[olug] more ipchains

[Vincent]

> challenge :)I have portsentry running on my box,I'm still trying to
> figure out cron so it will e-mail me if I'm scanned or otherwise
> attacked.Is portsentry  the same as snort tho?Thanx to Daniel  Pfile for
> the  online reading material too.
> 
>             Gary  Martin.
> 
> ---------------------------------------------------------------------

The easiest way to setup your cron job is to first make a copy of your
crontab

crontab -l > ~/root.crontab

Then edit this file, adding the following line:

00,30 * * * * /usr/local/etc/logcheck.sh

(this will run every 30 minutes)

Now have cron read the new one:

crontab ~/root.crontab


Here's how I made it e-mail me:
I'll assume you have sendmail setup to send mail...
EDit the following line in of portsentry.conf:

KILL_RUN_CMD="/root/bin/send_alert"

Edit and save the following as /root/bin/send_alert:
#!/bin/bash
BIN=/root/bin
PS=/usr/local/psionic/portsentry
MAIL=user at home.com
PAGE=user%pager at pagenet.com
export BIN PS MAIL PAGE
MESG=`cat ${PS}/portsentry.history | tail -1 | cut -d" " -f3-10`
export MESG
/usr/bin/sendmail $MAIL <<END
$MESG
.
END
#

---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net