Skip to content

Detect portscans on linux with scanlogd

    PTFM

    PTFM

    Detect portscans on linux with scanlogd

    Install and Setup scanlogd

    ‘scanlogd’ is a TCP port scan detection tool which attempts to log all portscans of a host to the syslog, in a secure fashion. It was designed to illustrate various attacks an IDS developer has to deal with; thus, unlike some other port scan detection tools, ‘scanlogd’ is designed to be totally safe to use.

    Step 1: Install

    sudo apt-get update
    sudo apt-get install scanlogd

    Step 2: Setup user

    sudo groupadd scan
    sudo useradd scanlog -u 888 -g scan

    Step 3: Create startup file

    sudo vi /etc/init.d/scanlog

    Step 4: Copy into file and save

    #start scanlogd
    sudo -u scanlog /usr/sbin/scanlogd
    exit 0

    Step 5: chmod

    chmod 755 /etc/init.d/scanlogd

    Step 5: Add to rc.d

    update-rc.d

     

     

    Share this post

    Optimized by Optimole