Anyone know where I can find instructions on installing IP Chains, Portsentry and Logcheck on a RaQ4i? Pleeeeeaaaasssseeee?

yay. after searching for days on here without finding a howto, i found one at the cobalt lists, and another one that i meant to post here soon anyways....

here's what i used for logcheck and portsentry. it came out perfectly. i installed logcheck first with these directions, then waited until my cron run(i installed it to run in cron daily, an hour before cron ran on my sever), and it worked fine.

then i started on port sentry. the directions are almost the same. if you had no problems with logcheck, you should be able to do portsentry easy as pie.

http://list.cobalt.com/pipermail/cobalt-users/2000-June/012633.html



if you have problems with portsentry, check this article out. it has another step by step, that should help a little.

http://www.linuxnewbie.org/nhf/intel/security/portsentry1.html



annnnd, i know nothing about IP chains, however, i'd love to know more!

hmm, with logcheck it was going smooth untill I typed make install. I got this:

Making
cc -O -o ./src/logtail ./src/logtail.c
./src/logtail.c: In function `main':
./src/logtail.c:51: warning: return type of `main' is not `int'
Creating temp directory /usr/local/etc/tmp
Setting temp directory permissions
chmod 700 /usr/local/etc/tmp
Copying files
cp ./systems//logcheck.hacking /usr/local/etc
cp: ./systems//logcheck.hacking: No such file or directory
make: *** [install] Error 1

i got the exact same error message, and i just kept going, and it worked fine. but, on the cobalt forums, read a few threads ahead(next message). like, 5 or 10. i believe someone else had gotten an error like that while installing, and i someone said not to worry about it.

you might want to try finishing it, then put it in cron.quarterly, just to test and see if works out......then move it back to whatever cron you want.

(please keep in mind that i'm new to this as well.....so hopefully someone with more knowledge will help out. mine has been working fine for the last 2 days)



oh, this is on a raq4i with 512mb ram.

I just copyed the files in system/linux and it seems to be running fine because I got my email from cron. Now, about portsentry, doesnt IPChains need to be installed for that to function properly? I have found instructions for installing IPChains but I have heard that it disables FTP and Im not sure what the process is to re-enable it.

hmm, i did nothing with ipchains, and installed port sentry and i've been getting the reports in log check for portsentry....and, i checked my logs, and i see port sentry activate, and it shows the ports that it's binded(bound? hahhah. sheesh) to....


sooo. hmmm...

hmm.


did anyone else install portsentry and it NOT add an entry into cron.daily?

at the moment, portsentry shuts down when cron runs, but doesn't restart. sooo, i have to manually restart it every morning...

If you have IPchains, why are you installing PortSentry? Portsentry just detects scans -- presumably, you have locked down everything using IPchains, so PortSentry should have nothing to do.

Besides, PortSentry is a poor bit of software -- it binds ports and makes them seem like they are open to the outside world. Also, you can easily cause PortSentry to drop IPs into IPchains and/or hosts.deny. In 1 minute, you can drop 500 IPs into PortSentry. This type of attack is not common at the moment -- but a simple perl script can due the trick. With IP spoofing and some info, I can lock out your routers from your box -- then you're hosed.