Anti-malware scanning software portsentry under Linux

Source: Internet
Author: User
Tags dot net

Our company has been attacked by malice recently. Later , there are free anti-malware scanning software portsentry in LINUX to solve the

1. Installing portsentry

Cut off portsentry-1.2.tar.gz

[Email protected] ~]# tar zxvf portsentry-1.2.tar.gz

[Email protected] ~]# CD portsentry_beta/

Open portsentry.c in the 1590 line around Copyright 1997-2003 that line of content adjust to one line, or install the alarm

1584 printf ("Copyright 1997-2003 Craig H. Rowland <craigrowland at the users dot

1585 sourceforget dot net>\n ");

Modified into

1584 printf ("Copyright 1997-2003 Craig H. Rowland <craigrowland at the users dot sourceforget dot net>\n");

[[email protected] portsentry_beta]# make && make install

found CP: can't Stat " ./portsentry " : no file or directory

Make : * * * [Install] Error 1 this question, we were at once make&& make install&& make Linux

[[email protected] portsentry_beta]# make Linux

Port Sentry the configuration

[Email protected] portsentry_beta]# vi/usr/local/psionic/portsentry/portsentry.conf

Found it

# Use these if you just want to be aware:

Tcp_ports= " 1,11,15,79,111,119,143,540,635,1080,1524,2000,5742,6667,12345,12346,20034,27665,31337,32771,32772,32773,32774,40421,49724 , 54320 "

Udp_ports= "1,7,9,69,161,162,513,635,640,641,700,37444,34555,31335,32770,32771,32772,32773,32774,31337,54321"

You can add the ports you want to monitor.

Start Portsentry the command is as follows

[Email protected] portsentry_beta]#/usr/local/psionic/portsentry/portsentry-atcp

View Logs

[Email protected] portsentry_beta]# tail/var/log/messages

Jul 19:58:59 tomcat135 portsentry[11037]: adminalert:advanced mode would manually exclude port:139

Jul 19:58:59 tomcat135 portsentry[11037]: adminalert:advanced Stealth scan detection mode activated. Ignored TCP port:22

Jul 19:58:59 tomcat135 portsentry[11037]: adminalert:advanced Stealth scan detection mode activated. Ignored TCP port:25

Jul 19:58:59 tomcat135 portsentry[11037]: adminalert:advanced Stealth scan detection mode activated. Ignored TCP port:80

Jul 19:58:59 tomcat135 portsentry[11037]: adminalert:advanced Stealth scan detection mode activated. Ignored TCP port:111

Jul 19:58:59 tomcat135 portsentry[11037]: adminalert:advanced Stealth scan detection mode activated. Ignored TCP port:631

Jul 19:58:59 tomcat135 portsentry[11037]: adminalert:advanced Stealth scan detection mode activated. Ignored TCP port:637

Jul 19:58:59 tomcat135 portsentry[11037]: adminalert:advanced Stealth scan detection mode activated. Ignored TCP port:113

Jul 19:58:59 tomcat135 portsentry[11037]: adminalert:advanced Stealth scan detection mode activated. Ignored TCP port:139

Jul 19:58:59 tomcat135 portsentry[11037]: Adminalert:portsentry is now active and listening.

If the attack we can view

[Email protected] portsentry_beta]# Cat/etc/hosts.deny

#

# Hosts.deny This file contains access rules which is used to

# Deny connections to network services this either use

# The Tcp_wrappers library or that has been

# started through a tcp_wrappers-enabled xinetd.

#

# The rules in this file can also is set up in

#/etc/hosts.allow with a ' deny ' option instead.

#

# See ' Mans 5 Hosts_options ' and ' Man 5 hosts_access '

# For information on rule syntax.

# see ' Mans TCPD ' for information on tcp_wrappers

#

all:216.99.158.196

all:116.10.191.184

all:65.111.161.35

all:58.52.149.161

all:137.175.69.43

all:14.108.157.240

all:198.13.104.182

all:137.175.70.226

all:119.36.79.10

all:27.16.231.69

all:137.175.9.239

all:142.4.126.35

all:112.125.18.175

all:119.122.9.152

all:218.77.79.43

all:204.93.154.216

all:42.120.145.6

all:23.105.86.26

describe these IP is malicious scan, by this software automatically added to this inside.

This article is from the "Fly Hung 膤" blog, please be sure to keep this source http://jxzhfei.blog.51cto.com/1382161/1444740

Anti-malware scanning software portsentry under Linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.