![]() |
![]() |
Before I begin, you'll probably wonder why this HOWTO is so short. Setting up PortSentry to work well is fairly simple and requires a few steps and thus does not need long descriptions. If you feel that more detail is needed or would like certain topics about PortSentry explored in depth on this HOWTO, please e-mail me at bogart@rice.edu. Please remember to take the fake "spam" out of the address before sending.
PortSentry is a program that protects computers running linux from various break-in attempts and assaults. It does this by dropping the IP addresses of the attackers into the computer's /etc/hosts.deny file when it detects a port scan. To detect a port scan, PortSentry binds itself to various ports that are not in use and are specified by the portsentry.conf file in one's /etc directory. When an attacker performs a scan on one of these ports, they are immediately added to the hosts.deny file and then dropped via tcp wrappers onto a dead, non-existent host like 333.444.555.666. PortSentry has proven extremely effective against assaults. To give anecdotal evidence, a friend of mine who runs linux and uses PortSentry has now accumulated a 2 megabyte hosts.deny file. I haven't noticed any break-ins since I installed PortSentry, either. Please note that despite its excellent track record, PortSentry will not protect against human error. Please choose passwords that are difficult to crack, e.g., not your name or your dog's name. For other security tips, please check out this page for more in-depth information as well as a more comprehensive set of links.
Now for the important stuff: how to install PortSentry. Below I have listed a simple step-by-step procedure that should get PortSentry installed properly on your machine.
If you are running Debian Woody (unstable), running apt-get install portsentry will install and configure PortSentry for you. All configuration files are stored under /etc/portsentry/.