Gentoo Archives: gentoo-user

From: James <wireless@×××××××××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] net-analyzer/portsentry
Date: Mon, 25 May 2015 01:17:29
1 Well, we have this gentoo guide for portsentry:[1] This seem a bit dated.
2 I'd be curious for any information folks use including config file snippets
3 or deployment strategies, particularly in a multi-layered scheme. There is
4 only basic configuration/deployment ideas in /usr/share/doc/portsentry/.
5 Something newer/better than portsentry to watch
6 the ports?
9 I'm building up a small soho with 5 static ips, including (2) dns servers,
10 mail and a small (less than 10 domains) webserver all in a "dmz' and the
11 then a few dozen systems behind a second firewall. Certainly the minimal
12 ports to leave open (via iptables on each of these servers systems) as
13 well as the specific list of which ports to set portsentry to monitor by
14 category (DNS(bind) :: Web(apache) :: mail(postfix)) would be keen.
17 Should I put the port scanning on the the systems behind the published
18 (routed) ip address too just to see what (if anythying) get thru? Nothing
19 but return traffic should get through to the lan (no ssh into lan systems
20 or such will be allowed).
23 Reference diagrams of typical soho (< 50 systems) are of keen interest
24 just to get some ideas. In fact suggestions on FOSS to use to draw up some
25 generic diagrams, a wee bit nicer than dia, would be keen suggestions too.
27 Tripwire vs AIDE?
29 Perhaps a iptables protecting the dmz systems and main gateway (single
30 homed) but a nftables [2] based firewall/gw/router to the internal lan?
31 Note: This is more of a project than a collection of simple (syntax) answers
32 to specific questions (although all information is appreciated just to
33 complete the discussion). Any sensitive information can be send to me
34 privately for assured confidence.
37 Your ideas are welcome,
38 James
40 [1]
42 [2]