I run logcheck without the portsentry on my boxes to to get a roll up of any
connections recorded in /var/log/messages. You can also filter out anything you do
not want to see (I filter out POP connections). The program basically fires up out of
a cron job and looks for any changes in you messages file then mails root any security
violations or unusual events.
ftp://ftp.rpmfind.net/linux/contrib/libc6/i386//logcheck-1.1.1-1.i386.rpm
more info here:
http://www.psionic.com/abacus/logcheck/
On Thu, 25 January 2001, Charlie Brady wrote:
>
>
> On Thu, 25 Jan 2001, Michael Jung wrote:
>
> > > Use logcheck by Psionic software. Works great on e-smith. I have
> > > been using
> > > it since the early days of ver 3.
> > >
> > > http://www.psionic.com/
> >
> > Yes I can confirm, I also use portsentry (same company) on my 4.0b7 system
> > to add an ipchains rule after a portscan is detected by the s-smith-server.
>
> I'd think carefully before doing that. Running portsentry opens you up to
> a denial of service attack, without necessarily adding any protection.
>
> If your box has no exploitable vulnerabilities, the portscan is harmless.
> If it has vulnerabilities, then portsentry won't necessarily help you.
>
> Justin, I'd be very happy to have a contributed e-smith-logcheck RPM :-)
>
> Charlie Brady [EMAIL PROTECTED]
> http://www.e-smith.org (development) http://www.e-smith.com (corporate)
> Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739
> e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada
>
>
>
> --
> This list is archived
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
--
Daniel C. Slagle
The question with Unix is not "Can I?" it's "How do I?"
