portsentry不生效的问题

lues

首先声明，我的服务器在装portsentry之前已经装好了Snort+Guardian，

我的/etc/portsentry/portsentry.conf 部分代码如下：

[code:1]###################
# External Command#
###################
#KILL_RUN_CMD="/some/path/here/script $TARGET$ $PORT$"
#KILL_RUN_CMD="/bin/mail -s 'Portscan from $TARGET$ on port $PORT$' user@host < /dev/null"
KILL_RUN_CMD="/usr/bin/nmap -O $TARGET$">> /var/log/scanIP.log

[root@wa-wa snort]# portsentry -stcp
[root@wa-wa snort]# ps -aux | grep portsentry
root     26528  0.0  0.0  1528  500 ?        R    17:30   0:00 portsentry -stcp
root     26530  0.0  0.0  4924  692 pts/0    S    17:30   0:00 grep portsentry
[/code:1]
我在另外一台机器上操作
[code:1][root@GateWay uniwap]# nmap 210.75.18.37

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )

caught SIGINT signal, cleaning up[/code:1]
但是Snort+Guardian有反映，portsentry没效


[code:1][root@wa-wa snort]# more /var/log/scanIP.log
/var/log/scanIP.log: 没有那个文件或目录[/code:1]


偶参考的是http://www.linuxfans.org/nuke/mo ... ght=IDS%CF%B5%CD%B3

lues

我改为KILL_RUN_CMD="/usr/bin/nmap -O $TARGET$ >> /var/log/scanIP.log"

就行了

但是portsentry并没有将我扫描的机器加到/etc/hosts.deny 文件里面

[code:1][root@wa-wa portsentry]# more /etc/hosts.deny
#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap![/code:1]


我的 TCP Wrappers配置如下：
[code:1]###############
# TCP Wrappers#
###############
KILL_HOSTS_DENY="ALL: $TARGET$ : DENY"[/code:1]

我的操作系统是redhat as 3.0

lues

up