|Portsentry Setup Guide|
x2xtreme's Portsentry Guide
What is portsentry?
Why would you need portsentry?
To install Portsentry first download the latest tarball from http://www.psionic.com/download/ and extract it. I have portsentry-1.0.tar.gz. So tar -zxvf portsentry-1.0.tar.gz. Then cd portsentry-1.0. Edit portsentry.ignore. In there put all hosts that you want portsentry to ignore, it's like the /etc/hosts.allow file..but it will all now a host to scan you and not set off portsentry. Also edit portsentry.conf which is okay by default but you an edit it so that is will not listen to a certain port, and if you have changed the location of portsentry. Next do a make linux or make whatver *nix you have.
Type make to see a supported *nix list. Do a make install to install it. To run portsentry type /usr/local/psionic/portsentry/portsentry - protocal. In most cases /usr/local/psionic/portsentry/portsentry -tcp. If you want it to start up on put then put the line "/usr/local/psionic/portsentry/portsentry -tcp" in your /etc/rc.d/rc.local file. After starting portsentry your logs should read:Mar 25 15:54:40 x2xtreme portsentry: adminalert: Going into listen mode on TCP port: 20034
Mar 25 15:54:40 x2xtreme portsentry: adminalert: PortSentry is now active and listening.
To test portsentry try to nmap, satan, or saint your box. You should get some like this:Mar 25 15:57:51 x2xtreme portsentry: attackalert: Host: 192.168.0.2 is already blocked. Ignoring
Mar 25 15:57:51 x2xtreme portsentry: attackalert: Connect from host: x2x/192.168.0.2 to TCP port: 1
After which check /etc/hosts.deny, /usr/local/psionic/portsentry/portsentry.ignore, and /usr/local/psionic/portsentry/portsentry.blocked.tcp to see if that host is listed in them files. If they are then you did everything right.
Having trouble? Got questions? Require further assistance? If so please feel free to visit our Help Forums and ask the experts!
Copyright © 1997 - 2014 Private World Domination Inc. All rights reserved.