[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] PortSentry and Logcheck ?
- Subject: Re: [cobalt-users] PortSentry and Logcheck ?
- From: Mike Vanecek <nospam99@xxxxxxxxxxxx>
- Date: Thu Jun 29 19:24:42 2000
- Organization: anonymous
On Sun, 4 Jun 2000 16:39:07 -0600 (MDT), Brent Sims <brent@xxxxxxxxxxx> wrote:
/snip/
:> I stay pretty busy so it might be a week or so before I do
:>portsentry but, after doing this one, you really ought to be able to
:>do portsentry on your own. It's not much more difficult at all.
Since I am on a Qube2, before I can install Portsentry I will need to install
ipchains (is that correct)? I already use ipfwadm so I assume that ipchains
will replace it? After reading the doco, I am a little confused about the
relationship between Portsentry and ipchains. Currently, I use ipfwadm to deny
and log all tcp/udp ports except for a limited number between 0 and 1023.
Hence, a scan on a protected port does not respond and makes an entry in the
messages log (although for some reason the port of source and destination is
not included). Within this context, how does Portsentry and ipchains differ?
In the install instructions for Logcheck, a rpm is not created (bear with me
on this, this is all new). Would not one want to create a rpm so that the
installation of Logcheck is entered into the rpm system? If so, what
modifications to the Logcheck install would one need to make?
Thanks for your help. If I can get it all put together, I will write up a KB
article so others can share your knowledge.
--
For information on the unofficial qube mailing list, see
http://majordomo.email-lists.com/qube-users/