LINUX SECURITY 101 - On Overwatch: PortSentry

9. On Overwatch: PortSentry

• What is PortSentry?
  • Intrusion detection Software (many others)
  • Low Maintenance (works automaticaly)
  • Very Configurable
• What does PortSentry do?
  • Gives indication of being probed (syslogs)
  • Target host is dropped in /etc/hosts.deny for TCP Wrappers
  • Reconfigures Local Host
    (all traffic from the Target routed to a dead host: it disapears)
    (local host drops all packets from target via local packet filter)
• How to Configure it?
  • portsentry.conf
  • TCP_PORTS
  • UDP_PORTS
  • ADVANCED_PORTS_TCP
  • ADVANCED_PORTS_UDP
  • ADVANCED_EXCLUDE_TCP
  • ADVANCED_EXCLUDE_UDP
  • IGNORE_FILE
  • EXCLUDE_FILE
• See it working in a screenshot
• Messages log: Starting PortSentry
• Messages log: SYN attack
• Messages log: being Scanend for LinuxConf ports