psadwatchd still not running and still firewall error after what I did #80
Description
Hi,
I've got 3 issues.
Problem 1:
[-] psad: psadwatchd is not running on
[+] psad_fw_read (pid: 2256306) %CPU: 0.0 %MEM: 1.8
Running since: Wed Nov 8 10:34:48 2023
[+] psad (pid: 2256284) %CPU: 0.5 %MEM: 2.2
Running since: Wed Nov 8 10:34:48 2023
I have set ENABLE_PSADWATCHD to Y and I have followed the guide here: https://carteryagemann.com/psad-on-pi.html
psadwatchd does indeed start and run, but stops running after a few seconds.
Problem 2:
I still have an issue with firewall as mentioned by psad:
psad --fw-analyze
[+] Parsing INPUT chain rules.
[+] Parsing INPUT chain rules.
[-] Errors found in firewall config.
emailed to root@localhost
[+] Results in /var/log/psad/fw_check
[+] Exiting.
I have added the rules following this scheme:
-A INPUT -j LOG --log-tcp-options --log-prefix "[IPTABLES] "
-A FORWARD -j LOG --log-tcp-options --log-prefix "[IPTABLES] "
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT
Unfortunately, psad still find errors. I don't know what to do as I'm a perfect dum with iptables as I only use ufw front-end.
Problem 3:
Why do I keep having 2 psad processes at the same time:
2275815 ? 00:00:00 psad
2275835 ? 00:00:00 psad
Thanks for your help.