Linux setup steps/installing and configuring portsentry

From Nick Jenkins

installing and configuring portsentry:

aptitude install portsentry

Then:

nano /etc/portsentry/portsentry.conf

... and change to add some ignored ports:

- ADVANCED_EXCLUDE_TCP="113,139"
+ ADVANCED_EXCLUDE_TCP="113,139,25,445,135"

# Enable blocking:
- BLOCK_UDP="0"
- BLOCK_TCP="0"
+ BLOCK_UDP="1"
+ BLOCK_TCP="1"

# Make a little less likely to react:
- SCAN_TRIGGER="0"
+ SCAN_TRIGGER="2"

Then:

nano /etc/portsentry/portsentry.ignore.static

... and add:

# Put hosts in here you never want blocked. This includes the IP addresses
# of all local interfaces on the protected host (i.e virtual host, mult-home)
# Keep 127.0.0.1 and 0.0.0.0 to keep people from playing games.
127.0.0.1
0.0.0.0
# Add the local IP address, the gateway address, DNS addresses,
# addresses of hosts you know you will be connecting from, etc etc.

Then:

nano /etc/default/portsentry

... (will be an empty or non-existent file), and add / change the two lines to ATCP and AUDP modes (these are the inverse modes) :

TCP_MODE="atcp"
UDP_MODE="audp"

Can then reload portsentry by doing:

/etc/init.d/portsentry restart

Can then test with:

nmap 127.0.0.1

Note: when not using atcp and audp, portsentry will open lots of ports, which will show up with the above command.