Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

portsentry-1.1-fr6 RPM for i386

From Freshrpms for Red Hat 7.2 / portsentry

Name: portsentry Distribution: Fresh RPMS
Version: 1.1 Vendor: Freshrpms.net
Release: fr6 Build date: Thu Dec 6 18:02:20 2001
Group: Applications/System Build host: devel.freshrpms.net
Size: 97698 Source RPM: portsentry-1.1-fr6.src.rpm
Packager: Matthias Saou <matthias.saou@est.une.marmotte.net>
Url: http://www.psionic.com/
Summary: Port scan detection and active defense.
PortSentry is part of the Abacus Project suite of tools. The Abacus
Project is an initiative to release low-maintenance, generic, and reliable
host based intrusion detection software to the Internet community. More
information can be obtained from http://www.psionic.com.

PortSentry has a number of options to detect port scans, the purpose of this
is to give an admin a heads up that their host is being probed. There are
similar programs that do this already (klaxon, etc.) We have added a little
twist to the whole idea (auto-blocking), plus extensive support for
stealth scan detection.

PortSentry has four "stealth" scan detection modes. Method one uses a
pre-defined list of ports to watch over. If someone pokes at them
it activates. The second method is what is called "inverse" port binding,
where every port under a range is watched *except* for those that the
system has bound for network daemons when the PortSentry starts or ones that
you've manually excluded. This is a very sensitive way for looking for
port probes, but also the most prone to false alarms.

Provides

Requires

License

Freely distributable

Changelog

* Thu Dec 06 2001 Matthias Saou <matthias.saou@est.une.marmotte.net>
  - Restart portsentry upon iptables/ipchains flush to not let the
    previously blocked hosts to what they want!
  - Now default to iptables and not ipchains.
* Wed Oct 31 2001 Matthias Saou <matthias.saou@est.une.marmotte.net>
  - Removed the mail sent every 6 hours about the flush on success.
* Wed Oct 17 2001 Matthias Saou <matthias.saou@est.une.marmotte.net>
  - Fixed the emailing example KILL_RUN_CMD I had added.
* Tue Sep 18 2001 Matthias Saou <matthias.saou@est.une.marmotte.net>
  - Fixed the init script to update correctly the ignore file on non
    english systems.
* Sat Aug 18 2001 Matthias Saou <matthias.saou@est.une.marmotte.net>
  - Added UDP port 123 to the advanced exclude, since ntp queries were
    getting the ntp server blocked!
* Fri Aug 03 2001 Matthias Saou <matthias.saou@est.une.marmotte.net>
  - Update to 1.1.
  - Spec file cleanup, merged both patches to the new version.
  - New updated initscript, now excludes default gateways and nameservers.
  - Added a cron entry to flush added iptables/ipchains entries.
* Thu Nov 09 2000 Matthias Saou <matthias.saou@est.une.marmotte.net>
  - added some exclude tcp & udp ports in "a" modes
  - changed the default mode to "atcp" & "audp" with a portsentry.modes
    file
* Tue Sep 05 2000 Tim Powers <timp@redhat.com>
  - fixed initscript so that it doesn't overwrite the portsentry.ignore file,
    just appends to it (in a roundabout way)
  - patched default behavior of config file *not* to automagically start
    blocking tcp and udp
  - the above were tested by Henri J. Schlereth" <henris@bga.com>, and don't
    forget he reported the problem to me too :)
* Thu Aug 10 2000 Tim Powers <timp@redhat.com>
  - fixed the initscript so that it actually starts both or all modes of
    scanning
  - noreplace for config files
* Thu Aug 10 2000 Tim Powers <timp@redhat.com>
  - fixed perms on /var/portsentry
  - added initscript with many suggestions from Henri J. Schlereth
    <henris@bga.com>, it's real nice :)
  - added post, preun and postun sections since we now have an initscript
* Wed Aug 09 2000 Tim Powers <timp@redhat.com>
  - FHSified the package. Was putting stuff in the horrible location of
    /usr/psionic, which is not FHS compliant. Fixed.
* Mon Jul 24 2000 Prospector <prospector@redhat.com>
  - rebuilt
* Mon Jul 10 2000 Tim Powers <timp@redhat.com>
  - rebuilt
* Mon Jul 03 2000 Prospector <bugzilla@redhat.com>
  - automatic rebuild
* Thu May 18 2000 Tim Powers <timp@redhat.com>
  - update to 1.0
* Tue Nov 23 1999 Tim Powers <timp@redhat.com>
  - updated to 0.99.1
* Tue Jul 20 1999 Tim Powers <timp@redhat.com>
  - yet another name change and version update to 0.98
  - made neccessary changes to everything so it would build
* Wed May 05 1999 Bill Nottingham <notting@redhat.com>
  - build for powertools-6.0, rename to portsentry
* Fri Oct 02 1998 Michael Maher <minke@redhat.com>
  - built package

Files

/etc/cron.d/portsentry
/etc/init.d/portsentry
/etc/portsentry
/etc/portsentry/portsentry.conf
/etc/portsentry/portsentry.ignore
/etc/portsentry/portsentry.modes
/usr/sbin/portsentry
/usr/share/doc/portsentry-1.1
/usr/share/doc/portsentry-1.1/CHANGES
/usr/share/doc/portsentry-1.1/CREDITS
/usr/share/doc/portsentry-1.1/LICENSE
/usr/share/doc/portsentry-1.1/README.COMPAT
/usr/share/doc/portsentry-1.1/README.install
/usr/share/doc/portsentry-1.1/README.methods
/usr/share/doc/portsentry-1.1/README.stealth
/var/portsentry


Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Jul 10 21:43:12 2014