Hi Sven, Hmm, my mistake, I misread your email. I remove the pending tag.
I have investigated a bit more and unfortunately I am unable to
reproduce your problem with psad 2.2-3, psad 2.2.3 and psad 2.4.3 in
unstable.
I always get something like that:
service psad status; echo $?
● psad.service - LSB: Port Scan Attack Detector (psad)
Loaded: loaded (/etc/init.d/psad; generated; vendor preset: enabled)
Active: active (running) since dim. 2016-09-25 22:26:03 CEST; 1min
35s ago
Docs: man:systemd-sysv-generator(8)
CGroup: /system.slice/psad.service
├─22682 /usr/bin/perl -w /usr/sbin/psad
└─22684 /usr/sbin/psadwatchd -c /etc/psad/psad.conf
sept. 25 22:26:03 stormtrooper psad[22654]: imported p0f-based passive
OS fingerprinting signatures
sept. 25 22:26:03 stormtrooper psad[22654]: imported TOS-based passive
OS fingerprinting signatures
sept. 25 22:26:03 stormtrooper psad[22654]: imported original Snort
rules in /etc/psad/snort_rules/ for reference info
sept. 25 22:26:03 stormtrooper psad[22654]: imported 205 psad Snort
signatures from /etc/psad/signatures
sept. 25 22:26:03 stormtrooper psad[22648]: Possible precedence issue
with control flow operator at /usr/sbin/fwcheck_psad line 193.
sept. 25 22:26:03 stormtrooper psad[22648]: Starting Port Scan Attack
Detector: psad.
sept. 25 22:26:03 stormtrooper systemd[1]: Started LSB: Port Scan Attack
Detector (psad).
sept. 25 22:27:14 stormtrooper psad[22682]: scan detected: 192.168.1.81
-> 192.168.1.14 tcp: [1234-1235] flags: SYN tcp pkts: 2 DL: 1
sept. 25 22:27:19 stormtrooper psad[22682]: scan detected: 192.168.1.81
-> 192.168.1.14 tcp: [1236-1237] flags: SYN tcp pkts: 2 DL: 1
sept. 25 22:27:24 stormtrooper psad[22682]: scan detected: 192.168.1.81
-> 192.168.1.14 tcp: [1238] flags: SYN tcp pkts: 1 DL: 1
0
Current psad in unstable returns either 0 or 3, which is fine.
http://refspecs.linuxfoundation.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html
Do you still have the problem?
Regards,
--
Franck
signature.asc
Description: OpenPGP digital signature
