博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
LINUX下防恶意扫描软件PortSentry
阅读量:5772 次
发布时间:2019-06-18

本文共 3399 字,大约阅读时间需要 11 分钟。

最近我们公司总是被恶意攻击。后面查看了LINUX下有免费的防恶意扫描软件PortSentry去解决了

 

1.安装portSentry

下裁portsentry-1.2.tar.gz

[root@tomcat135 ~]# tar zxvf portsentry-1.2.tar.gz

[root@tomcat135 ~]# cd portsentry_beta/

打开portsentry.c1590行左右Copyright 1997-2003那行内容调整为一行,不然安装报警

  1584   printf ("Copyright 1997-2003 Craig H. Rowland <craigrowland at users dot

   1585 sourceforget dot net>\n");

 

修改成

1584 printf ("Copyright 1997-2003 Craig H. Rowland <craigrowland at users dot sourceforget dot net>\n");

 

[root@tomcat135 portsentry_beta]# make && make install

 

发现cp: 无法 stat ./portsentry没有那个文件或目录

make: *** [install] 错误 1这问题,我们在一次make&& make install&& make linux

[root@tomcat135 portsentry_beta]# make linux

 

port Sentry的配置

[root@tomcat135 portsentry_beta]# vi /usr/local/psionic/portsentry/portsentry.conf

找到

# Use these if you just want to be aware:

TCP_PORTS="1,11,15,79,111,119,143,540,635,1080,1524,2000,5742,6667,12345,12346,20034,27665,31337,32771,32772,32773,32774,40421,49724,54320"

UDP_PORTS="1,7,9,69,161,162,513,635,640,641,700,37444,34555,31335,32770,32771,32772,32773,32774,31337,54321"

 

可以把你所要监视的端口增加进去

 

启动portsentry的命令如下

[root@tomcat135 portsentry_beta]# /usr/local/psionic/portsentry/portsentry -atcp

 

查看日志

[root@tomcat135 portsentry_beta]# tail /var/log/messages

Jul 23 19:58:59 tomcat135 portsentry[11037]: adminalert: Advanced mode will manually exclude port: 139

Jul 23 19:58:59 tomcat135 portsentry[11037]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 22

Jul 23 19:58:59 tomcat135 portsentry[11037]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 25

Jul 23 19:58:59 tomcat135 portsentry[11037]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 80

Jul 23 19:58:59 tomcat135 portsentry[11037]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 111

Jul 23 19:58:59 tomcat135 portsentry[11037]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 631

Jul 23 19:58:59 tomcat135 portsentry[11037]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 637

Jul 23 19:58:59 tomcat135 portsentry[11037]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 113

Jul 23 19:58:59 tomcat135 portsentry[11037]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 139

Jul 23 19:58:59 tomcat135 portsentry[11037]: adminalert: PortSentry is now active and listening.

 

如果被攻击的我们可以查看

[root@tomcat135 portsentry_beta]# cat /etc/hosts.deny

#

# hosts.deny    This file contains access rules which are used to

#                deny connections to network services that either use

#                the tcp_wrappers library or that have been

#                started through a tcp_wrappers-enabled xinetd.

#

#                The rules in this file can also be set up in

#                /etc/hosts.allow with a 'deny' option instead.

#

#                See 'man 5 hosts_options' and 'man 5 hosts_access'

#                for information on rule syntax.

#                See 'man tcpd' for information on tcp_wrappers

#

ALL: 216.99.158.196

ALL: 116.10.191.184

ALL: 65.111.161.35

ALL: 58.52.149.161

ALL: 137.175.69.43

ALL: 14.108.157.240

ALL: 198.13.104.182

ALL: 137.175.70.226

ALL: 119.36.79.10

ALL: 27.16.231.69

ALL: 137.175.9.239

ALL: 142.4.126.35

ALL: 112.125.18.175

ALL: 119.122.9.152

ALL: 218.77.79.43

ALL: 204.93.154.216

ALL: 42.120.145.6

ALL: 23.105.86.26

 

 

说明这些IP是恶意扫描的,被这软件自动增加到这里面去。

本文转自 jxzhfei  51CTO博客,原文链接:http://blog.51cto.com/jxzhfei/1444740

转载地址:http://fsoux.baihongyu.com/

你可能感兴趣的文章
mysql
查看>>
2012年电信业八大发展趋势
查看>>
Web日志安全分析工具 v2.0发布
查看>>
JS重载
查看>>
python2和python3同安装在Windows上,切换问题
查看>>
php加速工具xcache的安装与使用(基于LNMP环境)
查看>>
android超链接
查看>>
redhat tomcat
查看>>
统计数据库大小
查看>>
IO流的学习--文件夹下文件的复制
查看>>
第十六章:脚本化HTTP
查看>>
EXCEL表中如何让数值变成万元或亿元
查看>>
nginx在响应request header时候带下划线的需要开启的选项
查看>>
Linux下DHCP服务器配置
查看>>
AndroidStudio中导入SlidingMenu报错解决方案
查看>>
我的IDEA配置
查看>>
myeclipse显示行号
查看>>
编写高性能的java程序
查看>>
Spring 的配置详解
查看>>
linux已经不存在惊群现象
查看>>