I am setting up a Linux home server and several guides recommend using psad to detect intrusion attempts. These guides explain in detail how to set up psad and receive alert emails when port scans are detected. However, they do not explain how to react to these alert emails.
When a scan happens, what should I do? If there is something I should do manually, shouldn't it be automated? After all, the security of my server shouldn't depend on my ability to pay immediate attention to it. If that's the case, what's the point of alert emails?
Asked by 303
(145 rep)
Apr 11, 2023, 09:06 AM
Last activity: Apr 11, 2023, 11:06 AM
Last activity: Apr 11, 2023, 11:06 AM