LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 03-30-2006, 06:55 AM   #1
gabsik
Member
 
Registered: Dec 2005
Location: italia
Distribution: Debian etch stable
Posts: 534

Rep: Reputation: 30
Talking portsentry separate logs and TCPwrappers


I have a debian sarge 3.1 2.6 stable and i have installed portsentry with APT .I want portsentry to have a separate log file but the only documentation i have found related to this subject it is about portsentry.tar.gz where you have to modify a Makefile to rich this,if i'm not wrong!How can i have separate LOGS for portsentry?Then i wanted to ask what is the point for portsentry to list dynamic ips in tcpwrappers?

Grazie!

Last edited by gabsik; 03-30-2006 at 06:58 AM.
 
Old 03-30-2006, 07:02 AM   #2
gabsik
Member
 
Registered: Dec 2005
Location: italia
Distribution: Debian etch stable
Posts: 534

Original Poster
Rep: Reputation: 30
Talking portsentry separate logs and TCPwrappers

I answer to myself cause i read a related topic it's obvious i have to go and modify syslod.conf how shall i call portsentry to mention it in syslog.conf ?A sort of local/n !What's the proper way of doing it?
grazie!
GGG
 
Old 03-30-2006, 09:35 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,543
Blog Entries: 51

Rep: Reputation: 2606Reputation: 2606Reputation: 2606Reputation: 2606Reputation: 2606Reputation: 2606Reputation: 2606Reputation: 2606Reputation: 2606Reputation: 2606Reputation: 2606
i have to go and modify syslod.conf how shall i call portsentry to mention it in syslog.conf ?
Yes, you'll have to recompile Portsentry to use the a syslog facility (LOCAL).
Then find a free "local" facility slot in your /etc/syslog.conf where n is between zero and 7. Example:
local7.*<TAB><TAB>/var/log/portsentry.log
Make sure you honour tab usage equally to the rest of your syslog.conf lines. Restart syslog. Ready.


* BTW, there's not much software I would advice against using, but Portsentry sure is one application that is deprecated: use Snort. If you want to know more details please search this forum for posts I made plus the term portsentry.
 
Old 03-30-2006, 03:44 PM   #4
gabsik
Member
 
Registered: Dec 2005
Location: italia
Distribution: Debian etch stable
Posts: 534

Original Poster
Rep: Reputation: 30
How do i compile it if i have installed portsentry with APT ?It would not be enough just to mension the local/n in syslog.conf !

Last edited by gabsik; 03-30-2006 at 03:46 PM.
 
Old 03-31-2006, 05:01 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,543
Blog Entries: 51

Rep: Reputation: 2606Reputation: 2606Reputation: 2606Reputation: 2606Reputation: 2606Reputation: 2606Reputation: 2606Reputation: 2606Reputation: 2606Reputation: 2606Reputation: 2606
How do i compile it if i have installed portsentry with APT ?
Like manually? Download sourcecode tarball from Sourceforge.
 
Old 04-05-2006, 08:08 AM   #6
gabsik
Member
 
Registered: Dec 2005
Location: italia
Distribution: Debian etch stable
Posts: 534

Original Poster
Rep: Reputation: 30
I wish doing it on the one i already have installed ...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Dovecot and tcpwrappers in FC3? jonsson Fedora 1 08-09-2010 03:53 AM
syslogd and named logs - separate file slimak Debian 3 11-16-2004 01:51 AM
Separate firewall logs and general logs dominant Linux - General 3 04-20-2004 01:26 AM
Do I need an firewall if I set my tcpwrappers like this? rbrasil Linux - Security 7 12-18-2003 10:19 AM
how to change notification email for portsentry and how to test portsentry roorings Linux - Security 1 11-04-2003 10:36 AM


All times are GMT -5. The time now is 10:34 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration