Difference between revisions of "Portsentry"

Latest revision as of 16:46, 6 December 2008

Portsentry portscan detect + block installation log mscompute team

#apt-get install portsentry

#nano /etc/portsentry/portsentry.conf
BLOCK_UDP="1"

BLOCK_TCP="1"

#cd /etc/init.d/
#nano portsentryscript

#!/bin/bash
case "$1" in
    start)
        echo "Starting Portsentry..."
        ps ax | grep -iw '/usr/sbin/portsentry  -atcp' | grep -iv 'grep' > /dev/null
        if [ $? != 0 ]; then
          /usr/sbin/portsentry  -atcp
        fi

        ps ax | grep -iw '/usr/sbin/portsentry  -audp' | grep -iv 'grep' > /dev/null
        if [ $? != 0 ]; then
          /usr/sbin/portsentry  -audp
        fi
        echo "Portsentry is now up and running!"
    ;;
    stop)
        echo "Shutting down Portsentry..."
        array=(`ps ax | grep -iw '/usr/sbin/portsentry ' | grep -iv 'grep' \
                       | awk '{print $1}' | cut -f1 -d/ | tr '\n' ' '`)
        element_count=${#array[@]}
        index=0
        while [ "$index" -lt "$element_count" ]
        do
          kill -9 ${array[$index]}
          let "index = $index + 1"
        done
        echo "Portsentry stopped!"
    ;;
    restart)
        $0 stop  && sleep 3
        $0 start
    ;;
    *)
    echo "Usage: $0 {start|stop|restart}"
    exit 1
esac
exit 0

#chmod 644 portsentry
#chmod 755 portsentryscript
#update-rc.d portsentryscript defaults