Re: [cobalt-security] Portsentry - config changes, help needed!

[Charlie Clemmer <cclemmer@xxxxxxxxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 10:41 AM 1/17/2003 +0000, marcus miller wrote:
>I have killed the two processes that were running for portsentry and
> restarted them again yet I am still receiving reports for scans on
>the  unwanted ports.
>
>/usr/local/psionic/portsentry/portsentry -tcp
>/usr/local/psionic/portsentry/portsentry -udp
>
>Can anyone tell me how to restart portsentry so it takes changes to
>the  config file into configuration?

You've done things the way I do ... if I modify the config fill, I
kill the 
old portsentry processes, and start them over again just as you
described 
above. Two things I would suggest checking: First, watch
/var/log/messages 
when you restart the processes ... you'll see a dump of all the ports
that 
are being watched and whether they were opened successfully. I
suppose 
there's a chance that you have another portsentry process running out
there 
somewhere that's keeping the unwanted ports open ... this will get
reported 
as well when you start the new portsentry daemons as the two
instances will 
conflict with each other when opening the ports. Second, when all
else 
fails, double check the portsentry.conf file and make sure you aren't
making changes to one of the sections that commented out ...
portsentry 
provided something like three different detail levels ... you might
not be 
editing the one that's been uncommented out, and that's why you're
not 
seeing any changes when restarting.

Just a couple of ideas anyway ...

Charlie 

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPiga+CtTL7LSInmsEQIbeACg5+m3F/l+XZEOBLAV0cIztehOSWsAn18y
YKguRCM7127AgXNniDyMLaLt
=zEqR
-----END PGP SIGNATURE-----