search for: portsentry

I'm running CentOS 4 with Blue Quartz on a white box, and having problems with installing Portsentry vi the .tar.gz route. Various errors, etc. Anyone here know of a source, like an RPM or something, for Portsentry for CentOS? ... or a similar app? thnx, Manny

...I decided to share. Hope it helps someone, and comments or suggestions are always welcome. 1. Overview: Shorewall accepts traffic on ports that I consider "hostile" (i.e. ports on which I would NEVER expect to see connections) and redirects them to a single high port on which Portsentry is listening. Portsentry in turn uses a custom shell script to block the offending IP address (using the "shorewall drop" command) and schedule an "at" job for 5 days later unblocking the offender (using the "shorewall allow" command). This ensures that I don'&...

I installed portsentry and am using it with shorewall. I followed the HOWTO posted here, and I have it working together, I have gotten about 4 emails saying such IP is blocked for 5 days. However, in the /etc/portsentry dir, the only files in there are: portsentry.conf portsentry.ignore portsentry.temp.block There are...

Just dropping a note, I've built CentOS4 friendly RPMs (as well as RHEL4 and FC4) of two of my favourite tools, PortSentry and ProFTPd: ftp://ftp.pbone.net/mirror/ftp.falsehope.net/home/tengel/portsentry/CentOS4/ ftp://ftp.pbone.net/mirror/ftp.falsehope.net/home/tengel/proftpd/CentOS4/ PortSentry is built using the last known (RedHat 9 based) SPEC/patches from FreshRPMS, updated to apply with the latest known versio...

Hello, i use shorewall for a very long time (2 years or so) and i use it for nat and as firewall....i now use portsentrys to detect portscans but there is one problem...i use the HOWTO from the shorewall mailing list to make portsentry and shorewall work together....but there is one prob portscans get detected and a drop rule is added to shorewall for example shorewall drop 62.178.xxx.xx the shorewall entry...

I'm having some trouble with portsentry on CentOS. I've installed it and configured it to ignore my network. However, every 20 minutes, it reloads my iptables and basically kills any SSH sessions, etc. Any suggestions? Thanks, Todd -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lis...

...ch-o-matic for iptables to be able to do the portscan detection in firewall... but, that doesen''t feel like ''CentOS way'' (because I have to build a cusom kernel) unless there is some kernel (even 3rd part, unsuported/etc.) that already has this in... Also I know of the portsentry tool, but the project seems pretty much dead after Cisco bought Psyonic... and again is not on up2date''s list... I intend to use Snort, though I hope that it won''t share portsentry''s fate and become extinct after Check Point''s acquisition of Sourcefire will be c...

...-logic perhaps being you just symlink however you want. Now having a time to spare, I appeal to you with paypal beer $. I'd like to of course script this specifically for centos. I have firewall rules and other protections, but it's (denyhosts) too cool to pass up. reminds me a bit of portsentry, or whatever they call it now, tri-sentry, maybe it's quad-sentry now or... I can also trade you some mega-spiffy ultra-detailed centos build scripts for tomcat servers, squid machines, etc. -krb

I have been getting a lot of dictionary attacks against my server and want to automatically add the IP address of the offender when their failed SSH login attempts are equal to five or more. I was just going to write a dumb BASH script to do this unless there is a more intelligent way? Eric

..., Feb 3, 2010 at 2:40 PM, Geoff Galitz <geoff at galitz.org> wrote: > > > > Should it be running, or not? > > > > > > >root at mercury:[~]$ netstat -ap --inet | grep rpc > > >tcp 0 0 *:sunrpc *:* > LISTEN 6458/portsentry > > >udp 0 0 localhost:filenet-rpc localhost:filenet-rpc > ESTABLISHED 1980/postmaster > > > > > > It looks like you need to deconfigure portsentry from listening on that > port and then you should be good to go. IOW, portsentry is ok to run, bu...

...------- Argument "4444'service' option expects either the name of a filter" isn't numeric in numeric ge (>=) at /etc/log.d/scripts/services/pam_unix line 42, <STDIN> line 20. ?---------------------- pam_unix End ------------------------- ?--------------------- PortSentry Begin ------------------------ Argument "4444'service' option expects either the name of a filter" isn't numeric in numeric ge (>=) at /etc/log.d/scripts/services/portsentry line 78. ?---------------------- PortSentry End ------------------------- ?------------------...

I have a 3 nic setup with shorewall 1.4.8-1 running on redhat 9. My eth2 (dmz zone)has 7 secondary address attached to it. I can ping a machine in each subnet, dmz to net rules seem to be working fine on all machines.. I have my policy set as dmz to dmz accept. If I try to ping between subnets I get Nov 21 12:18:45 kbeewall kernel: Shorewall:FORWARD:REJECT:IN=eth2 OUT=eth2 SRC=172.17.0.2

as subject

I have a little home network with one Windows 98 PC and a pc running linux. My idea is that as soon as DSL is finally made available to my area (which I keep getting told will be real soon now) I want to route it through the linux box and up to the Windows PC, using IP masquerading, etc. At present I have samba enabled on the unix box which opens up several worthwhile conveniences to me:

So I have been reading the ssh attack thread and finally want to ask about something. I doubt there is a program like this, but I would love to have a program that listens at common ports that I do not use at all...and only allow that program to listen to it, especially the usual ssh port (using a different one for real ssh)... That program would then, upon receiving a 'sniff' or

Hi, Is there a security problem with ssh that I've missed??? Ik keep getting these hords of: Failed password for root from 69.242.5.195 port 39239 ssh2 with all kinds of different source addresses. They have a shot or 15 and then they are of again, but a little later on they're back and keep clogging my logs. Is there a "easy" way of getting these ip-numbers added to

Can anyone recommend an opensource package (preferably something centos 4X compatible) that can be used on a (iptables) firewall to block virus/trojan, etc? And maybe something for intrusion detection? Thanks! Dnk

On that Portsentry subject, anybody ran across an updated hostsentry rpm? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20050915/f5133636/attachment.html> -------------- next part -------------- A non-text attachment was sc...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ok...did some checking. I forgot to mention that I killed dead syslogd. Not just a -HUP but an actual kill and restarted. I did this several times. I was trying to get something else to work. Anyway, I killed it again this morning and restarted. The infect message went away immediately. Could this have been the problem? -

Hi, I have seen this come up in a couple of threads, but nothing recent. I was wondering a couple of things and was hoping someone could clarify. I have an existing working shorewall configuration (Details at end of post). >From within this config, I have a few ports redirected for use with portsentry (like the mini-howto directs forbidden port accesses to port 49999). This works correctly, and I receive notifications, and drops are saved to the /var/lib/shorewall/save file. It appeared as if everything is behgaving normally, but I wanted to know what ports people were hitting, so I turned o...