> Would it be possible to distribute the portsentry utility with the
> /etc/rc.d/init.d/portsentry script? Redhat always distributes the
> script along with the rpm. However I have noticed that it is missing in
> the Mandrake distributions.
I agree. Perhaps Mandrake can add it my suggestions below as well.
To get around this, I added the following at the bottom of
/etc/rc.d/rc.firewall
################
echo -n "Firewall is now up..."
# kill any portsentry processes already running
for i in `ps auwwwx | grep portsentry | grep -v grep | awk '{ print $2 }'` ; do kill
-9 $i; done
echo -n "Starting PortSentry..."
cd /usr/sbin/
./portsentry -stcp
./portsentry -sudp
cd -
echo -n "Banning sites..."
/root/zdeny # banned sites
################
If I make changes to the firewall, I have the following alias
alias fwall='/sbin/ipchains -F ; . /etc/rc.d/rc.firewall'
which allows me to restart the firewall and Portsentry.
The banning sites section is to ban previously denied IP numbers by
PortSentry. Restarting the firewall normally kills all banned IPs,
except the way that I do it.
I use the following in the section of portsentry.conf
#KILL_RUN_CMD="/some/path/here/script $TARGET$ $PORT$"
KILL_RUN_CMD="/root/deny.sh $TARGET$"
Contents of deny.sh
-----------------------
#!/bin/sh
if [ x$1 != x ]
then
echo "/sbin/ipchains -A input -s $1 -j DENY -l" >> /root/zdeny
fi
-----------------------
Permissions should be set executable...
-rwx------ 1 root root 100 Oct 3 00:04 /root/deny.sh*
-rwxr----- 1 root root 26978 Feb 1 07:28 /root/zdeny*
Thanks... Dan.
