Project background:
We need a secure means of securing our servers, and the ability to detect the IP of the hosts that have already attacked our servers and those who are attacking us. And can take the means to let us under attack can guarantee the security of our host.
Software Introduction:
Lab Environment:
VMware Workstation 11
Under the centos6.5 system
Cobbler Server: ip:192.168.0.32
SECURECRT (SSH remote connection software)
Project Flow:
First, the software download
[Email protected] ~]# wget http://fm.linzhennan.cn/portsentry-1.2.tar.gz
Second, software Installation
1. Decompression
[Email protected] ~]# tar zxvf portsentry-1.2.tar.gz
2. Compiling
[Email protected] ~]# CD portsentry_beta/#先切换到结出来的目录里面
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/7E/F4/wKiom1cN5Duy4S9-AACTNgY3cDc439.png "title=" 01.png "alt=" Wkiom1cn5duy4s9-aactngy3cdc439.png "/>
3. Installation
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7E/F1/wKioL1cN5WDyP5I6AACHN011BKs104.png "title=" 02.png "alt=" Wkiol1cn5wdyp5i6aachn011bks104.png "/>
If you have problems, good things can help us grow.
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/7E/F4/wKiom1cN5d6B1O6lAAEPPAYupxw674.png "title=" 03.png "alt=" wkiom1cn5d6b1o6laaeppayupxw674.png "/> problem solved? Let's make Linux first, then make install installation
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7E/F4/wKiom1cN5j6RnE9NAAEmRmLAsmA136.png "title=" 04.png "alt=" Wkiom1cn5j6rne9naaemrmlasma136.png "/>
Now let's install it and see
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7E/F2/wKioL1cN54qA5YQeAACGnB9n9_E765.png "title=" 05.png "alt=" Wkiol1cn54qa5yqeaacgnb9n9_e765.png "/> Third, check the port list of successful software monitoring we installed, of course you can customize. Just follow the default format of the configuration file.
[[email protected] portsentry_beta]# vim/usr/local/psionic/portsentry/portsentry.conf650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/7E/F2/wKioL1cN6HuC6IekAAFcxMsf5ys091.png "title=" 06.png "alt=" Wkiol1cn6huc6iekaafcxmsf5ys091.png "/>
Iv. View some file locations that record important information
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/7E/F2/wKioL1cN6hzxt6YDAAEkCkKulcM016.png "title=" 07.png "alt=" Wkiol1cn6hzxt6ydaaekckkulcm016.png "/>
View/usr/local/psionic/portsentry/portsentry.ignore File
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/7E/F2/wKioL1cN7PDC9hshAABitHwctR8573.png "title=" 10.png "alt=" Wkiol1cn7pdc9hshaabithwctr8573.png "/>
V. Route redirection Settings
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/7E/F2/wKioL1cN6vDAzQu0AAEpbI7NVj0183.png "title=" 08.png "alt=" Wkiol1cn6vdazqu0aaepbi7nvj0183.png "/> Set up route redirection to protect our hosts.
VI. customizing warning messages to alert attackers
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7E/F2/wKioL1cN6_uDhGxVAACLCqRFUUA708.png "title=" 09.png "alt=" Wkiol1cn6_udhgxvaaclcqrfuua708.png "/>
Seven, start our service
We have the following types of startup modes:
Basic port Binding Mode for PORTSENTRY-TCP:TCP
Basic port Binding Mode for PORTSENTRY-UDP:UDP
Secret scan detection mode of PORTSENTRY-STCP:TCP
Secret scan detection mode of PORTSENTRY-SUDP:UDP
PORTSENTRY-ATCP:TCP's advanced secret scan detection mode
PORTSENTRY-AUDP:UDP's advanced secret scan detection mode
We use TCP's advanced secret scan detection mode
[Email protected] portsentry_beta]#/usr/local/psionic/portsentry/portsentry-atcp
View the system's log files
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/7E/F2/wKioL1cN8OTRlpWpAAD81STFas0366.png "title=" 11.png "alt=" Wkiol1cn8otrlpwpaad81stfas0366.png "/> Eight, set up our intrusion detection system boot from
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/7E/F5/wKiom1cN8SrAbXDRAAEobTxeOTI588.png "title=" 12.png "alt=" Wkiom1cn8srabxdraaeobtxeoti588.png "/>
Project Summary:
This article from "A few" blog, declined reprint!
Portsentry: Intrusion Detection Tool Combat!!!