similar to: Portsentry cause IPTable Reloads

I installed portsentry and am using it with shorewall. I followed the HOWTO posted here, and I have it working together, I have gotten about 4 emails saying such IP is blocked for 5 days. However, in the /etc/portsentry dir, the only files in there are: portsentry.conf portsentry.ignore portsentry.temp.block There are no files that should be there like: portsentry.history portsentry.block -

Hi, all: This is just a note and suggestion, not a question; but I really like this system and thought it might be useful to others so I decided to share. Hope it helps someone, and comments or suggestions are always welcome. 1. Overview: Shorewall accepts traffic on ports that I consider "hostile" (i.e. ports on which I would NEVER expect to see connections) and redirects

Just dropping a note, I've built CentOS4 friendly RPMs (as well as RHEL4 and FC4) of two of my favourite tools, PortSentry and ProFTPd: ftp://ftp.pbone.net/mirror/ftp.falsehope.net/home/tengel/portsentry/CentOS4/ ftp://ftp.pbone.net/mirror/ftp.falsehope.net/home/tengel/proftpd/CentOS4/ PortSentry is built using the last known (RedHat 9 based) SPEC/patches from FreshRPMS, updated to apply

I'm running CentOS 4 with Blue Quartz on a white box, and having problems with installing Portsentry vi the .tar.gz route. Various errors, etc. Anyone here know of a source, like an RPM or something, for Portsentry for CentOS? ... or a similar app? thnx, Manny

Hello, i use shorewall for a very long time (2 years or so) and i use it for nat and as firewall....i now use portsentrys to detect portscans but there is one problem...i use the HOWTO from the shorewall mailing list to make portsentry and shorewall work together....but there is one prob portscans get detected and a drop rule is added to shorewall for example shorewall drop 62.178.xxx.xx

Just to clarify, I'm looking at this from an application layer Point of View. One of the reasons why I'm looking at it that way, is because Tim said he was looking at LinuxHA..."application level" redundancy that uses IP. Tim, just to let you know, I don't believe that LinuxHA will work in the way you described, only because of the different IP ranges. It looks like Linux

I have a database server that is running out of space. All my databases are being stored in a 80G /opt partition. Because I'm using LVM, wouldn't I be able to pop the HDDs (a h/w raid volume) in, add it to the LVM, and resize my ext3 /opt partition? Everything that I've been reading says this is possible, but I'm not sure. Has anyone done this and are there any pitfalls to

I'm trying to create an initialization scrip in the /etc/init.d/. Of course, the one I have is failing! At the top of the other initialization scripts in the same directory, there is are two lines, the chkconfig and description # chkconfig: 2345 55 25 # description: OpenSSH server daemon On the check config line, what are the numbers/attributes that follow? If I'm creating an

On Wed, Feb 3, 2010 at 2:40 PM, Geoff Galitz <geoff at galitz.org> wrote: > > > > Should it be running, or not? > > > > > > >root at mercury:[~]$ netstat -ap --inet | grep rpc > > >tcp 0 0 *:sunrpc *:* > LISTEN 6458/portsentry > > >udp 0 0 localhost:filenet-rpc localhost:filenet-rpc

Hello everyone, I need a little help finding an issue one of my machines. I have 4 setup all the same way and just this one gives the errors. Here are the errors from Logwatch; ?################### LogWatch 5.2.2 (06/23/04) #################### ?--------------------- Arpwatch Begin ------------------------ Argument "4444'service' option expects either the name of a

Hi all, I appologise in advance if this is a little OT, but I am building a box that will serve as firewall and router for a small ''internet cafe / netcafe'' and am using CentOS... So here it is: What are the best tools to be used for keeping the potential script kiddies from ''harming the Internet'' :) ? I specifically want to be able to detect and prevent

https://bugzilla.netfilter.org/show_bug.cgi?id=1480 Bug ID: 1480 Summary: SLES15 Default Iptable rule causing issue Product: iptables Version: 1.6.x Hardware: x86_64 OS: SuSE Linux Status: NEW Severity: enhancement Priority: P5 Component: iptables Assignee: netfilter-buglog at

Hi, after reading the docs (no man page) and seeing a few example howtos, I see none for Centos specifically. I hereby offer to write this and even host it, and any other wiki-able howto you want, if you can school me on the first few steps relevant to how to link up the current rpmforge rpm for RHEL4-64. See, right now, the one for centos loads into the /usr/share/doc, which is an odd place

I''m pretty new to Ruby On Rails (and somewhat self-taught), so bear with me if I''m asking something stupid. So whenever I push my download button (which just uses send_file, if that''s any help) it reloads the page, without downloading, and it puts the authenticity_token in the url. This all the button is: <% form_remote_tag :url => { :action =>

I have a legacy ISDN PBX (Network Alchemy Argent Office) connected to Span 2 of a Digium Wildcard TE205P. Recently Calls from this PBX have been failing with ISDN Cause Code 38 (Network Out of Order!). The problem seems to be getting worse and is now effecting more calls than not (although this could just be because I'm aware of it). Once the ISDN PBX has decided the Network's Out of

I have dovecot configured to use an LDAP database for mail delivery with dovecot-lda. All of of my user accounts and aliases work fine except for postmaster@ which consistantly bounces. I have compared the entry for postmaster with another working alias and see no difference. When I send mail to postmaster I get the following in the logs: Jun 11 02:11:13 server1 postfix/pipe[12083]: 6D6CF33444:

On that Portsentry subject, anybody ran across an updated hostsentry rpm? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20050915/f5133636/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3022 bytes

I have two iptable rules for userspace modification : iptable -t mangle -A PREROUTING -p udp --dport 9090 -j NFQUEUE iptable -t mangle -A OUTPUT -p udp --sport 9090 -j NFQUEUE I have the following network setup: client ---------------->Linux Box or router--------------------->server. What i'm trying to achieve is modifying all packets which comes from client to 9090 port of the

Hi, Can anybody tell me how to delete DSCP or TOS setting using iptable command. iptables --list OUTPUT --table mangle Chain OUTPUT (policy ACCEPT) target prot opt source destination DSCP tcp -- anywhere anywhere tcp spt:http DSCP s et 0x08 DSCP udp --

i search a lot forum how to get bandwidth statistic such number of packet, total byte in each application protocol by using IPTABLES + netfilter-layer7 but i don''t know which script for getting it in log file and use data after get it for plotting graph later my IPTABLES command like this iptables -t mangle -N all iptables -t mangle -A POSTROUTING -j all iptables -t mangle -A