Installation notes:

IMPORTANT:
	psad makes use of drop/deny/reject messages that are generated
by ipchains or iptables, and appear in /var/log/messages.  Hence if
your firewall is not configured to drop/deny/reject packets (and log
them), then psad will NOT detect port scans.  Usually the best and most
secure way to configure your firewall is to first put the minimal rules 
needed to allow only necessary traffic to and from your machine, and 
then have a default drop/deny/reject-and-log rule toward the end of the 
firewall rulebase.  Some example firewall rulesets that are compatible
with psad are contained within the file FW.EXAMPLES.


	The functionality of psad is affected by the version of the 
Linux kernel on which the software is deployed.  For kernel versions 
2.2.x (and 2.0.x?) the built-in ipchains firewalling code does not have
any capability to log or distinguish any tcp flags other than syn, or ack.  
Hence, most of the tcp signatures included in psad_signatures cannot be 
detected by psad running on these kernel versions.  By contrast, the 
iptables firewalling code (see http://netfilter.kernelnotes.org) 
integrated within the 2.4.x kernels can distinguish all tcp flags and 
hence make the signature logic possible within psad.

	Before executing the install.pl script, edit the config sections
at the beginning of the psad, diskmond, kmsgsd, and install.pl scripts.
Sensible defaults are provided for each of the scripts so hopefully 
there will be a minimal number of things to change to get psad to work
on your system, but if system binaries are in places the scripts don't
know about then you will need to provide the correct paths.  After the
config sections are the way you want them, just run 'install.pl', and 
then run '/etc/rc.d/init.d/psad-init start' to start psad, kmsgsd, 
and diskmond, or just run them from the command line.  The install.pl
script installs psad, kmsgsd, and diskmond in /usr/local/bin/ by 
default.  

	Note: You can install a new version of psad over an
existing one; just run install.pl.  The installation script will
preserve any old configuration parameters when installing the new 
versions of psad, kmsgsd, and diskmond.  If you don't need/want any
old configurations to be preserved, just execute "./install.pl -n".
	
	Note: Even though it is a good idea to edit the config sections
of each of the programs included with psad, both install.pl and psad
attempt to use the correct system binaries even if an incorrect path
is given.  This is accomplished by simply using the path provided by
'which <system binary>' if the binary is not found in the place 
specified in the config section.

USAGE:

Usage: psad [-f] [-h] [-n] [-h]

        -no_preserve            - disable preservation of old configs.
        -exec_psad              - execute psad after installing.
        -firewallcheck          - disable firewall rules verification.
        -h                      - prints this help message.

