[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Portsentry - config changes, help needed!
- Subject: Re: [cobalt-security] Portsentry - config changes, help needed!
- From: Charlie Clemmer <cclemmer@xxxxxxxxxxxxxxxxxx>
- Date: Fri, 17 Jan 2003 09:02:12 -0600
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 10:41 AM 1/17/2003 +0000, marcus miller wrote:
>I have killed the two processes that were running for portsentry and
> restarted them again yet I am still receiving reports for scans on
>the unwanted ports.
>
>/usr/local/psionic/portsentry/portsentry -tcp
>/usr/local/psionic/portsentry/portsentry -udp
>
>Can anyone tell me how to restart portsentry so it takes changes to
>the config file into configuration?
You've done things the way I do ... if I modify the config fill, I
kill the
old portsentry processes, and start them over again just as you
described
above. Two things I would suggest checking: First, watch
/var/log/messages
when you restart the processes ... you'll see a dump of all the ports
that
are being watched and whether they were opened successfully. I
suppose
there's a chance that you have another portsentry process running out
there
somewhere that's keeping the unwanted ports open ... this will get
reported
as well when you start the new portsentry daemons as the two
instances will
conflict with each other when opening the ports. Second, when all
else
fails, double check the portsentry.conf file and make sure you aren't
making changes to one of the sections that commented out ...
portsentry
provided something like three different detail levels ... you might
not be
editing the one that's been uncommented out, and that's why you're
not
seeing any changes when restarting.
Just a couple of ideas anyway ...
Charlie
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBPiga+CtTL7LSInmsEQIbeACg5+m3F/l+XZEOBLAV0cIztehOSWsAn18y
YKguRCM7127AgXNniDyMLaLt
=zEqR
-----END PGP SIGNATURE-----