Linux PortSentry
SCAN TRIGGER=”0″
# Port Banner Section*
IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII Illltt #
# Enter text in here you want displayed to a person tripping the PortSentry.
# I *don’t* recommend taunting the person as this will aggravate them.
# Leave this commented out to disable the feature
#
# Stealth scan detection modes don’t use this feature
#
PORT_BANNER=”** UNAUTHORIZED ACCESS PROHIBITED *** YOUR CONNECTION ATTEMPT HAS BEEN LOGGED. GO AWAY.”
#EOF
Now, we must check/change its default permission for security reasons: [root@deep /]# chmod 600 /usr/psionic/portsentry/portsentry.conf
Configure the “/usr/psionic/portsentry/portsentry.ignore” file
The 7usr/psionic/portsentry/portsentry.ignore” file is where you add in any host you want to have ignored if it connects to a tripwired port. This should always contain at least the Iocaihost (127.0.0.1) and the IP’s of the local interfaces (lo). It is not recommend that you put in every IP on your network.
Edit the portsentry.ignore file (vi /usr/psionic/portsentry.ignore) and add in any host you want to have ignored if it connects to a tripwired port:
# Put hosts in here you never want blocked. This includes the IP addresses
# of all local interfaces on the protected host (i.e virtual host, mult-home)
# Keep 127.0.0.1 and 0.0.0.0 to keep people from playing games.
127.0.0.1 0.0.0.0
Now, we must check/change its default permission for security reasons: [root@deep /]# chmod 600 /usr/psionic/portsentry/portsentry.ignore
Start up PortSentry
The PortSentry program can be configured in six different modes of operation, but be aware that only one protocol mode type can be started at a time. To be more accurate, you can start one TCP mode and one UDP mode, so two TCP modes and one UDP modes, for example, doesn’t work. The available modes are:
• portsentry -tcp (basic port-bound TCP mode)
• portsentry -udp (basic port-bound UDP mode)
• portsentry -step (Stealth TCP scan detection)
• portsentry -atcp (Advanced TCP stealth scan detection)