[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Portsentry - config changes, help needed!
- Subject: Re: [cobalt-security] Portsentry - config changes, help needed!
- From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
- Date: Fri, 17 Jan 2003 09:00:54 -0500
- Organization: Befriend Internet Services LLC
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
"marcus miller" <cobalt_security_list@xxxxxxxxxxx> wrote:
> I have made a few changes to the default config in portsentry, removed a
> couple of ports from the 'Port Configuration' section as I am tired of
> logcheck sending me 'Active System Attack' heading that can not be
ignored.
>
> I have killed the two processes that were running for portsentry and
> restarted them again yet I am still receiving reports for scans on the
> unwanted ports.
>
> /usr/local/psionic/portsentry/portsentry -tcp
> /usr/local/psionic/portsentry/portsentry -udp
>
> Can anyone tell me how to restart portsentry so it takes changes to the
> config file into configuration?
What you did works. I suspect that either there are multiple
portsentry.conf files on your server and the processes you started are
referring to a different file than the one you edited (locate
portsentry.conf), you didn't edit all of the appropriate variables (reply
with all port related sections) or LogSentry is reporting log records that
are a result of something other than PortSentry, such as IPCHAINS (reply
with relevant LogSentry report records).
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/