How to install PortsEntry on linux server PortsEntry

Ideal place for discussions related to Linux/Windows server security, Apache, MySQL, MS SQL and PHP, including tutorials and questions.
hrdedicated
Site Admin
Posts: 50
Joined: Thu May 30, 2013 10:28 pm

How to install PortsEntry on linux server PortsEntry

Postby hrdedicated » Sat Jun 01, 2013 12:08 pm

Install PortsEntry

Introduction:

Firewalls help us to protect our network from unsolicited intrusions. Using them we can choose which ports we want to be open and which one's we dont. Information is kept private by your organization and responsibility of individuals asociated. Nobody from the outside implicitly knows this information, but attackers know as well as spammers, that for some kind of attacks you can use a special program to scan all the ports on a server to glean this valuable information i.e. what is open and what is not.

A port scan is a symptom of a larger problem coming your way. It is often the pre-cursor for an attack and is a critical piece of information for properly defending your information resources. PortSentry is a program designed to detect and respond to port scans against a target host in real-time and has a number of options to detect port scans. When it finds one it can react in the following ways:

A log indicating the incident is made via syslog().
The target host is automatically dropped into /etc/hosts.deny for TCP Wrappers.
The local host is automatically re-configured to route all traffic to the target to a dead host to make the target system disappear.
The local host is automatically re-configured to drop all packets from the target via a local packet filter.
The purpose of this is to give an admin a heads up that their host is being probed.


Installation Steps:

1. Login as root and fire following cmds
2. mkdir /root/download
3. cd /root/download
4. wget http://sourceforge.net/projects/sentryt ... z/download
5. tar xvfz portsentry-1.2.tar.gz
6. cd portsentry_beta/
7 make
8. make install



Edit /etc/portsentry/portsentry.conf and specify the ports you want portsentry to protect:

# Un-comment these if you are really anal:
#TCP_PORTS="1,7,9,11,15,70,79,80,109,110,111,119,138,139,143,512,513,514,515,540,635,1080,1524,2000,[...]"
#UDP_PORTS="1,7,9,66,67,68,69,111,137,138,161,162,474,513,517,518,635,640,641,666,700,2049,31335,[...]"
#
# Use these if you just want to be aware:
TCP_PORTS="1,11,15,79,111,119,143,540,635,1080,1524,2000,5742,6667,12345,12346,20034,27665,31337,[...]"
UDP_PORTS="1,7,9,69,161,162,513,635,640,641,700,37444,34555,31335,32770,32771,32772,32773,32774,[...]"
#
# Use these for just bare-bones
#TCP_PORTS="1,11,15,110,111,143,540,635,1080,1524,2000,12345,12346,20034,32771,32772,32773,32774,[...]"
#UDP_PORTS="1,7,9,69,161,162,513,640,700,32770,32771,32772,32773,32774,31337,54321"
It should be ports that are not in use on the system. E.g., if you use IMAP (port 143 TCP) on the server you should remove 143 from the list above. The rest of portsentry.conf is well commented, but normally the default values should work.

9. To launch portsentry

/usr/sbin/portsentry –stcp
/usr/sbin/portsentry –sudp



Installation complete.

Return to “System Security”

Who is online

Users browsing this forum: No registered users and 1 guest