发布于itkylin

How to Install portsentry on ubuntu 14.04/16.04

Portsentry源下载:http://nchc.dl.sourceforge.net/sourceforge/sentrytools/portsentry-1.2.tar.gz
从sourceforge.net下载的包要做如下修改:
vi +1584 portsentry.c
将584和1585两行合并为一行!
如:printf (“Copyright 1997-2003 Craig H. Rowland \n”);

本站下载的portsentry包已修正,直接解压后make linux & make install即可。

tar -zxvpf portsentry-1.2.tar.gz
cd portsentry_beta
make linux
make install
#出现以下信息表示安装成功了
#Edit /usr/local/psionic/portsentry/portsentry.conf and change
#your settings if you haven’t already. (route, etc)
#
#WARNING: This version and above now use a new
#directory structure for storing the program
#and config files (/usr/local/psionic/portsentry).
#Please make sure you delete the old files when
#the testing of this install is complete.

#开始配置:
vi /usr/local/psionic/portsentry/portsentry.conf
RESOLVE_HOST = “0”
:wq!

#加进忽略的地址:
vi /usr/local/psionic/portsentry/portsentry.ignore
218.189.xx.xx/32
218.189.xx.xx/32
127.0.0.1/32
0.0.0.0
:wq!

#启动TCP/UDP高级秘密扫描侦测模式(Advanced Stealth Scan Detection Mode)
/usr/local/psionic/portsentry/portsentry -atcp
/usr/local/psionic/portsentry/portsentry -audp

#将启动命令放入rc.local随开机启动即可。
vi /etc/rc.local
/usr/local/psionic/portsentry/portsentry -atcp
/usr/local/psionic/portsentry/portsentry -audp
:wq!

查看时实日志(ubuntu系统):
tail -f /var/log/syslog
Oct 13 13:52:45 itkylin.com portsentry[2940]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 161
Oct 13 13:52:45 itkylin.com portsentry[2940]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 520
Oct 13 13:52:45 itkylin.com portsentry[2940]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 138
Oct 13 13:52:45 itkylin.com portsentry[2940]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 137
Oct 13 13:52:45 itkylin.com portsentry[2940]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 67
Oct 13 13:52:45 itkylin.com portsentry[2940]: adminalert: PortSentry is now active and listening.
Oct 13 13:53:45 itkylin.com portsentry[2938]: attackalert: TCP SYN/Normal scan from host: 191.82.128.216/191.82.128.216 to TCP port: 23
Oct 13 13:53:45 itkylin.com portsentry[2938]: attackalert: Host 191.82.128.216 has been blocked via wrappers with string: “ALL: 191.82.128.216”
Oct 13 13:54:02 itkylin.com portsentry[2938]: attackalert: TCP SYN/Normal scan from host: 124.235.29.88/124.235.29.88 to TCP port: 23
Oct 13 13:54:02 itkylin.com portsentry[2938]: attackalert: Host 124.235.29.88 has been blocked via wrappers with string: “ALL: 124.235.29.88”
Oct 13 13:54:11 itkylin.com portsentry[2938]: attackalert: TCP SYN/Normal scan from host: 176.113.129.210/176.113.129.210 to TCP port: 23
Oct 13 13:54:11 itkylin.com portsentry[2938]: attackalert: Host 176.113.129.210 has been blocked via wrappers with string: “ALL: 176.113.129.210”

more /etc/hosts.deny
ALL: 191.82.128.216
ALL: 124.235.29.88
ALL: 176.113.129.210
ALL: 91.225.109.71
ALL: 188.218.26.133

more /usr/local/psionic/portsentry/portsentry.blocked.atcp
1476338025 – 10/13/2016 13:53:45 Host: 191.82.128.216/191.82.128.216 Port: 23 TCP Blocked
1476338042 – 10/13/2016 13:54:02 Host: 124.235.29.88/124.235.29.88 Port: 23 TCP Blocked
1476338051 – 10/13/2016 13:54:11 Host: 176.113.129.210/176.113.129.210 Port: 23 TCP Blocked
1476338134 – 10/13/2016 13:55:34 Host: 91.225.109.71/91.225.109.71 Port: 23 TCP Blocked
1476338174 – 10/13/2016 13:56:14 Host: 188.218.26.133/188.218.26.133 Port: 23 TCP Blocked

#完!