Linux Help

Portsentry Setup Guide   
Printable Version

x2xtreme's Portsentry Guide
Created on April 9th, 2000.

What is portsentry?
PortSentry is a tcpwrapper that listens for port scans, which can be used to send back fake ping replys.

Why would you need portsentry?
If you are paranoid with someone port scanning your box or you don't want people to see what services you are running then portsentry is a cool app. In event of a nmap scan to your box it will go into attack alert and send back fake responses,,and also put the host from which the scan came from in /etc/host.deny. It also leaves dumps alot in your /var/log/messages to make port scans more easily readable in your logs.

To install Portsentry first download the latest tarball from http://www.psionic.com/download/ and extract it. I have portsentry-1.0.tar.gz. So tar -zxvf portsentry-1.0.tar.gz. Then cd portsentry-1.0. Edit portsentry.ignore. In there put all hosts that you want portsentry to ignore, it's like the /etc/hosts.allow file..but it will all now a host to scan you and not set off portsentry. Also edit portsentry.conf which is okay by default but you an edit it so that is will not listen to a certain port, and if you have changed the location of portsentry. Next do a make linux or make whatver *nix you have.

Type make to see a supported *nix list. Do a make install to install it. To run portsentry type /usr/local/psionic/portsentry/portsentry - protocal. In most cases /usr/local/psionic/portsentry/portsentry -tcp. If you want it to start up on put then put the line "/usr/local/psionic/portsentry/portsentry -tcp" in your /etc/rc.d/rc.local file. After starting portsentry your logs should read:

Mar 25 15:54:40 x2xtreme portsentry[20391]: adminalert: Going into listen mode on TCP port: 20034
Mar 25 15:54:40 x2xtreme portsentry[20391]: adminalert: PortSentry is now active and listening.

To test portsentry try to nmap, satan, or saint your box. You should get some like this:

Mar 25 15:57:51 x2xtreme portsentry[20418]: attackalert: Host: 192.168.0.2 is already blocked. Ignoring
Mar 25 15:57:51 x2xtreme portsentry[20418]: attackalert: Connect from host: x2x/192.168.0.2 to TCP port: 1

After which check /etc/hosts.deny, /usr/local/psionic/portsentry/portsentry.ignore, and /usr/local/psionic/portsentry/portsentry.blocked.tcp to see if that host is listed in them files. If they are then you did everything right.


Having trouble? Got questions? Require further assistance? If so please feel free to visit our Help Forums and ask the experts!


Copyright © 1997 - 2014 Private World Domination Inc. All rights reserved.
Linux is a registered trademark of Linus Torvalds. All other trademarks and copyrights are the property of their respective owners.
| Contact Us | Link to Us | RSS Feed | Staff |

DNS Hosting by easyDNS