Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am running Gentoo 2.6 kernel, with latest iptables and portsentry. I have setup portsentry exactly as the man page said and it doesn't work. I have used port scan tests from grc.com and from other hosts, and portsentry is not blocking them. Here is a sniplet of what /etc/portsentry/portsentry.history shouts about:
This is from the portsentry.conf:
KILL_ROUTE="/usr/local/bin/iptables -I INPUT -s $TARGET$ -j DROP"
that is suppose to take the above lines and block them I had to changed iptables to be /sbin/iptables because thats where it is for me.
It is running in tcp udp mode.
KILL_ROUTE="/bin/echo $TARGET$ >> /etc/hosts.deny"
is what I put in the config file. Is that right?
I scanned again from grc.com and it didn't block it .
it looked like it added
ALL: 207.33.111.37 : DENY
ALL: 82.96.96.3 : DENY
ALL: 204.1.226.228 : DENY
to /etc/hosts.deny
but no action has been taken when I rerun the scan
This is cut from /var/log/messages
so I know its started correctly and is binding to each port that I set.
Does anyone know what I should do?
Aug 2 00:01:46 athlon postfix/qmgr[3162]: BCA781608038: removed
Aug 2 00:01:54 athlon portsentry[3035]: securityalert: PortSentry is shutting down
Aug 2 00:01:54 athlon portsentry[3035]: adminalert: PortSentry is shutting down
Aug 2 00:01:54 athlon portsentry[3037]: securityalert: PortSentry is shutting d
Aug 2 13:22:55 athlon portsentry[3038]: securityalert: PortSentry is shutting d
own
Aug 2 13:22:55 athlon portsentry[3038]: adminalert: PortSentry is shutting down
Aug 2 13:22:55 athlon portsentry[3040]: securityalert: PortSentry is shutting d
own
Aug 2 13:22:55 athlon portsentry[3040]: adminalert: PortSentry is shutting down
Aug 2 13:22:56 athlon portsentry[8867]: adminalert: PortSentry 1.2 is starting.
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 1
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 7
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 9
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 69
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 161
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 162
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 513
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 635
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 640
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 641
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 700
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 37444
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 34555
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 31335
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 32770
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 32771
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 32772
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 32773
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 32774
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 31337
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: Going into listen mode on U
DP port: 54321
Aug 2 13:22:56 athlon portsentry[8868]: adminalert: PortSentry is now active an
d listening.
Aug 2 13:22:56 athlon portsentry[8869]: adminalert: PortSentry 1.2 is starting.
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 1
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 11
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 15
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 79
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 111
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 119
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 143
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 540
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 635
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 1080
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 1524
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 2000
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 5742
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 6667
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 12345
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 12346
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 20034
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 27665
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 31337
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 32771
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 32772
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 32773
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 32774
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 40421
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 49724
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: Going into listen mode on T
CP port: 54320
Aug 2 13:22:56 athlon portsentry[8870]: adminalert: PortSentry is now active an
d listening.
Thats what shows. it appears to work perfectly.
For now I made a script using snort that will add everything it finds in the /var/log/snort directory to iptables (a sorry sub.)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.