Hello all. I have just installed portsentry on my linux box. (rd7.0) After reading the howtoo plus the readme now files I'm a little lost.
My question to you guys is.

How do I know that someone is scaning me plus

how do i stop them. I also have a apache server running right now. When I do a

tail -f /var/log/html/error_log

I could see a lot of people trying to run a cmd.exe command. I know that for a windows machine. But how do i block those guys from running those command. I have the ip address on there.

Thank you guys for all the help

Bishop :cool:

Your logfile will tell you when someone is scanning you. Add the following to your /etc/syslog.conf:

kern.* /var/log/firewall

Then do kill -HUP $(cat /var/run/syslogd.pid) to restart syslogd.

As for how you stop them, well... that's what portsentry is for. It automatically blocks them. However, if you already have iptables/ipchains running, then those packets will be blocked before they even hit portsentry. Which means that portsentry may very well just become dormant unless your firewall ruleset suddenly fails.

You can't stop those people from running commands unless you disable httpd. Besides, they can't do harm to your system if you're all patched up.

I tried looking in my var/log/firwall but I did not see the firewall log file.

a custom fire wall that my old tech guy did a long time ago.....

what should I do ?

Well the logfile will be created after you add the entry for it in syslog.conf and restart syslogd.

You'll need to provide more information about this old firewall. What's it called?

Also, I'm moving this to the Security Forum.