Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Psionic PortSentry and LogSentry' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Psionic PortSentry and LogSentry
Authored by: bluehz on Sep 20, '02 02:24:47PM

I use a nice free pkg on my Linux box that contains PortSentry, LogSentry, and HostSentry.See here for info:

http://www.psionic.com/products/trisentry.html

Basically - PortSentry watches for all sorts of malicious activity and then basns the IP's similar to what this script does, LogSentry keeps and eye on strange activity and notifies you via e-mail, and HostSentry does the same except in regards to logins, activity, etc.

The current PortSentry pkg at Psionic doesn't want to compile on OS X, but there is an older version made for OS X here:

http://www.osxgnu.org/software/Security/portsentry/

Also older version of LogSentry (called LogCheck) on teh same page above. Although I think the current version of LogSentry compiles fine...not sure.

PS - if anyone has any ideas on getting the current PortSentry 2.x to compile - info would be much appreciated. Here's the error:

cc -O -Wall -DBSD44 -o ./portsentry ./portsentry.c \
./portsentry_io.c ./portsentry_util.c -lpcap
./portsentry.h:55: header file 'netinet/ip_ether.h' not found
cpp-precomp: warning: errors during smart preprocessing, retrying in basic mode



[ Reply to This | # ]
Missing headers - was: Psionic PortSentry and LogSentry
Authored by: darkart on Oct 11, '02 04:36:52PM

Word from the darwin developers list is that some unix headers were removed in a late developer seed and were unintentionally left out of the final release of 10.2. You can get them by checking out the appropriate version of xnu from the darwin CVS (xnu-344.2 is what I have on a 10.2.1 (6D52) system). See the recent darwin-development archives for more info and discussion.

-eric



[ Reply to This | # ]