給出虛假的路由信息,把所有的信息流都重定向到一個不存在的主機;
自動將對服務器進行端口掃描的主機加到TCP-Wrappers的/etc/hosts.deny文件中去,我個人比較喜歡這種方式,因為線上許多環境並非都能打開iptables,這個選項也是PortSentry默認的功能;
利用Netfilter機制,用包過濾程序,比如iptables和ipchain等,把所有非法數據包(來自對服務器進行端口掃描的主機)都過濾掉;
通過syslog()函數給出一個目志消息,甚至可以返回給掃描者一段警告信息。
一、PortSentry的安裝
下面詳細介紹PortSentry工具的安裝和配置方法。
1.從http://sourceforge.net/projects/sentrytools/下載軟件的最新版portsentry-1.2.tar.gz,用root用戶執行如下命令進行安裝:
#tar zxvf portsentry-1.2.tar.gz
#cd portsentry-1.2_beta
#make
#make install
進行到這步時發現報錯,系統生成不了protsentry執行文件,【 Linux公社 www.Linuxidc.com 】 我們查看Makefile文件時發現,make後面根據操作系統的不同有許多選項。
所以我們重新執行此步操作,將目錄刪除重新解壓縮
然後我們執行make linux,發現系統仍然報錯,如下:
SYSTYPE=linux
Making
cc -O -Wall -DLINUX -DSUPPORT_STEALTH -o ./portsentry ./portsentry.c \
./portsentry_io.c ./portsentry_util.c
./portsentry.c: In function ?.ortSentryModeTCP?.
./portsentry.c:1187: warning: pointer targets in passing argument 3 of ?.ccept?.differ in signedness
./portsentry.c: In function ?.ortSentryModeUDP?.
./portsentry.c:1384: warning: pointer targets in passing argument 6 of ?.ecvfrom?.differ in signedness
./portsentry.c: In function ?.sage?.
./portsentry.c:1584: error: missing terminating " character
./portsentry.c:1585: error: ?.ourceforget?.undeclared (first use in this function)
./portsentry.c:1585: error: (Each undeclared identifier is reported only once
./portsentry.c:1585: error: for each function it appears in.)
./portsentry.c:1585: error: expected ?.?.before ?.ot?
./portsentry.c:1585: error: stray ?.?.in program
./portsentry.c:1585: error: missing terminating " character
./portsentry.c:1595: error: expected ?.?.before ?.?.token
make: *** [linux] Error 1
解決方法:
我們打開portsentry.c文件,在1590行左右,我們將帶有Copyright 1997-2003字樣的那行調整為一行即可,如下圖所示
650) this.width=650;" border=0>
圖1-1 文字有白線標記的那行代碼應調整為一行
調整後我們再執行make linux&& make install後,PortSentry順利安裝成功,其安裝路徑為/usr/local/psionic/portsentry,如下所示表示成功安裝此軟件:
Edit /usr/local/psionic/portsentry/portsentry.conf and change
your settings if you haven't already. (route, etc)
WARNING: This version and above now use a new
directory structure for storing the program
and config files (/usr/local/psionic/portsentry).
Please make sure you delete the old files when
the testing of this install is complete.