portsentry是linux下的开源防扫描软件,现在把安装过程写下来,一方面希望能抛砖引玉,另一方面备忘。
portsentry 安装
tar -zxvf portsentry-1.2.tar.gz
cd portsentry_beta/
vi portsentry.c
在1590行附近 将下面的改为一行
printf ("Copyright 1997-2003 Craig H. Rowland <craigrowland at users dot
sourceforget dot net>\n");
make linux
make install
cd /usr/local/psionic/portsentry/
vi portsentry.conf
修改
BLOCK_UDP="1" 为 BLOCK_UDP="0"
修改
# iptables support for Linux
#KILL_ROUTE="/usr/local/bin/iptables -I INPUT -s $TARGET$ -j DROP"
为
# iptables support for Linux
KILL_ROUTE="/sbin/iptables -I INPUT -s $TARGET$ -j DROP"
修改
KILL_HOSTS_DENY="ALL: $TARGET$"
为
#KILL_HOSTS_DENY="ALL: $TARGET$"
保存退出
vi portsentry.ignore
将白名单加入进去,比方说修改后为:
127.0.0.1/32
192.168.1.0/24
保存退出
启动portsentry的 advanced tcp模式
/usr/local/psionic/portsentry/portsentry -atcp
这个时候 portsentry 将监视1024以下,本机没有开放的端口。如果有人访问未开放的端口的话 放到iptables里拒绝掉
定时清理iptables
原因:1 如果我们是adsl用户,自己可能被拒绝掉,2 提高系统运行效率
脚本如下:比方说命名为clear-portsentry.sh
#!/bin/sh
echo "###############################################################################" >>/usr/local/psionic/portsentry/portsentry.log
/bin/date >> /usr/local/psionic/portsentry/portsentry.log
/bin/grep -v ^$ /usr/local/psionic/portsentry/portsentry.history >>/usr/local/psionic/portsentry/portsentry.log
echo "" > /usr/local/psionic/portsentry/portsentry.history
echo "" > /usr/local/psionic/portsentry/portsentry.blocked.atcp
/bin/sh /data/myscript/firewall.sh
编写防火墙脚本,这里注意INPUT必须是ACCEPT 不然的话 包全被iptables拒绝掉了 portsentry 什么用途也没有了。firewall.sh 如下
#!/bin/sh
# the script is written by liuhaiqing
#the script is used for clearing all the firewall rules and set new rules
/sbin/iptables -t filter -F
/sbin/iptables -t filter -Z
/sbin/iptables -t filter -X
#################default rule##############
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
##############ssh rule#####################
/sbin/iptables -t filter -A INPUT -p tcp -s 192.168.1.0/24 --dport 10000 -j ACCEPT
/sbin/iptables -t filter -A INPUT -p tcp --dport 10000 -j DROP
将脚本添加到 crontab 8点到20点的第二分钟和第三十二分钟清理下
2,32 8-20 * * * sh /data/myscript/clear-portsentry.sh
查看脚本生成的portsentry的log
cat /usr/local/psionic/portsentry/portsentry.log
示例如下
###############################################################################
Fri Oct 21 10:32:01 CST 2011
1319162535 - 10/21/2011 10:02:15 Host: 209.193.54.95/209.193.54.95 Port: 23 TCP Blocked
1319163274 - 10/21/2011 10:14:34 Host: 122.49.11.198/122.49.11.198 Port: 135 TCP Blocked
1319164121 - 10/21/2011 10:28:41 Host: 200.121.154.65/200.121.154.65 Port: 23 TCP Blocked
ok 收工
本文提到的脚本见附件
转载于:https://blog.51cto.com/liuhaiqing/693908
1134
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
