similar to: HOWTO: Temporary dynamic blocking with Shorewall and Portsentry

I installed portsentry and am using it with shorewall. I followed the HOWTO posted here, and I have it working together, I have gotten about 4 emails saying such IP is blocked for 5 days. However, in the /etc/portsentry dir, the only files in there are: portsentry.conf portsentry.ignore portsentry.temp.block There are no files that should be there like: portsentry.history portsentry.block -

Just dropping a note, I've built CentOS4 friendly RPMs (as well as RHEL4 and FC4) of two of my favourite tools, PortSentry and ProFTPd: ftp://ftp.pbone.net/mirror/ftp.falsehope.net/home/tengel/portsentry/CentOS4/ ftp://ftp.pbone.net/mirror/ftp.falsehope.net/home/tengel/proftpd/CentOS4/ PortSentry is built using the last known (RedHat 9 based) SPEC/patches from FreshRPMS, updated to apply

I'm running CentOS 4 with Blue Quartz on a white box, and having problems with installing Portsentry vi the .tar.gz route. Various errors, etc. Anyone here know of a source, like an RPM or something, for Portsentry for CentOS? ... or a similar app? thnx, Manny

Hello, i use shorewall for a very long time (2 years or so) and i use it for nat and as firewall....i now use portsentrys to detect portscans but there is one problem...i use the HOWTO from the shorewall mailing list to make portsentry and shorewall work together....but there is one prob portscans get detected and a drop rule is added to shorewall for example shorewall drop 62.178.xxx.xx

I'm having some trouble with portsentry on CentOS. I've installed it and configured it to ignore my network. However, every 20 minutes, it reloads my iptables and basically kills any SSH sessions, etc. Any suggestions? Thanks, Todd -------------- next part -------------- An HTML attachment was scrubbed... URL:

We upgraded to NSD 3.2.9 (from 3.2.8) because we encountered the problem "Fix denial of existence response for empty non-terminal that looks like a NSEC3-only domain (but has data below it)." (a nasty problem with DNSSEC). But we now have IXFR issues. On one name server, NSD 3.2.9 works fine, zones are IXFRed and work. On another name server, with much more zones (and big ones), we

I don''t know whether this is the right place to ask, but kindly point me to an FM that I can R if it isn''t. My wife is creating lots of Kazaa traffic, and I am using rsync to create a full mirror of Red Hat''s FTP site, Aurora Linux FTP site, the LDP site, and some other stuff. Clearly, when one is moving well over 100GB over a 128 Kbps link, this is going to take a

https://bugzilla.netfilter.org/show_bug.cgi?id=1399 Bug ID: 1399 Summary: tables/chains priority doesn't work Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: enhancement Priority: P5 Component: kernel Assignee: pablo at

Hi, I have seen this come up in a couple of threads, but nothing recent. I was wondering a couple of things and was hoping someone could clarify. I have an existing working shorewall configuration (Details at end of post). >From within this config, I have a few ports redirected for use with portsentry (like the mini-howto directs forbidden port accesses to port 49999). This works

On Wed, Feb 3, 2010 at 2:40 PM, Geoff Galitz <geoff at galitz.org> wrote: > > > > Should it be running, or not? > > > > > > >root at mercury:[~]$ netstat -ap --inet | grep rpc > > >tcp 0 0 *:sunrpc *:* > LISTEN 6458/portsentry > > >udp 0 0 localhost:filenet-rpc localhost:filenet-rpc

Hello everyone, I need a little help finding an issue one of my machines. I have 4 setup all the same way and just this one gives the errors. Here are the errors from Logwatch; ?################### LogWatch 5.2.2 (06/23/04) #################### ?--------------------- Arpwatch Begin ------------------------ Argument "4444'service' option expects either the name of a

I copied exactly where Axel provided into atrmps.repo. I have the line: atrpms.repo:baseurl=http://dl.atrpms.net/el5-x86_64/atrpms/stable but the rpms that are being flagged as updates pretty much all have fc5 in their names. e.g.: ---> Package mplayer-fonts.noarch 4:1.0-7.at set to be updated ---> Package mplayer.i386 4:1.0-60_r23482.fc5 set to be updated ---> Package

hy all, i'm trying to make an acl so a local unix user 'sie' can access exalead mboxes. my exalead mboxes are stored in : /opt/exalead/mail/sie/ mailboxes are automatically created every week like sie.2007.W17 for the 17th week of the year. how can i do this ? i've tried several things but none succedded. dovecot version 1.0.rc15 # /etc/dovecot.conf ddIEffective uid=65534,

The current Shorewall release model has the following characteristics: a) The last two major releases are supported. b) Only the latest major release is actively developed. c) Bug fixes are available for the prior major release but only against the last minor release. d) The last major release is advertised as the "Current Release". I''m thinking of switching to a model that

Hi all, I appologise in advance if this is a little OT, but I am building a box that will serve as firewall and router for a small ''internet cafe / netcafe'' and am using CentOS... So here it is: What are the best tools to be used for keeping the potential script kiddies from ''harming the Internet'' :) ? I specifically want to be able to detect and prevent

Hi, after reading the docs (no man page) and seeing a few example howtos, I see none for Centos specifically. I hereby offer to write this and even host it, and any other wiki-able howto you want, if you can school me on the first few steps relevant to how to link up the current rpmforge rpm for RHEL4-64. See, right now, the one for centos loads into the /usr/share/doc, which is an odd place

Harald Welte just announced that the 2.6 Kernels will not support the ''unclean'' match extension except via Patch-O-Matic. Since I have a polciy of not supporting Netfilter features that are only available in P-O-M, I will be removing the ''logunclean'' and ''dropunclean'' interface options from Shorewall. In 1.4.7, a warning will be issued if

Javier Fernández-Sanguino Peña has discovered an exploitable vulnerability in the way that Shorewall handles temporary files and directories. The vulnerability can allow a non-root user to cause arbitrary files on the system to be overwritten. LEAF Bering and Bering uClibc users are generally not at risk due to the fact that LEAF boxes do not typically allow logins by non-root users. For 2.0

On that Portsentry subject, anybody ran across an updated hostsentry rpm? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20050915/f5133636/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3022 bytes

If any of you have been so bold as to install the Shorewall CA Certificate in your browser(s), the current certificate will expire on 11/13. There is a new 10-year certificate available for installation at: http://lists.shorewall.net/Shorewall_CA_html.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \