Kyle W. Bartley
Assignment 10
November 25th, 2002


Installation of Psionic Trisentry Suite


Introduction:

For my final project, I'm wanted to try increasing the security of my Linux system by installing a security package. Through some searching, I found Psionic's website and the Trisentry suite (formerly known as the Abacus project). I decided to try installing all three of Psionic's security programs, HostSentry, PortSentry and LogCheck.


Installation Narrative:
  1. First, I downloaded the three tarballs from Psionic's site:

    % wget http://www.psionic.com/downloads/hostsentry-0.02.tar.gz
    % wget http://www.psionic.com/downloads/portsentry-1.1.tar.gz
    % wget http://www.psionic.com/downloads/logcheck-1.1.1.tar.gz

    Problem: The first time around, I tried downloading the beta version of PortSentry (portsentry-2.0b.1.tar.gz), but I had alot of problems trying to install it, so I decided to go with the older version instead, until they could get an Alpha version of 2.0 out.
     
  2. I unzipped and detarred all three files and decided to begin with the logcheck.
     
  3. I began by reading the INSTALL file. As instructed, I checked the 'syslog.conf' file, to insure that system events were being logged in '/var/log/messages'. The log was set up by default to log all events except normal mail events and cron events. I left it as such.
     
  4. Next, I changed the ownership and permissions for the log files as recommended in the log file:

    % chown root.wheel /var/log/messages
    % chmod 600 /var/log/messages
     
  5. Next, I ran the 'make linux' command to create the appropriate files.
     
  6. Then I edited the logcheck.sh as follows:

    -- changed the SYSADMIN to 'kbartley'
    -- uncommented logfiles appropriate to my installation
     
  7. After I had finished configuring logcheck to my liking, I added the following line to the '/etc/crontab' file to make sure logcheck runs every hour.

    -- 00 * * * * root /bin/sh /usr/loc/etc/logcheck.sh

  8. Next, I moved on to the installation of Host Sentry. I read the README.install file to get started. I have python already and activated the appropriate modules.

  9. This installation was rather simple. I ran 'make install' which created the HostSentry files.

  10. I looked through the configuration files, but kept all of the default configs. The only thing I did further with HostSentry was added a line to rc.local so that it would start at boot-up

    -- python hostsentry.py
     
  11. Finally, I did the PortSentry install. I began by reading the README.install file.

  12. I made no changes to the portsentry_config.h file.

  13. I made the following changes to portsentry.conf

    -- uncommented appropiate kill commands
    -- uncommented welcome banner for connections
     
  14. I added the IP of my home machine to the portsentry.ignore file.

  15. Next, I ran the following commands to compile and install PortSentry.

    % sudo make linux
    % sudo make install

  16. Finally, I added the following lines to rc.local to start PortSentry on boot-up.

    -- /usr/local/psionic/portsentry/portsentry -tcp
    -- /usr/local/psionic/portsentry/portsentry -udp

Instructions for use:

HostSentry and PortSentry will start on bootup because of the commands added to rc.local. LogCheck will run every hour while the system is up because of the line added to crontab.

Checking to make sure it works:

Logcheck:
I logged in and out as root a couple of times. As expected, logcheck sent emails to kbartley, reporting the logins.

HostSentry and PortSentry:
These two are little tougher to test. I'll have to wait a couple of days to see what the logs say. I can also try and do some things to the machine that will cause my IP to be blocked, but I'll need to do it from another machine.

Link to Linux Log File