abclinuxu.cz AbcLinuxu.cz itbiz.cz ITBiz.cz HDmag.cz HDmag.cz abcprace.cz AbcPráce.cz
AbcLinuxu hledá autory!
Inzerujte na AbcPráce.cz od 950 Kč
Rozšířené hledání
×

dnes 08:55 | Komunita

Do 22. září probíhá v Mountain View konference XDC2017 (X.Org Developer's Conference). Na programu je řada zajímavých přednášek. Sledovat je lze online. K dispozici je záznam přednášek ze včerejšího dne.

Ladislav Hagara | Komentářů: 0
včera 17:33 | Nová verze

Byla vydána nová stabilní verze 1.12 (1.12.955.36) webového prohlížeče Vivaldi (Wikipedie). Z novinek vývojáři zdůrazňují možnost zobrazení metadat u digitálních fotografií, vylepšený panel stahování a omezení sytosti barvy zdůraznění (YouTube). Nejnovější Vivaldi je postaveno na Chromiu 61.0.3163.91.

Ladislav Hagara | Komentářů: 24
včera 10:55 | Nová verze

Byla vydána verze 4.0 programovacího jazyka Swift (Wikipedie). Zdrojové kódy jsou k dispozici na GitHubu. Ke stažení jsou oficiální binární balíčky pro Ubuntu 16.10, Ubuntu 16.04 a Ubuntu 14.04.

Ladislav Hagara | Komentářů: 5
19.9. 23:33 | Zajímavý software

MojeFedora informuje, že PipeWire byl oficiálně oznámen (en). PipeWire bude zprostředkovávat aplikacím jednotný přístup k audiu a videu. Jedním z hlavních důvodů je možnost izolovat aplikace od audio a video zdrojů. Aplikace nebudou mít přímý přístup k hardwaru, ale budou se muset ptát multimediálního serveru PipeWire, který jim je na základě nastavených oprávnění poskytne nebo ne. V budoucnu by měl PipeWire nahradit PulseAudio.

Ladislav Hagara | Komentářů: 19
19.9. 00:55 | Zajímavý software

Společnost IBM věnovala svůj JVM (Java Virtual Machine) s názvem J9 nadaci Eclipse. Nové oficiální jméno tohoto virtuálního stroje určeného pro běh aplikací napsaných v programovacím jazyce Java je Eclipse OpenJ9 (Wikipedie). Podrobnosti v často kladených dotazech (FAQ).

Ladislav Hagara | Komentářů: 15
19.9. 00:11 | IT novinky

Mezinárodní konsorcium W3C (World Wide Web Consortium) publikovalo kontroverzní rozšíření HTML 5.1 EME (Encrypted Media Extensions) jako webový standard, tj. schválilo DRM v HTML 5.1. Mezinárodní nezisková organizace EFF (Electronic Frontier Foundation) hájící občanské svobody v digitálním světě zveřejnila na svých stránkách otevřený dopis adresovaný W3C. EFF s EME zásadně nesouhlasí a W3C opouští.

Ladislav Hagara | Komentářů: 57
18.9. 18:44 | Zajímavý projekt

Skywriter je deska umožňující snímat 3D gesta. Ben James na svých stránkách ukázal, jak lze pomocí této desky a Arduina Leonardo ovládat linuxový desktop. Videoukázka na YouTube. Ukázka kódu na GitHubu [reddit].

Ladislav Hagara | Komentářů: 4
18.9. 15:22 | Komunita

Od 8. do 10. září proběhla v Paříži konference UbuCon Europe 2017, tj. konference vývojářů a uživatelů linuxové distribuce Ubuntu. Dustin Kirkland z Canonicalu se ve své přednášce věnoval Ubuntu 18.04 LTS. Záznam přednášky byl zveřejněn na YouTube [reddit].

Ladislav Hagara | Komentářů: 1
18.9. 06:00 | Nová verze

Byla vydána verze 2.0 open source programu na kreslení grafů Veusz (Wikipedie). Z novinek je nutno zdůraznit přechod na Qt5 a PyQt5. Podrobnosti v poznámkách k vydání.

Ladislav Hagara | Komentářů: 0
17.9. 19:10 | Pozvánky

Společnost EurOpen.CZ pořádá 51. konferenci, která se bude konat 8. - 11. 10. 2017 v hotelu Vinné sklepy U Jeňoura, Prušánky - Nechory. Můžete se těšit na IoT s nádechem bezpečnosti, softwarový vývoj a optimalizace kódu, informační systémy ve státní správě a spoustu dalšího. Program konference a ceny viz: pozvanka51.pdf.

… více »
cuba | Komentářů: 0
Těžíte nějakou kryptoměnu?
 (5%)
 (3%)
 (17%)
 (75%)
Celkem 548 hlasů
 Komentářů: 22, poslední 29.8. 11:23
    Rozcestník

    Dotaz: portsentry pouze loguje

    19.7.2009 23:09 so3vil
    portsentry pouze loguje
    Přečteno: 397×
    Dobry den, nastavil jsem si PortSentry (portsentry-1.1-11.fr.i386)
    ale nefunguje mi hodnota v /etc/portsentry/portsentry.conf
    KILL_HOSTS_DENY="ALL: $TARGET$ : DENY"
    a
    KILL_RUN_CMD="/./mujskriptik $TARGET$ $PORT$"

    dobre mi to uklada zpravy o scanovani defaultne do /var/log/messages kde mi to pise napriklad

    attackalert: Host: xx.xx.xx.xx/xx.xx.xx.xx is already blocked Ignoring

    ale do /etc/hosts.deny to nic nezapise a "mujskriptik" to taky nespusti. pouzivam fedoru 9.
    tady je portsentry.conf:
    # PortSentry Configuration # # $Id: portsentry.conf,v 1.23 2001/06/26 15:20:56 crowland Exp crowland $ # # IMPORTANT NOTE: You CAN NOT put spaces between your port arguments. # # The default ports will catch a large number of common probes # # All entries must be in quotes. ####################### # Port Configurations # ####################### # # # Some example port configs for classic and basic Stealth modes # # I like to always keep some ports at the "low" end of the spectrum. # This will detect a sequential port sweep really quickly and usually # these ports are not in use (i.e. tcpmux port 1) # # ** X-Windows Users **: If you are running X on your box, you need to be sure # you are not binding PortSentry to port 6000 (or port 2000 for OpenWindows users). # Doing so will prevent the X-client from starting properly. # # These port bindings are *ignored* for Advanced Stealth Scan Detection Mode. # # Un-comment these if you are really anal: #TCP_PORTS="1,7,9,11,15,70,79,80,109,110,111,119,138,139,143,512,513,514,515,540,635,1080,1524,2000,2001,4000,4001,5742,6000,6001,6667,12345,12346,20034,27665,30303,32771,32772,32773,32774,31337,40421,40425,49724,54320" #UDP_PORTS="1,7,9,66,67,68,69,111,137,138,161,162,474,513,517,518,635,640,641,666,700,2049,31335,27444,34555,32770,32771,32772,32773,32774,31337,54321" # # Use these if you just want to be aware: TCP_PORTS="1,11,15,79,111,119,143,540,635,1080,1524,2000,5742,6667,12345,12346,20034,27665,31337,32771,32772,32773,32774,40421,49724,54320" UDP_PORTS="1,7,9,69,161,162,513,635,640,641,700,37444,34555,31335,32770,32771,32772,32773,32774,31337,54321" # # Use these for just bare-bones #TCP_PORTS="1,11,15,110,111,143,540,635,1080,1524,2000,12345,12346,20034,32771,32772,32773,32774,49724,54320" #UDP_PORTS="1,7,9,69,161,162,513,640,700,32770,32771,32772,32773,32774,31337,54321" ########################################### # Advanced Stealth Scan Detection Options # ########################################### # # This is the number of ports you want PortSentry to monitor in Advanced mode. # Any port *below* this number will be monitored. Right now it watches # everything below 1024. # # On many Linux systems you cannot bind above port 61000. This is because # these ports are used as part of IP masquerading. I don't recommend you # bind over this number of ports. Realistically: I DON'T RECOMMEND YOU MONITOR # OVER 1024 PORTS AS YOUR FALSE ALARM RATE WILL ALMOST CERTAINLY RISE. You've been # warned! Don't write me if you have have a problem because I'll only tell # you to RTFM and don't run above the first 1024 ports. # # ADVANCED_PORTS_TCP="1024" ADVANCED_PORTS_UDP="1024" # # This field tells PortSentry what ports (besides listening daemons) to # ignore. This is helpful for services like ident that services such # as FTP, SMTP, and wrappers look for but you may not run (and probably # *shouldn't* IMHO). # # By specifying ports here PortSentry will simply not respond to # incoming requests, in effect PortSentry treats them as if they are # actual bound daemons. The default ports are ones reported as # problematic false alarms and should probably be left alone for # all but the most isolated systems/networks. # # Default TCP ident and NetBIOS service ADVANCED_EXCLUDE_TCP="21,22,25,53,80,110,113,135,137,138,139,443" # Default UDP route (RIP), NetBIOS, bootp broadcasts. ADVANCED_EXCLUDE_UDP="520,517,518,513,138,137,123,68,67,53" ###################### # Configuration Files# ###################### # # Hosts to ignore IGNORE_FILE="/etc/portsentry/portsentry.ignore" # Hosts that have been denied (running history) HISTORY_FILE="/etc/portsentry/portsentry.history" # Hosts that have been denied this session only (temporary until next restart) BLOCKED_FILE="/etc/portsentry/portsentry.blocked" ############################## # Misc. Configuration Options# ############################## # # DNS Name resolution - Setting this to "1" will turn on DNS lookups # for attacking hosts. Setting it to "0" (or any other value) will shut # it off. RESOLVE_HOST = "1" ################### # Response Options# ################### # Options to dispose of attacker. Each is an action that will # be run if an attack is detected. If you don't want a particular # option then comment it out and it will be skipped. # # The variable $TARGET$ will be substituted with the target attacking # host when an attack is detected. The variable $PORT$ will be substituted # with the port that was scanned. # ################## # Ignore Options # ################## # These options allow you to enable automatic response # options for UDP/TCP. This is useful if you just want # warnings for connections, but don't want to react for # a particular protocol (i.e. you want to block TCP, but # not UDP). To prevent a possible Denial of service attack # against UDP and stealth scan detection for TCP, you may # want to disable blocking, but leave the warning enabled. # I personally would wait for this to become a problem before # doing though as most attackers really aren't doing this. # The third option allows you to run just the external command # in case of a scan to have a pager script or such execute # but not drop the route. This may be useful for some admins # who want to block TCP, but only want pager/e-mail warnings # on UDP, etc. # # # 0 = Do not block UDP/TCP scans. # 1 = Block UDP/TCP scans. # 2 = Run external command only (KILL_RUN_CMD) BLOCK_UDP="0" BLOCK_TCP="0" ################### # Dropping Routes:# ################### # This command is used to drop the route or add the host into # a local filter table. # # The gateway (333.444.555.666) should ideally be a dead host on # the *local* subnet. On some hosts you can also point this at # localhost (127.0.0.1) and get the same effect. NOTE THAT # 333.444.555.66 WILL *NOT* WORK. YOU NEED TO CHANGE IT!! # # ALL KILL ROUTE OPTIONS ARE COMMENTED OUT INITIALLY. Make sure you # uncomment the correct line for your OS. If you OS is not listed # here and you have a route drop command that works then please # mail it to me so I can include it. ONLY ONE KILL_ROUTE OPTION # CAN BE USED AT A TIME SO DON'T UNCOMMENT MULTIPLE LINES. # # NOTE: The route commands are the least optimal way of blocking # and do not provide complete protection against UDP attacks and # will still generate alarms for both UDP and stealth scans. I # always recommend you use a packet filter because they are made # for this purpose. # # Generic #KILL_ROUTE="/sbin/route add $TARGET$ 333.444.555.666" # Generic Linux #KILL_ROUTE="/sbin/route add -host $TARGET$ gw 333.444.555.666" # Newer versions of Linux support the reject flag now. This # is cleaner than the above option. #KILL_ROUTE="/sbin/route add -host $TARGET$ reject" # Generic BSD (BSDI, OpenBSD, NetBSD, FreeBSD) #KILL_ROUTE="/sbin/route add $TARGET$ 333.444.555.666" # Generic Sun #KILL_ROUTE="/usr/sbin/route add $TARGET$ 333.444.555.666 1" # NEXTSTEP #KILL_ROUTE="/usr/etc/route add $TARGET$ 127.0.0.1 1" # FreeBSD #KILL_ROUTE="route add -net $TARGET$ -netmask 255.255.255.255 127.0.0.1 -blackhole" # Digital UNIX 4.0D (OSF/1 / Compaq Tru64 UNIX) #KILL_ROUTE="/sbin/route add -host -blackhole $TARGET$ 127.0.0.1" # Generic HP-UX #KILL_ROUTE="/usr/sbin/route add net $TARGET$ netmask 255.255.255.0 127.0.0.1" ## # Using a packet filter is the PREFERRED. The below lines # work well on many OS's. Remember, you can only uncomment *one* # KILL_ROUTE option. ## # ipfwadm support for Linux #KILL_ROUTE="/sbin/ipfwadm -I -i deny -S $TARGET$ -o" # # ipfwadm support for Linux (no logging of denied packets) #KILL_ROUTE="/sbin/ipfwadm -I -i deny -S $TARGET$" # # ipchain support for Linux #KILL_ROUTE="/sbin/ipchains -I input -s $TARGET$ -j DENY -l" # # ipchain support for Linux (no logging of denied packets) #KILL_ROUTE="/sbin/ipchains -I input -s $TARGET$ -j DENY" # # iptables support for Linux #KILL_ROUTE="/sbin/iptables -I INPUT -s $TARGET$ -j DROP" # For those of you running FreeBSD (and compatible) you can # use their built in firewalling as well. # #KILL_ROUTE="/sbin/ipfw add 1 deny all from $TARGET$:255.255.255.255 to any" # # # For those running ipfilt (OpenBSD, etc.) # NOTE THAT YOU NEED TO CHANGE external_interface TO A VALID INTERFACE!! # #KILL_ROUTE="/bin/echo 'block in log on external_interface from $TARGET$/32 to any' | /sbin/ipf -f -" ############### # TCP Wrappers# ############### # This text will be dropped into the hosts.deny file for wrappers # to use. There are two formats for TCP wrappers: # # Format One: Old Style - The default when extended host processing # options are not enabled. # #KILL_HOSTS_DENY="ALL: $TARGET$" # Format Two: New Style - The format used when extended option # processing is enabled. You can drop in extended processing # options, but be sure you escape all '%' symbols with a backslash # to prevent problems writing out (i.e. \%c \%h ) # KILL_HOSTS_DENY="ALL: $TARGET$ : DENY" ################### # External Command# ################### # This is a command that is run when a host connects, it can be whatever # you want it to be (pager, etc.). This command is executed before the # route is dropped or after depending on the KILL_RUN_CMD_FIRST option below # # # I NEVER RECOMMEND YOU PUT IN RETALIATORY ACTIONS AGAINST THE HOST SCANNING # YOU! # # TCP/IP is an *unauthenticated protocol* and people can make scans appear out # of thin air. The only time it is reasonably safe (and I *never* think it is # reasonable) to run reverse probe scripts is when using the "classic" -tcp mode. # This mode requires a full connect and is very hard to spoof. # # The KILL_RUN_CMD_FIRST value should be set to "1" to force the command # to run *before* the blocking occurs and should be set to "0" to make the # command run *after* the blocking has occurred. # #KILL_RUN_CMD_FIRST = "0" # # #KILL_RUN_CMD="/some/path/here/script $TARGET$ $PORT$" #KILL_RUN_CMD="/bin/mail -s 'Portscan from $TARGET$ on port $PORT$' user@host < /dev/null" KILL_RUN_CMD="/./mujskriptik $TARGET$ $PORT$" ##################### # Scan trigger value# ##################### # Enter in the number of port connects you will allow before an # alarm is given. The default is 0 which will react immediately. # A value of 1 or 2 will reduce false alarms. Anything higher is # probably not necessary. This value must always be specified, but # generally can be left at 0. # # NOTE: If you are using the advanced detection option you need to # be careful that you don't make a hair trigger situation. Because # Advanced mode will react for *any* host connecting to a non-used # below your specified range, you have the opportunity to really # break things. (i.e someone innocently tries to connect to you via # SSL [TCP port 443] and you immediately block them). Some of you # may even want this though. Just be careful. # SCAN_TRIGGER="0" ###################### # Port Banner Section# ###################### # # Enter text in here you want displayed to a person tripping the PortSentry. # I *don't* recommend taunting the person as this will aggravate them. # Leave this commented out to disable the feature # # Stealth scan detection modes don't use this feature # #PORT_BANNER="** UNAUTHORIZED ACCESS PROHIBITED *** YOUR CONNECTION ATTEMPT HAS BEEN LOGGED. GO AWAY." # EOF
    Kdyby ste mi poradily tak bych byl moc rad :-)

    Odpovědi

    vladky avatar 20.7.2009 07:53 vladky | skóre: 18
    Rozbalit Rozbalit vše Re: portsentry pouze loguje
    Příloha:
    Mne portsentry funguje v pohode. Ako External Command pouzivam zapis do textoveho suboru. Aby nove pravidla pre iptables fungovali aj po restarte, vo firewall scripte mam tento textak includovany.
    # External Command
    KILL_RUN_CMD="echo /usr/sbin/iptables -I INPUT 1 -s $TARGET$ -j DROP >> /etc/portsentry/portsentry.fw"
    V prilohe je moj portsentry.conf
    vladky avatar 20.7.2009 07:55 vladky | skóre: 18
    Rozbalit Rozbalit vše Re: portsentry pouze loguje
    ... a este dodam ze verzia portsentry ktoru pouzivam je 1.2 (vlastna kompilacia)
    24.7.2009 19:56 so3vil
    Rozbalit Rozbalit vše Re: portsentry pouze loguje
    dekuji moc :) chyba byla v nastaveni

    BLOCK_UDP="0" BLOCK_TCP="0"

    pricemz v komentari jsem prehlid vysvetleni :p

    # 0 = Do not block UDP/TCP scans. # 1 = Block UDP/TCP scans. # 2 = Run external command only (KILL_RUN_CMD)

    Založit nové vláknoNahoru

    Tiskni Sdílej: Linkuj Jaggni to Vybrali.sme.sk Google Del.icio.us Facebook

    ISSN 1214-1267   www.czech-server.cz
    © 1999-2015 Nitemedia s. r. o. Všechna práva vyhrazena.