Each psad release usually includes an updated signature set bundled within the psad tar archive or RPM file as the "signatures" file. Signature development is an ongoing process, however, and in some cases a new signature is developed for psad well before the next release is available.
In order for people to make use of the signature as quickly as possible, the latest signature set is published at http://www.cipherdyne.org/psad/ signatures. With the psad --sig-update command-line argument, psad downloads and places this file in the filesystem at /etc/psad/signatures, as shown in the following output:
[iptablesfw]# psad --sig-update
[+] Archiving original /etc/psad/signatures -> signatures.old1 [+] Downloading latest signatures from:
=> 'signatures' Resolving www.cipherdyne.org... 184.108.40.206 Connecting to www.cipherdyne.org|220.127.116.11|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 45,078 (44K) [text/plain]
100%[==========================================>] 45,078 74.63K/s
03:19:17 (74.46 KB/s) - 'signatures' saved [45078/45078]
[+] New signature file /etc/psad/signatures has been put in place You can restart psad (or use 'psad -H') to import the new signatures.
As you can see, the latest signature set has been downloaded and you can either restart psad altogether with the init script (/etc/init.d/psad restart) or send the running psad daemon a HUP signal (psad -H) so that it will import the new signature set.
Was this article helpful?