PortSentry is great attack detection tool. It detects of scans on a host. PortSentry monitors for both TCP as well as UDP scans. It is worth installing and configuring it to improve the server security.
apt-get install portsentry
rpm -i portsentry*
yaourt -S portsentry
sudo nano /etc/portsentry/portsentry.conf
Below you can find settings from my configuration. Adjust them to suit your needs or leave as it is to keep ports of your server safe and block any scans.
Uncomment one of the following set of ports
- Un-comment these if you are really anal
- Use these if you just want to be aware
- Use these for just bare-bones
Personally I always choose the first set. By default second set is uncommented.
# Un-comment these if you are really anal:
Here you can add additional ports you want to monitor
Also you can exclude some ports here:
Location for ignored, history and blocked hosts.
# Hosts to ignore
# 0 = Do not block UDP/TCP scans.
Enter text in here you want displayed to a person tripping the PortSentry.
PORT_BANNER="** UNAUTHORIZED ACCESS PROHIBITED *** YOUR CONNECTION ATTEMPT HAS BEEN LOGGED. GO AWAY."