"marcus miller" <[EMAIL PROTECTED]> wrote: > I have made a few changes to the default config in portsentry, removed a > couple of ports from the 'Port Configuration' section as I am tired of > logcheck sending me 'Active System Attack' heading that can not be ignored. > > I have killed the two processes that were running for portsentry and > restarted them again yet I am still receiving reports for scans on the > unwanted ports. > > /usr/local/psionic/portsentry/portsentry -tcp > /usr/local/psionic/portsentry/portsentry -udp > > Can anyone tell me how to restart portsentry so it takes changes to the > config file into configuration?
What you did works. I suspect that either there are multiple portsentry.conf files on your server and the processes you started are referring to a different file than the one you edited (locate portsentry.conf), you didn't edit all of the appropriate variables (reply with all port related sections) or LogSentry is reporting log records that are a result of something other than PortSentry, such as IPCHAINS (reply with relevant LogSentry report records). -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
