Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-analyzer/portsentry/files/portsentry.8
diff options
context:
space:
mode:
Diffstat (limited to 'net-analyzer/portsentry/files/portsentry.8')
-rw-r--r--net-analyzer/portsentry/files/portsentry.8151
1 files changed, 151 insertions, 0 deletions
diff --git a/net-analyzer/portsentry/files/portsentry.8 b/net-analyzer/portsentry/files/portsentry.8
new file mode 100644
index 000000000000..7c9d6a617262
--- /dev/null
+++ b/net-analyzer/portsentry/files/portsentry.8
@@ -0,0 +1,151 @@
+.TH PORTSENTRY 8
+.\" NAME should be all caps, SECTION should be 1-8, maybe w/ subsection
+.\" other parms are allowed: see man(7), man(1)
+.SH NAME
+portsentry \- detect portscan activity
+.SH SYNOPSIS
+.B portsentry
+.I "[ \-tcp | \-stcp | \-atcp ]"
+.br
+.B portsentry
+.I "[ \-udp | \-sudp | \-audp ]"
+.SH "DESCRIPTION"
+This manual page documents briefly the
+.BR portsentry
+command.
+This manual page was written for the Debian GNU/Linux distribution
+because the original program does not have a manual page.
+.PP
+.B portsentry
+is a program that tries to detect portscans on network interfaces with the ability to detect stealth scans. On alarm portsentry can block the scanning machine via hosts.deny (see
+.BR hosts_access (5),
+firewall rule (see
+.BR ipfwadm (8) ,
+.BR ipchains (8)
+and
+.BR iptables (8))
+or dropped route (see
+.BR route (8)).
+.SH OPTIONS
+For details on the various modes see
+.I /usr/doc/portsentry/README.install
+.
+.TP
+.B \-tcp
+tcp portscan detection on ports specified under
+.I TCP_PORTS
+in the config file
+.IR /etc/portsentry/portsentry.conf .
+.TP
+.B \-stcp
+As above but additionally detect stealth scans.
+.TP
+.B \-atcp
+Advanced tcp or inverse mode. Portsentry binds to all unused ports below
+.I ADVANCED_PORTS_TCP
+given in the config file
+.IR /etc/portsentry/portsentry.conf .
+
+.TP
+.B \-udp
+udp portscan detection on ports specified under
+.I UDP_PORTS
+in the config file
+.IR /etc/portsentry/portsentry.conf .
+.TP
+.B \-sudp
+As above but additionally detect "stealth" scans.
+.TP
+.B \-audp
+Advanced udp or inverse mode. Portsentry binds to all unused ports below
+.I ADVANCED_PORTS_UDP
+given in the config file
+.IR /etc/portsentry/portsentry.conf .
+
+.SH "CONFIGURATION FILES"
+.B portsentry
+keeps all its configuration files in
+.BR /etc/portsentry.
+.B portsentry.conf
+is
+.BR portsentry 's
+main configuration file. See
+.BR portsentry.conf (5)
+for details.
+
+The file
+.BR portsentry.ignore
+contains a list of all hosts that are ignored, if they connect to a tripwired
+port. It should contain at least the localhost(127.0.0.1), 0.0.0.0 and the IP addresses of all local interfaces. You can ignore whole subnets by using a notation <IP Address>/<Netmask Bits>. It is *not* recommend putting in every machine IP on your network. It may be important for you to see who is connecting to you, even if it is a "friendly" machine. This can help you detect internal host compromises faster.
+
+If you use the
+.IR /etc/init.d/portsentry
+script to start the daemon,
+.BR portsentry.ignore
+is rebuild on each start of the daemon using
+.BR portsentry.ignore.static
+and all the IP addresses found on the machine via
+.BR ifconfig .
+
+.BR /etc/default/portsenty
+specifies in which protocol modes
+.B portsentry
+should be startet from
+.IR /etc/init.d/portsentry
+There are currently two options:
+.TP
+.B TCP_MODE=
+either
+.BR tcp ", " stcp " or " atcp " (see " OPTIONS " above)."
+.TP
+.B UDP_MODE=
+either
+.BR udp ", " sudp " or " audp " (see " OPTIONS " above)."
+
+.PP
+The options above correspond to portsentry's commandline arguments. For example
+.B TCP_MODE="atcp"
+has the same effect as to start portsentry using
+.BR portsentry " " -atcp.
+Only one mode per protocol can be started at a time (i.e. one tcp and one udp mode).
+
+.SH "FILES"
+.BR /etc/portsentry/portsentry.conf
+main configuration file
+.TP
+.BR /etc/portsentry/portsentry.ignore
+IP addresses to ignore
+.TP
+.BR /etc/portsentry/portsentry.ignore.static
+static IP addresses to ignore
+.TP
+.BR /etc/default/portsentry
+startup options
+.TP
+.BR /etc/init.d/portsentry
+script responsible for starting and stopping the daemon
+.TP
+.BR /var/lib/portsentry/portsentry.blocked.*
+blocked hosts(cleared upon reload)
+.TP
+.BR /var/lib/portsentry/portsentry.history
+history file
+.LP
+.SH "SEE ALSO"
+.BR portsentry.conf(5),
+.BR hosts_access(5),
+.BR hosts_options(5),
+.BR route(8),
+.BR ipfwadm(8),
+.BR ipchains(8),
+.BR iptables(8),
+.BR ifconfig(8)
+
+.BR /usr/share/doc/portsentry/README.install
+.LP
+.SH AUTHOR
+.B portsentry
+was written by Craig H. Howland
+.B <crowland@users.sf.net>.
+
+This manual page was stitched together by Guido Guenther <agx@debian.org>, for the Debian GNU/Linux system (but may be used by others). Some parts are just a cut and paste from the original documentation.