防止端口扫描工具-portsentry
一、下载安装:
下载地址:
https://sourceforge.net/projects/sentrytools/?source=typ_redirect
解压:
tar -zxvf portsentry-1.2.tar.gz -C /usr/local/
cd /usr/local/portsentry_beta/
make
make install
报错:如下信息
cp: cannot stat ‘./portsentry’: No such file or directory
Makefile:70: recipe for target 'install' failed
make: *** [install] Error 1
修改文件:
vi portsentry.c
修改这行:应该是换行符的问题
printf ("Copyright 1997-2003 Craig H. Rowland <craigrowland at users dot sourceforget dot net>\n");
再次安装
make linux && make install
提示如下:
WARNING: This version and above now use a new
directory structure for storing the program
and config files (/usr/local/psionic/portsentry).
Please make sure you delete the old files when
the testing of this install is complete.
安装成功
二、配置:
vi portsentry.conf
监控的端口
TCP_PORTS="1,11,15,79,111,119,143,540,635,1080,1524,2000,5742,6667,12345,12346,20034,27665,31337,32771,32772,32773,32774,40421,49724,54320"
UDP_PORTS="1,7,9,69,161,162,513,635,640,641,700,37444,34555,31335,32770,32771,32772,32773,32774,31337,54321"
不记录ip配置文件:
IGNORE_FILE="/usr/local/psionic/portsentry/portsentry.ignore"
扫描记录:
HISTORY_FILE="/usr/local/psionic/portsentry/portsentry.history"
被阻止的记录:
BLOCKED_FILE="/usr/local/psionic/portsentry/portsentry.blocked"
重定向虚拟路由:
KILL_ROUTE="/sbin/route add $TARGET$ 121.1.2.10"
或者使用iptables:(或者加入的hosts.deny)
KILL_ROUTE="/usr/local/sbin/iptables -I INPUT -s $TARGET$ -j DROP"
默认利用tcp_Wrappers阻断连接
KILL_HOSTS_DENY="ALL: $TARGET$"
启动:
portsantry -tcp基本监测; -stcp秘密监测; -atcp高级秘密监测;
-udp; -sudp; -audp;
加入开机脚本rc.local