PTFM

Install and Setup scanlogd

‘scanlogd’ is a TCP port scan detection tool which attempts to log all portscans of a host to the syslog, in a secure fashion. It was designed to illustrate various attacks an IDS developer has to deal with; thus, unlike some other port scan detection tools, ‘scanlogd’ is designed to be totally safe to use.

Step 1: Install

sudo apt-get update
sudo apt-get install scanlogd

Step 2: Setup user

sudo groupadd scan
sudo useradd scanlog -u 888 -g scan

Step 3: Create startup file

sudo vi /etc/init.d/scanlog

Step 4: Copy into file and save

#start scanlogd
sudo -u scanlog /usr/sbin/scanlogd
exit 0

Step 5: chmod

chmod 755 /etc/init.d/scanlogd

Step 5: Add to rc.d

update-rc.d