I have been super busy over the past few months! Thankfully, life seems to be slowing down a bit, but not much. Yesterday, I interviewed for a position as a Support Engineer with FireHost in Plano, TX. The interview went well and the opportunity is a ground-floor opportunity, which is absolutely awesome.
Aside from that, I have been dusting off some of my rusty old Linux sysadmin skills and rebuilding my knowledge and skills in that arena. In addition, I am also dipping my toe into the IT security realm a bit. For now, I am familiarizing myself with some of the more common tools for Intrusion Detection and Forensics. Once I'm comfortable with those tools I'll explore exploitation and cracking.
The first tool I got my hands dirty with is PortSentry. I installed it from the Official Ubuntu Repositories yesterday evening and settled in for what I expected to be a long process of learning how to configure and optimize the portsentry.conf file. As usual, I installed via command line, using the following command:
ken@hostname:~$ sudo aptitude install portsentry
I backed up the default configuration file by running the following commands:
ken@hostname:~$ cd /etc/portsentry/
ken@hostname:~$ sudo cp portsentry.conf portsentry.conf.bak
*Note: I always leave the .bak files I create in place in the event that my custom configuration file ever becomes corrupted, deleted, or otherwise tampered with, thus providing a simple file to restore from.
Then, using an archived article from Linux.com, found at this link: http://linux.omnipotent.net/article.php?article_id=12540&page=-1 I began going through the configuration file one section at a time. To my pleasant surprise, I noticed that during the install, the configuration file was configured automatically. I only had to change two sections, one of which was optional. The first change was as follows.
In the IGNORE OPTIONS section, I changed the default:
BLOCK_TCP="0"
BLOCK_UDP="0"
to the more preferred setting of:
BLOCK_TCP="1"
BLOCK_UDP="1"
The final change I made to the configuration file was to uncomment the message in the PORT BANNER section. It's advised to leave it commented, but I felt better having a warning message display to anyone trying to gain unauthorized access to my home network.
Overall, the installation and configuration for PortSentry was completely painless, and I highly recommend that anyone interested in running a secure Linux system install PortSentry and utilize it as part of their security scheme.
No comments:
Post a Comment