This guide is based on various community forum posts.

This guide is intended as a relatively easy step by step guide to:

• Install CipherDyne PSAD Intrusion Detection and Log Analysis with iptables on openSUSE 11.1 or later.
• psad is a collection of three lightweight system daemons that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic. 

Requirements:

• Tested on openSUSE 11.1 or later.
• Should work on most RPM based ditro's.

1. Download and install the latest version of PSAD.

• Download and install the latest version from the Cipherdyne website.
• Visit the CipherDyne PSAD download page and select the correct .RPM version for your 32bit or 64bit version of openSuSE.
• To download and install the 64bit version click on the download link and install with YAST, or open a Terminal and enter the following as root :

mkdir /tmp/psad
cd /tmp/psad
wget http://www.cipherdyne.org/psad/download/psad-2.2-1.x86_64.rpm
rpm -ivh psad-2.2-1.x86_64.rpm 
cd ..
rm -R psad

2. Edit the PSAD configuration file. 

• Three main settings need to be set in the PSAD configuration file before we can complete the install, edit the others as required.
• open a Terminal Window and enter :

vi /etc/psad/psad.conf

• EMAIL_ADDRESSES - change this to your email address.
• HOSTNAME - this is set during install - but double check and change to a FQDN if needed.
• ENABLE_AUTO_IDS_EMAILS - set this to Y if you would like to receive email notifications of intrusions that are detected.

3. Add iptables LOG rules for both IPv4 and IPv6.

• For an explanation of this step click here.
• Add the following iptables policies :

iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG
ip6tables -A INPUT -j LOG
ip6tables -A FORWARD -j LOG

4. Reload and update PSAD.

• To restart, update the signature file and reload PSAD to complete the install open a Terminal Window and enter :

psad -R
psad --sig-update
psad -H

• To check the status of PSAD, open a Terminal Window and enter :

psad --Status