LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
LinkBack Search this Thread
Old 08-21-2003, 04:17 PM   #1
gbj
Member
 
Registered: Jul 2003
Posts: 142

Rep: Reputation: 15
portsentry and email notifications


Well the header tells it all. I have installed portsentry and I have shorewall up and running. But I would like to receive notifications/alerts when my computer is scanned. How would I go about achieving this?
 
Old 08-21-2003, 06:30 PM   #2
Looking_Lost
Senior Member
 
Registered: Apr 2003
Location: Eire
Distribution: Slackware 12.0, OpenSuse 10.3
Posts: 1,120

Rep: Reputation: 45
You could use it's counter part Logcheck/Log Sentry in conjunction with Port Sentry, then the scans should show up in the emails that Log Check sends you.

Other than that don't think Port Sentry by itself can do it from my readng anyway


.....going to install Log Check myself and see how it goes.
 
Old 08-22-2003, 02:06 AM   #3
m0rl0ck
Member
 
Registered: Nov 2002
Distribution: A totally 133t distro :)
Posts: 358

Rep: Reputation: 31
Which portsentry are you using?
In the version im running this appears in the portsentry.conf file:

# External Command#
###################
# This is a command that is run when a host connects, it can be whatever
# you want it to be (pager, etc.). This command is executed before the
# route is dropped or after depending on the KILL_RUN_CMD_FIRST option below
#
#
# I NEVER RECOMMEND YOU PUT IN RETALIATORY ACTIONS AGAINST THE HOST SCANNING
# YOU!
#
# TCP/IP is an *unauthenticated protocol* and people can make scans appear out
# of thin air. The only time it is reasonably safe (and I *never* think it is
# reasonable) to run reverse probe scripts is when using the "classic" -tcp mode
.
# This mode requires a full connect and is very hard to spoof.
#
# The KILL_RUN_CMD_FIRST value should be set to "1" to force the command
# to run *before* the blocking occurs and should be set to "0" to make the
# command run *after* the blocking has occurred.
#
#KILL_RUN_CMD_FIRST = "0"
#
#
#KILL_RUN_CMD="/some/path/here/script $TARGET$ $PORT$"
#KILL_RUN_CMD="/bin/mail -s 'Portscan from $TARGET$ on port $PORT$' user@host <
/dev/null"

So just use the second KILL_RUN_CMD setting user@host to where you want the email to go and uncomment the KILL_RUN_CMD_FIRST = "0" line
 
Old 08-22-2003, 02:15 AM   #4
Looking_Lost
Senior Member
 
Registered: Apr 2003
Location: Eire
Distribution: Slackware 12.0, OpenSuse 10.3
Posts: 1,120

Rep: Reputation: 45
I stand corrected, silly me.
 
Old 08-22-2003, 07:14 AM   #5
gbj
Member
 
Registered: Jul 2003
Posts: 142

Original Poster
Rep: Reputation: 15
Thank you very much for the help, everything seems to be working now, i.e. Im aware of portscans
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
No email notifications... TheRealDeal LQ Suggestions & Feedback 3 04-21-2005 07:51 AM
Email notifications shut off by themselves? RolledOat LQ Suggestions & Feedback 2 11-14-2003 09:37 AM
how to change notification email for portsentry and how to test portsentry roorings Linux - Security 1 11-04-2003 10:36 AM
Email notifications Manadien LQ Suggestions & Feedback 4 07-22-2003 08:42 PM
Duplicate email notifications fatgod LQ Suggestions & Feedback 6 05-28-2002 02:33 AM


All times are GMT -5. The time now is 10:59 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration