14.5. PortSentry

Firewalls help us to protect our network from unsolicited intrusions. Using them we can choose which ports we want to be open and which one's we dont. Information is kept private by your organization and responsibility of individuals asociated. Nobody from the outside implicitly knows this information, but attackers know as well as spammers, that for some kind of attacks you can use a special program to scan all the ports on a server to glean this valuable information i.e. what is open and what is not.

These installation instructions assume:

These are the Package(s) you have to download and Portsentry Homepage:http://www.psionic.com/abacus/portsentry/ You must be sure to download: portsentry-1.0.tar.gz

Important: Please do not forget to read the README and/or INSTALL with in the tarball you have downloaded if the version number is not the same as we have suggested and follow the instructions since there are chances of some changes either by the way of additions or deletions are likely to be there.

When you install from Tarball(s), it is always better to make a list of files on the system before you install Portsentry, and one afterwards, and then compare them using diff to find out what file is placed where.A Simple step find /* > Portsentry1 before and find /* > Portsentry2 after you install the software, and use diff Portsentry1 Portsentry2 > PortSentry-Installed to get a list of what changed.

You need to Compile so Decompress the tarball *.tar.gz.

         [root@deep] /#cp portsentry-version.tar.gz /var/tmp/
         [root@deep] /#cd /var/tmp
         [root@deep ]/tmp#tar xzpf portsentry-version.tar.gz

Optimize to compile

  1. You must modify the Makefile file for Portsentry to specify installation paths, compilation flags, and optimizations for your system. We must also modify this file to be compliant with Red Hat file's system structure. Move into the new Portsentry directory and with the following commands on your terminal edit the Makefile file vi Makefile and change the following lines:

         CC = cc         
      To read:
         CC = egcs

         CFLAGS = -O -Wall
      To read:
         CFLAGS = -O9 -funroll-loops -ffast-math -malign-double -mcpu=pentiumpro -march=pentiumpro -fomit-frame-pointer -fno-exceptions -Wall

         INSTALLDIR = /usr/local/psionic
      To read:
         INSTALLDIR = /usr/psionic

    4. The above changes will configure the software to use egcs compiler, optimization flags specific to our system, and locate all files related to Portsentry software to the target directories we have chosen.

  2. Since we are using an alternate path for the files i.e. not /usr/local/psionic, we need to change the path to the PortSentry configuration file in the main portsentry_config.h header file. Move into the new PortSentry directory and edit the portsentry_config.h file vi portsentry_config.h and change the following line:
         #define CONFIG_FILE "/usr/local/psionic/portsentry/portsentry.conf"
    To read:
         #define CONFIG_FILE "/usr/psionic/portsentry/portsentry.conf"

  3. Step 3 Install Portsentry on your system.
         [root@deep ]/portsentry-1.0#make linux
             [root@deep ]/portsentry-1.0#make install
    The above commands will configure the software to the Linux operating system, compile, build, and then finally install files into the appropriate locations.

Please do a cleanup later:

         [root@deep] /# cd /var/tmp
         [root@deep ]/tmp#rm -rf portsentry-version/ portsentry-version_tar.gz
The rm command will remove all the source files we have used to compile and install PortSentry. It will also remove the PortSentry compressed archive from the /var/tmp directory.