Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

psad: pid file /var/run/psad/psadwatchd.pid does not exist for psadwatchd on ... #61

Closed
moltenbit opened this issue Nov 7, 2020 · 6 comments
Closed

psad: pid file /var/run/psad/psadwatchd.pid does not exist for psadwatchd on ... #61

moltenbit opened this issue Nov 7, 2020 · 6 comments
Assignees
@imthenachoman
Labels
help wanted Extra attention is needed

Comments

@moltenbit
Copy link
Contributor

Hi,
I followed your guide and ran into the following problem when using psad -R :

/etc/psad# ufw reload
Firewall reloaded
root@server:/etc/psad# psad -R
[-] psad: pid file /var/run/psad/psadwatchd.pid does not exist for psadwatchd on server
[+] Stopping psad, pid: 1491
[+] Stopping psad_fw_read, pid: 1492
[+] Restarting psad daemons on
@moltenbit
Copy link
Contributor Author

moltenbit commented Nov 7, 2020
edited
Loading

This helped: https://carteryagemann.com/psad-on-pi.html
But when using psad -H it still says [-] psadwatchd daemon not running.

@imthenachoman imthenachoman self-assigned this Dec 15, 2020
@imthenachoman imthenachoman added the help wanted Extra attention is needed label Dec 15, 2020
@imthenachoman
Copy link
Owner

So it looks like you have to set another setting for psadwatchd to start. I will update the guide.

imthenachoman added a commit that referenced this issue Dec 15, 2020
@imthenachoman
#61
0cde923
@DevLomoSE
Copy link

This helped: https://carteryagemann.com/psad-on-pi.html
But when using psad -H it still says [-] psadwatchd daemon not running.

in the config file adding (/etc/psad/psad.conf):
ENABLE_PSADWATCHD Y;
and then follow the instructions at https://carteryagemann.com/psad-on-pi.html
worked for me

@imthenachoman
Copy link
Owner

Yup. I added the ENABLE_PSADWATCHD thing to my guide.

@faxotherapy
Copy link

faxotherapy commented Nov 8, 2023
edited
Loading

HIi, I'm still having the “psad: psadwatchd is not running on” after I added “ENABLE_PSADWATCHD Y;” and followed the above guide.

I also correctly added this in before.rules:

# log all traffic so psad can analyze
-A INPUT -j LOG --log-tcp-options --log-prefix "[IPTABLES] "
-A FORWARD -j LOG --log-tcp-options --log-prefix "[IPTABLES] "

However, I still see:

psad --fw-analyze
[+] Parsing INPUT chain rules.
[+] Parsing INPUT chain rules.
[-] Errors found in firewall config.
    emailed to root@localhost
[+] Results in /var/log/psad/fw_check
[+] Exiting.

Mail shows:

You may just need to add a default logging rule to the 'filter' 'INPUT' chain on

I'm not good with iptables.

@faxotherapy
Copy link

I'm still having the “psad: psadwatchd is not running on” after I added “ENABLE_PSADWATCHD Y;”

psadwatchd does indeed start and run, but stops running after a few seconds. Is it expected?

psad --fw-analyze
[+] Parsing INPUT chain rules.
[+] Parsing INPUT chain rules.
[-] Errors found in firewall config.
emailed to root@localhost
[+] Results in /var/log/psad/fw_check
[+] Exiting.

This is due to the fact I set IPV6 to no in /etc/default/ufw file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@imthenachoman imthenachoman

Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@imthenachoman @faxotherapy @moltenbit @DevLomoSE