e4\ud589\ud558\uc9c0 \uc54a\ub294 \uac83\uc774\uc9c0\ub9cc \uc774 \uacf5\uaca9\uc744 \ud0d0\uc9c0\ud558\ub294 \uac83\uc740 \uc5ec\uc804\ud788 \uc911\uc694\ud558\ub2e4. \ub2e4\uc74c\uacfc \uac19\uc774 \uc2a4\ub178\ud2b8 \uaddc\uce59 2284\uc640 \ub9e4\uce6d\ub418\ub294 IP \uc8fc\uc18c\uc758 \uc704\ud5d8 \uc218\uc900\uc744 3\uc73c\ub85c \uc124\uc815\ud560 \uc218 \uc788\ub2e4.<\/p>\n<blockquote><p>### The following example illustrates the syntax for Snort SID 2284<br \/>#2284 &nbsp; 3;<\/p><\/blockquote>\n<p><span style=\"font-weight: bold;\">&nbsp;* \/etc\/psad\/ip_options<\/span><\/p>\n<p>&nbsp;IP \ud5e4\ub354\uc758 \uc635\uc158 \ubd80\ubd84\uc774 IP \ud1b5\uc2e0\uc5d0\uc11c \uc790\uc8fc \uc0ac\uc6a9\ub418\uc9c0\ub294 \uc54a\uc9c0\ub9cc iptables\ub294 &#8211;log-ip-options \uba85\ub839 \ud589 \uc778\uc790\ub97c \uc774\uc6a9\ud574\uc11c IP \uc635\uc158\uc744 \uae30\ub85d\ud560 \uc218 \uc788\ub2e4. iptables \ub85c\uadf8 \uba54\uc2dc\uc9c0\uac00 IP \uc635\uc158\uc744 \ud3ec\ud568\ud558\ub294 \uacbd\uc6b0 psad\ub294 \uc18c\uc2a4 \ub77c\uc6b0\ud305(source routing) \uc2dc\ub3c4\uc640 \uac19\uc740 \uc218\uc0c1\ud55c \ud65c\ub3d9\uc5d0 \ub300\ud574 \uc774 \uc635\uc158\uc740 \uad6c\ubb38 \ubd84\uc11d\ud55c\ub2e4. \uc77c\ubd80 \uc2a4\ub178\ud2b8 \uaddc\uce59\uc740 IP \uc635\uc158\uc758 \uc758\uc2ec\uc2a4\ub7ec\uc6b4 \uc0ac\uc6a9\uc744 \uc815\uc758\ud558\uba70, psad\ub294 iptables \ub85c\uadf8 \uba54\uc2dc\uc9c0\uc758 IP \uc635\uc158\uc744 \ud574\uc11d\ud558\uae30 \uc704\ud574 \/etc\/psad\/ip_options \ud30c\uc77c\uc744 \ucc38\uc870\ud55c\ub2e4.<\/p>\n<p>&nbsp;* \/etc\/psad\/pf.os<\/p>\n<p>&nbsp;psad\ub294 \uc6d0\uaca9 \uc6b4\uc601\uccb4\uc81c\ub97c \uc218\ub3d9\uc801\uc73c\ub85c \ud551\uac70\ud504\ub9b0\ud305\ud558\uae30 \uc704\ud574 p0f \ud504\ub85c\uc81d\ud2b8\uc758 OS \ub370\uc774\ud130\ubca0\uc774\uc2a4\ub97c \uc0ac\uc6a9\ud55c\ub2e4. \uc774 \ub370\uc774\ud130\ubca0\uc774\uc2a4\ub294 psad\uac00 \/etc\/psad\/pf.os \ud30c\uc77c\uc5d0 \uc124\uce58\ud558\uba70, psad\ub294 \ucc98\uc74c \uc2dc\uc791\ud560 \ub54c(\ub610\ub294 psad\uac00 kill \uba85\ub839\uc5b4\ub098 psad -H\ub97c \ud1b5\ud574 \uc911\ub2e8[hangup]\uc774\ub098 HUP \uc2e0\ud638\ub97c \ubc1b\uc558\uc744 \ub54c) \uc774\ub97c \ubd88\ub7ec\uc628\ub2e4.<\/p>\n<p>&nbsp;\ub2e4\uc74c\uc740 \ub9ac\ub205\uc2a4\uc5d0 \ub300\ud55c p0f \ud551\uac70\ud504\ub9b0\ud2b8\uc758 \uc608\ub2e4.<\/p>\n<blockquote><p>S20:64:1:60:M*,S,T,N,W0: &nbsp; &nbsp; &nbsp;&nbsp; Linux:2.2:20-25:Linux 2.2.20 and newer<br \/>S22:64:1:60:M*,S,T,N,W0: &nbsp; &nbsp; &nbsp;&nbsp; Linux:2.2::Linux 2.2<br \/>S11:64:1:60:M*,S,T,N,W0: &nbsp; &nbsp; &nbsp;&nbsp; Linux:2.2::Linux 2.2<\/p><\/blockquote>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp;\ubaa8\ub4e0 psad \ub370\ubaac\uc740 \/etc\/psad \uc5d0 \uc787\ub294 \ud30c\uc77c psad.conf \ub97c \ucc38\uc870\ud558\uba70, \uc774 \ud30c\uc77c\uc740 \uac04\ub2e8\ud55c \uaddc\uc57d\uc744 \ub530\ub978\ub2e4. \uc8fc\uc11d\uc740 # \uae30\ud638\ub85c \uc2dc\uc791\ud558\uba70 \uc124\uc815 \ub9e4\uac1c\ubcc0\uc218\ub294 \ud0a4-\uac12 \ud615\uc2dd\uc73c\ub85c \uba85\uc2dc\ud55c\ub2e4. \uc608\ub97c \ub4e4\uc5b4 psad.conf \uc758 HOSTNAME \ubcc0\uc218\ub294 psad \uac00 \uc124\uce58\ub41c \uc2dc\uc2a4\ud15c\uc758 \ud638\uc2a4\ud2b8 \uba85\uc744 \uc815\uc758\ud55c\ub2e4. &nbsp;### Machine hostnameHOSTNAME &hellip; <a href=\"http:\/\/pchero21.com\/?p=732\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[63],"tags":[311,809],"_links":{"self":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts\/732"}],"collection":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=732"}],"version-history":[{"count":0,"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts\/732\/revisions"}],"wp:attachment":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=732"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=732"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=732"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}