PortSentry

PortSentry is part of SentryTools. This and depending on how it is configured take action upon excessive access to watched ports.

The configuration file presented in this guide is setup to block addresses which are picked up and then log them to a log file in /var/log/portsentry.block.log

A good example of portsentry in action, is that if the machine was port-scanned, it would be blocked and unable to perform further scanning or make attempts at exploiting the machines vulnerabilities.

Often times before an intrusion attempt, one might first scan a machine to look for potential security holes, making this program the defender on the front lines of the cyber battlefield.

Starting PortSentry
To start portsentry simply run

To add portsentry to startup: