maxlareo.portsentry

Panoramica Versioni Approfondimenti

PortSentry

Build Status Ansible Galaxy

This guide explains how to install and set up PortSentry on Debian-like systems.

Role Variables

About the /etc/portsentry/portsentry.conf file

  • portsentry_tcp_ports: [default: 1,11,15,79,111,119,143,540,635,1080,1524,2000,5742,6667,12345,12346,20034,27665,31337,32771,32772,32773,32774,40421,49724,54320]: List of TCP ports for regular and basic Stealth modes
  • portsentry_udp_ports: [default: 1,7,9,69,161,162,513,635,640,641,700,37444,34555,31335,32770,32771,32772,32773,32774,31337,54321]: List of UDP ports for regular and basic Stealth modes
  • portsentry_advanced_exclude_tcp: [default: 113,139]: TCP ports to ignore; PortSentry won't respond to requests on these ports, treating them as active services
  • portsentry_advanced_exclude_udp: [default: 520,138,137,67]: UDP ports to ignore; PortSentry won't respond to requests on these ports, treating them as active services
  • portsentry_ignore_file: [default: /etc/portsentry/portsentry.ignore]: List of hosts to ignore
  • portsentry_history_file: [default: /var/lib/portsentry/portsentry.history]: Record of denied hosts (history of action)
  • portsentry_blocked_file: [default: /var/lib/portsentry/portsentry.blocked]: List of hosts denied during this session (temporary until next restart)
  • portsentry_RESOLVE_HOST: [default: 0]: DNS resolution option; 1 enables name lookups, 0 disables it
  • portsentry_block_udp: [default: 0]: Control automatic response for UDP (options: 0 for no blocking, 1 for blocking, 2 for running an external command)
  • portsentry_block_tcp: [default: 0]: Control automatic response for TCP (options: same as above)
  • portsentry_kill_route: [default: /sbin/iptables -I INPUT -s $TARGET$ -j DROP]: Command used to block a network route or add a host to a local filter
  • portsentry_scan_trigger: [default: 0]: Number of port connections allowed before triggering an alert; 0 reacts immediately

About the /etc/portsentry/portsentry.ignore.static file

  • portsentry_ignore_static: [default: []]: List of hosts that should never be blocked (format: ip/netmask), assumes a netmask of 32 bits if none is provided

Dependencies

None

Example Playbook

- hosts: servers
  roles:
    - portsentry

License

MIT

Informazioni sul progetto

Install and configure PortSenrty in Debian-like systems

role portsentry security
Installa
ansible-galaxy install maxlareo.portsentry
GitHub repository
2 stelle
1 fork
1 problemi aperti
Licenza
mit
Download
121
Proprietario