Port Sentry
As a system administrator, one major concern would be to protect the system from network intrusions. This is where PortSentry comes into the picture. It has the ability to detect scans on a host system, and react to those scans in a way we choose.
Getting ready
To demonstrate the implementation and use of PortSentry, we need two systems on the same network, which can ping each other. Also, we need the Nmap package on one system, which will be used as a client, and on the other system, we will install and configure the PortSentry package. To install the nmap
package, use the apt-get install nmap
command:
How to do it...
- On the first system, we install the PortSentry package, using the following command:
apt-get install portsentry
- During the installation process, a window will open containing some information about PortSentry. Just click
Ok
to continue.
- As soon as the installation completes, PortSentry starts monitoring on TCP and UDP ports. We can verify this by checking the
/var/log...