Sammy says, 'Join the team and come on in for the Big Win!'
PortSentry and You
 May the flames of Linux consume your degenerate operating system

Before I begin, you'll probably wonder why this HOWTO is so short. Setting up PortSentry to work well is fairly simple and requires a few steps and thus does not need long descriptions. If you feel that more detail is needed or would like certain topics about PortSentry explored in depth on this HOWTO, please e-mail me at bogart@rice.edu. Please remember to take the fake "spam" out of the address before sending.

PortSentry is a program that protects computers running linux from various break-in attempts and assaults. It does this by dropping the IP addresses of the attackers into the computer's /etc/hosts.deny file when it detects a port scan. To detect a port scan, PortSentry binds itself to various ports that are not in use and are specified by the portsentry.conf file in one's /etc directory. When an attacker performs a scan on one of these ports, they are immediately added to the hosts.deny file and then dropped via tcp wrappers onto a dead, non-existent host like 333.444.555.666. PortSentry has proven extremely effective against assaults. To give anecdotal evidence, a friend of mine who runs linux and uses PortSentry has now accumulated a 2 megabyte hosts.deny file. I haven't noticed any break-ins since I installed PortSentry, either. Please note that despite its excellent track record, PortSentry will not protect against human error. Please choose passwords that are difficult to crack, e.g., not your name or your dog's name. For other security tips, please check out this page for more in-depth information as well as a more comprehensive set of links.

Now for the important stuff: how to install PortSentry. Below I have listed a simple step-by-step procedure that should get PortSentry installed properly on your machine.

  1. Go to http://www.psionic.com/abacus/portsentry/ and follow the links to the PortSentry download.
  2. Download PortSentry.
  3. Su or login to your box as root.
  4. Make a directory, e.g., /usr/local/abacus/portsentry/
  5. Ungzip and untar the file into this directory.
  6. Edit the config file. Make sure the directory in which you put PortSentry is specified as such in the file.
  7. Compile the source. It's one file. gcc -o portsentry portsentry.c.
  8. Move your config file to /etc.
  9. Edit /usr/local/abacus/portsentry/portsentry.ignore and add your own IP address and 127.0.0.1.
  10. Edit rc.local and add the commands to run PortSentry on startup. Please follow the rc.local link to find out what commands you need to add. You can also read the documentation.
  11. Run the commands you just wrote to rc.local from the prompt as root. These will start the daemons that will check your tcp and udp ports for scanners. If you change your config files, you don't need to reboot or rerun the daemons to apply your changes. PortSentry will periodically check your config and adjust accordingly.

    12. If you are running Debian Woody (unstable), running apt-get install portsentry will install and configure PortSentry for you. All configuration files are stored under /etc/portsentry/.

    Back to the main page.
    By Mike Yantosca.
    2/8/1999