Installing portsentry (finally!), i got the next error.

Making generic
cc -O -o ./src/logtail ./src/logtail.c
./src/logtail.c: In function `main':
./src/logtail.c:51: warning: return type of `main' is not `int'
Creating temp directory /usr/local/etc/tmp
/bin/mkdir: cannot make directory `/usr/local/etc/tmp': Permission denied
make[1]: *** [install] Error 1
make[1]: Leaving directory `/home/sites/home/users/admin/logcheck-1.1.1'
make: *** [generic] Error 2

I changed to the dir /usr/local/etc, and tried to make the dir myself, but indeed permission denied.

Now is it save to do the install as root, to avoid this problem ?
Or can i just create the dir as root, get back to admin and start again ?

Thanks !

Most of these things need to be installed as root, and yes, it should be quite save.

Oh, if you are going to block access to "attackers", then be sure to put your own ip-adress in the portsentry.ignore file. If you don't, you could accidentally block yourself.

I've got a bunch of addresses in there (got an account with two isp's with fixed ip-addresses)

It looks like you are installing logcheck, not portsentry.

Here is what I do to keep track of what gets installed. As root:


find /* > logcheck1


Then do the make install. Then


find /* > logcheck2
diff logcheck1 logcheck2 > logcheck_files


This will only show you files installed or deleted, not changed files. There will be a bunch of junk in logcheck_files because of changes in /proc. Other than that, you'll get a listing of the directories and files that have been created or deleted.

Frank

Hmm, indeed. Missed that :D

indeed logcheck.
I thought i start with that and add portsentry next if nothing breaks :)
Thanks for the advice !

Here's what I used the first time I installed portsentry:
http://www.uk2raq.com/raqfaq/raqfaqshow.php?faq=46

I've got a bunch of addresses in there (got an account with two isp's with fixed ip-addresses)

Does this means that if i have a dynamic ip i'm in trouble ?
Or could i still login with SSH ??

great link Pingu, didn't had a walk tru for portsentry yet :)
thanks !

Originally posted by dutchie


Does this means that if i have a dynamic ip i'm in trouble ?
Or could i still login with SSH ?? You're not going to get in trouble unless you start scanning your own server.

However, I got in trouble once when trying to access the wrong port. My ip ended up in the deny file, duh.
Well, luckily i have more than one, so it was easily fixed, but it felt pretty stupid.

Having a second ISP is a good idea anyway if you're running a server across the ocean. If one fails, there's always another.
Besides an XS4ALL ADSL account, I also have a dial-up account with Demon (they use fixed ip's)

My Chello account has a more or less fixed ip, my backup account is a free one from Wanadoo (wich i have to use more often then i like), don't think they provide fixed ip's so i could try a lot of ports if i might forget the one i put SSH on :stickout

besides i wouldn't even know how to scan a port.

Thanks for the help!

There is a pkg for portsentry 1.1 available at
http://www.cobaltworld.com/modules.php?op=modload&name=Downloads&file=index&req=viewdownload&cid=3

I never installed it has I prefered to install it from source but if you have troubles you can give it a try. Just be shure to check the config files to meet you needs.

looks tempting as the logcheck install does not seem to work.
when i type /usr/local/etc/./logcheck.sh i only get a prompt, and no email in my box.

A bit hard to fix without errors :(

Did anyone install the portsentry pkg ?

I installed it from source but, ...

open logcheck.sh and check that the SYSADMIN is set to a good value. That is where the mail is sent. You should also check the rest of the config values there to make sure they make sense.

Frank

Well ofcourse i did, but i did it again and guess what ? :)

I really should stop doing this kind of work when i'm actually tired.
:blush: