HostedDB - Dedicated UNIX Servers
Securing-Optimizing-RH-Linux-1_2_168
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 168 # be careful that you don't make a hair trigger situation. Because # Advanced mode will react for *any* host connecting to a non-used # below your specified range, you have the opportunity to really   # break things. (i.e someone innocently tries to connect to you via   # SSL [TCP port 443] and you immediately block them). Some of you # may even want this though. Just be careful. # SCAN_TRIGGER="0" ###################### # Port Banner Section# ###################### # # Enter text in here you want displayed to a person tripping the PortSentry. # I *don't* recommend taunting the person as this will aggravate them. # Leave this commented out to disable the feature # # Stealth scan detection modes don't use this feature # PORT_BANNER="** UNAUTHORIZED ACCESS PROHIBITED *** YOUR CONNECTION ATTEMPT HAS BEEN LOGGED. GO AWAY." # EOF Now, we must check/change its default permission for security reasons: [root@deep /]# chmod 600 /usr/psionic/portsentry/portsentry.conf Configure the “/usr/psionic/portsentry/portsentry.ignore” file The “/usr/psionic/portsentry/portsentry.ignore” file is where you add in any host you want to have ignored if it connects to a tripwired port. This should always contain at least the localhost (127.0.0.1) and the IP's of the local interfaces (lo). It is not recommend putting in every machine IP on your network. Edit the portsentry.ignore file (vi /usr/psionic/portsentry.ignore) and add in any host you want to have ignored if it connects to a tripwired port: # Put hosts in here you never want blocked. This includes the IP addresses  # of all local interfaces on the protected host (i.e virtual host, mult-home) # Keep 127.0.0.1 and 0.0.0.0 to keep people from playing games. 127.0.0.1 0.0.0.0 Now, we must check/change its default permission for security reasons: [root@deep /]# chmod 600 /usr/psionic/portsentry/portsentry.ignore Start up PortSentry The PortSentry program can be configured in six different modes of operation. But be aware that only one protocol mode type can be started at a time or to be more accurate, you can start one TCP mode and one UDP mode, so two TCP modes and one UDP modes or something like that doesn’t work. The available modes are: · portsentry -tcp (basic port-bound TCP mode) · portsentry -udp (basic port-bound UDP mode) · portsentry -stcp (Stealth TCP scan detection) · portsentry -atcp (Advanced TCP stealth scan detection)