This shows you the differences between two versions of the page.
Next revision | Previous revision Next revision Both sides next revision | ||
сервис_portsentry [2012/06/14 15:37] val создано |
сервис_portsentry [2020/07/22 20:47] val [Сервис Portsentry] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Сервис Portsentry ====== | ====== Сервис Portsentry ====== | ||
- | ===== Установка и настройка на блокировку с использованием route ==== | + | * [[https://www.opennet.ru/docs/RUS/portsentry/portsentry3.html|Настройка portsentry]] |
- | ==== Ubuntu ==== | + | ===== Установка ===== |
+ | |||
+ | ==== Debian/Ubuntu ==== | ||
<code> | <code> | ||
- | gate# apt-get install portsentry | + | # apt install portsentry |
+ | </code> | ||
- | gate# tail -f /var/log/syslog | + | ===== Использование в режиме без блокировки ===== |
- | gate# ci -l /etc/portsentry/portsentry.conf | + | Настраивается по умолчанию |
- | gate# cat /etc/portsentry/portsentry.conf | + | <code> |
+ | # cat /etc/portsentry/portsentry.conf | ||
+ | </code><code> | ||
+ | ... | ||
+ | BLOCK_UDP="0" | ||
+ | BLOCK_TCP="0" | ||
+ | ... | ||
+ | </code><code> | ||
+ | # tail -f /var/log/syslog | ||
+ | </code> | ||
+ | |||
+ | ===== Настройка на блокировку с использованием route ===== | ||
+ | |||
+ | [[Сервисы Gateway и routing#Управление таблицей маршрутизации]] | ||
+ | |||
+ | <code> | ||
+ | # cat /etc/portsentry/portsentry.conf | ||
</code><code> | </code><code> | ||
... | ... | ||
BLOCK_UDP="1" | BLOCK_UDP="1" | ||
BLOCK_TCP="1" | BLOCK_TCP="1" | ||
+ | ... | ||
+ | # Newer versions of Linux support the reject flag now. This | ||
+ | # is cleaner than the above option. | ||
+ | KILL_ROUTE=... | ||
... | ... | ||
</code><code> | </code><code> | ||
- | gate# /etc/init.d/portsentry restart | + | /sbin/route del -host 192.168.N.M reject |
+ | </code> | ||
- | gate# cat /var/lib/portsentry/portsentry.blocked.* | + | ===== Настройка на блокировку с использованием libwrap ===== |
- | gate# netstat -rn | grep '!H' | + | [[Сервис Tcpwrap#Конфигурация в режиме "все разрешено, кроме"]] |
- | </code> | + | |
- | ==== Ubuntu ==== | ||
<code> | <code> | ||
+ | # :> /etc/hosts.deny | ||
+ | # cat /etc/portsentry/portsentry.conf | ||
+ | </code><code> | ||
+ | ... | ||
+ | KILL_HOSTS_DENY="ALL: $TARGET$" | ||
+ | ... | ||
</code> | </code> | ||
+ | |||
+ | ===== Просмотр заблокированных хостов ===== | ||
+ | <code> | ||
+ | # cat /var/lib/portsentry/portsentry.blocked.* | ||
+ | </code> | ||
+ |