Difference between revisions of "Portsentry"
From MS Computech
| Line 1: | Line 1: | ||
'''''Portsentry''''' portscan detect + block installation log mscompute team | '''''Portsentry''''' portscan detect + block installation log mscompute team | ||
| − | + | <br> | |
<pre>#apt-get install portsentry</pre><pre>#nano /etc/portsentry/portsentry.conf | <pre>#apt-get install portsentry</pre><pre>#nano /etc/portsentry/portsentry.conf | ||
| − | + | BLOCK_UDP="1" | |
| − | + | BLOCK_TCP="1"</pre><pre>#cd /etc/init.d/ | |
| − | + | #nano portsentryscript</pre><pre#!/bin/bash | |
| − | |||
case "$1" in | case "$1" in | ||
start) | start) | ||
echo "Starting Portsentry..." | echo "Starting Portsentry..." | ||
| − | ps ax | grep -iw '/usr/sbin/portsentry -atcp' | grep -iv 'grep' | + | ps ax | grep -iw '/usr/sbin/portsentry -atcp' | grep -iv 'grep' > /dev/null |
| − | if [ $? | + | if [ $? != 0 ]; then |
/usr/sbin/portsentry -atcp | /usr/sbin/portsentry -atcp | ||
fi | fi | ||
| − | ps ax | grep -iw '/usr/sbin/portsentry -audp' | grep -iv 'grep' | + | ps ax | grep -iw '/usr/sbin/portsentry -audp' | grep -iv 'grep' > /dev/null |
| − | if [ $? | + | if [ $? != 0 ]; then |
/usr/sbin/portsentry -audp | /usr/sbin/portsentry -audp | ||
fi | fi | ||
echo "Portsentry is now up and running!" | echo "Portsentry is now up and running!" | ||
| − | + | ;; | |
stop) | stop) | ||
echo "Shutting down Portsentry..." | echo "Shutting down Portsentry..." | ||
| Line 33: | Line 32: | ||
done | done | ||
echo "Portsentry stopped!" | echo "Portsentry stopped!" | ||
| − | + | ;; | |
restart) | restart) | ||
| − | $0 stop & | + | $0 stop && sleep 3 |
$0 start | $0 start | ||
| − | + | ;; | |
*) | *) | ||
echo "Usage: $0 {start|stop|restart}" | echo "Usage: $0 {start|stop|restart}" | ||
exit 1 | exit 1 | ||
esac | esac | ||
| − | exit 0</pre> <pre>#chmod 644 portsentry | + | exit 0 |
| + | </pre><pre>#chmod 644 portsentry | ||
#chmod 755 portsentryscript | #chmod 755 portsentryscript | ||
#update-rc.d portsentryscript defaults | #update-rc.d portsentryscript defaults | ||
</pre> | </pre> | ||
Revision as of 16:44, 6 December 2008
Portsentry portscan detect + block installation log mscompute team
#apt-get install portsentry
#nano /etc/portsentry/portsentry.confBLOCK_UDP="1"
BLOCK_TCP="1"
#cd /etc/init.d/<pre#!/bin/bash
- nano portsentryscript
case "$1" in
start)
echo "Starting Portsentry..."
ps ax | grep -iw '/usr/sbin/portsentry -atcp' | grep -iv 'grep' > /dev/null
if [ $? != 0 ]; then
/usr/sbin/portsentry -atcp
fi
ps ax | grep -iw '/usr/sbin/portsentry -audp' | grep -iv 'grep' > /dev/null
if [ $? != 0 ]; then
/usr/sbin/portsentry -audp
fi
echo "Portsentry is now up and running!"
;;
stop)
echo "Shutting down Portsentry..."
array=(`ps ax | grep -iw '/usr/sbin/portsentry ' | grep -iv 'grep' \
| awk '{print $1}' | cut -f1 -d/ | tr '\n' ' '`)
element_count=${#array[@]}
index=0
while [ "$index" -lt "$element_count" ]
do
kill -9 ${array[$index]}
let "index = $index + 1"
done
echo "Portsentry stopped!"
;;
restart)
$0 stop && sleep 3
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac exit 0
</pre>#chmod 644 portsentry #chmod 755 portsentryscript #update-rc.d portsentryscript defaults
