Live Journal

All About Log

p0rtsentry

|——————— life with p0rtsentry ————————–|
|———————- y3dips ————————-|

|— Start Install

/*Download packet*/

[root@y3dips tmp]# tar -zxf portsentry-1.1.tar.gz
[root@y3dips tmp]# cd portsentry-1.1

/*lakukan configurasi file config*/

[root@y3dips portsentry-1.1]# vi portsentry_config.h

#define CONFIG_FILE “/usr/local/psionic/portsentry/portsentry.conf”

Ganti dengan

#define CONFIG_FILE “/etc/portsentry/portsentry.conf”

Tambahkan,

#define SYSLOG_LEVEL LOG_LOCAL7

|— Atur Private log

[root@y3dips portsentry-1.1]# vi /etc/syslog.conf

*.info;mail.none;news.none;authpriv.none;cron.none /var/log/messages

ganti menjadi

*.info;mail.none;news.none;authpriv.none;cron.none;local7.none var/log/messages

serta tambahkan

#log Untuk Portsentry
local7.* /var/log/portsentry.log

[root@y3dips portsentry-1.1]# service syslog restart

|— Atur konfigurasi portsentry

[root@y3dips portsentry-1.1]# vi portsentry.conf

######################
# Configuration Files#
######################
#
# Hosts to ignore
IGNORE_FILE=”/usr/local/psionic/portsentry/portsentry.ignore”
# Hosts that have been denied (running history)
HISTORY_FILE=”/usr/local/psionic/portsentry/portsentry.history”
# Hosts that have been denied this session only (temporary until next restart)
BLOCKED_FILE=”/usr/local/psionic/portsentry/portsentry.blocked”

ubah Jadi

######################
# Configuration Files#
######################
#
# Hosts to ignore
IGNORE_FILE=”/etc/portsentry/portsentry.ignore”
# Hosts that have been denied (running history)
HISTORY_FILE=”/etc/portsentry/portsentry.history”
# Hosts that have been denied this session only (temporary until next restart)
BLOCKED_FILE=”/etc/portsentry/portsentry.blocked”

# iptables support for Linux
#KILL_ROUTE=”/usr/local/bin/iptables -I INPUT -s $TARGET$ -j DROP”

ubah jadi

# iptables support for Linux
KILL_ROUTE=”/usr/local/bin/iptables -I INPUT -s $TARGET$ -j DROP”

|— Edit makefile

[root@y3dips portsentry-1.1]# vi Makefile

INSTALLDIR = /usr/local/psionic

ubah menjadi

INSTALLDIR = /etc

|— Install
/* coz my machine was linux so i make linux first */

[root@y3dips portsentry-1.1]# make linux
SYSTYPE=linux
Making
cc -O -Wall -DLINUX -DSUPPORT_STEALTH -o ./portsentry ./portsentry.c \
./portsentry_io.c ./portsentry_util.c

[root@y3dips portsentry-1.1]# make install

|—- Skrip untuk menjalankan portsentry setiap booting

portsentry
—————–cut here——————-

#! /bin/bash

# skrip untuk menjalankan portsentry
# nama proses : portsentry
# file pid : /var/run/portsentry.pid
# konfigurasi : /etc/portsentry/portsentry.conf
# konfigurasi : /etc/portsentry/portsentry.ignore
# konfigurasi : /etc/portsentry/portsentry.history
# konfigurasi : /etc/portsentry/portsentry.blocked

#Source library fungsi
. /etc/rc.d/init.d/functions

#Source konfigurasi jaringan
. /etc/sysconfig/network

#Periksa apakah Jaringan berjalan

[ ${NETWORKING} = “no” ] && exit 0

#Dimulai :p

case “$1” in
start)
echo -n “Menyalakan Portsentry: ”
daemon /etc/portsentry/portsentry -atcp
/etc/portsentry/portsentry -audp
echo
touch /var/lock/subsys/portsentry
;;
stop)
echo -n “Matikan Portsentry: ”
killproc portsentry
echo
rm -f /var/lock/subsys/portsentry
rm -f /var/run/portsentry.pid
;;
restart)
$0 stop
$0 start
;;
*)
echo ” Gunakan : $0 { start | stop | restart }”
exit 1
esac
exit 0

———————–cut here—————————–

letakkan di /etc/rc.d/init.d/
kemudian chmod +x agar bisa dieksekusi

|— portsentry runnin`

Agar Portsentry dapat dijalankan pada run level 1-6 ,
buat symbolic link dari script /etc/rc.d/init.d/portsentry

[root@y3dips portsentry-1.1]# ln -s /etc/rc.d/init.d/portsentry /etc/rc.d/rc0.d/K30portsentry
[root@y3dips portsentry-1.1]# ln -s /etc/rc.d/init.d/portsentry /etc/rc.d/rc1.d/K30portsentry
[root@y3dips portsentry-1.1]# ln -s /etc/rc.d/init.d/portsentry /etc/rc.d/rc2.d/S80portsentry
[root@y3dips portsentry-1.1]# ln -s /etc/rc.d/init.d/portsentry /etc/rc.d/rc3.d/S80portsentry
[root@y3dips portsentry-1.1]# ln -s /etc/rc.d/init.d/portsentry /etc/rc.d/rc4.d/S80portsentry
[root@y3dips portsentry-1.1]# ln -s /etc/rc.d/init.d/portsentry /etc/rc.d/rc5.d/S80portsentry
[root@y3dips portsentry-1.1]# ln -s /etc/rc.d/init.d/portsentry /etc/rc.d/rc6.d/K30portsentry

Konfigurasikan log rotate
[root@y3dips portsentry-1.1]# vi /etc/logrotate.d/portsentry

/var/log/portsentry.log {
rotate 12
monthly
errors root@localhost
missingok
postrotate
/usr/bin/killal -HUP portsentry 2> /dev/null || true
endscript
}

|— Nyalakan Portsentry

[root@y3dips portsentry-1.1]# service portsentry start
Menyalakan Portsentry: [ OK ]
[root@y3dips portsentry-1.1]# tail -f /var/log/portsentry.log
Oct 30 10:22:50 y3dips portsentry[3168]: adminalert: Advanced mode will manually exclude port: 113
Oct 30 10:22:50 y3dips portsentry[3171]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 67
Oct 30 10:22:50 y3dips portsentry[3168]: adminalert: Advanced mode will manually exclude port: 139
Oct 30 10:22:50 y3dips portsentry[3171]: adminalert: PortSentry is now active and listening.
Oct 30 10:22:50 y3dips portsentry[3168]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 22
Oct 30 10:22:50 y3dips portsentry[3168]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 80
Oct 30 10:22:50 y3dips portsentry[3168]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 443
Oct 30 10:22:50 y3dips portsentry[3168]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 113
Oct 30 10:22:50 y3dips portsentry[3168]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 139
Oct 30 10:22:50 y3dips portsentry[3168]: adminalert: PortSentry is now active and listening.

|— Cek status portsentry yang background processing

[root@y3dips root]# ps -axf
1862 ? S 0:00 /etc/portsentry/portsentry -atcp
1865 ? S 0:00 /etc/portsentry/portsentry -audp

|— EOF

(c)Oct 2003

== Resource : Portsentry README file

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: