1. On the first system, we install the PortSentry package, using the following command:

    apt-get install portsentry

2. During the installation process, a window will open containing some information about PortSentry. Just click Ok to continue.

3. As soon as the installation completes, PortSentry starts monitoring on TCP and UDP ports. We can verify this by checking the /var/log/syslog file by using the following command:

    grep portsentry /var/log/syslog

We can see messages related to portsentry in the log.

4. Now on the second machine, which we are using as a client, run the nmap command as shown here:

We can also use any other nmap command to perform a TCP or UDP scan on the first system, which has portsentry running. To check Nmap commands, see Chapter 1, Linux Security Problem. In the previous result, we can see that nmap is able to scan successfully even when PortSentry is running on the first system. We can even try to ping the server system from the client to see if it is working after installing Portsentry.

5. Now, let's configure PortSentry by editing the /etc/portsentry/portsentry.conf file on the server system. After opening it in the editor of your choice, look for the lines shown here and change the value to 1:

6. Scroll down and then find and uncomment this line:

7. Next, uncomment the following line:

Once done, save and close the file.

8. Next, edit the /etc/default/portsentry file:

In the lines shown here, we need to mention for which protocol Portsentry should be working, TCP or ATCP.

9. Now, edit the /etc/portsentry/portsentry.ignore.static file and add a line at the bottom, as shown here:

Here, 192.168.1.104 is the IP address of the client machine that we are trying to block.

10. Now, restart the Portsentry service by running this command:

11. Once the previous steps are complete, we will again try to run nmap on the client machine and see if it still works properly:

We can see that nmap is now not able to scan the IP address.

12. If we try to ping the server from the client, even that does not work:

13. If we check the /etc/hosts.deny file, we shall see the following line has automatically been added:

14. Similarly, when we check the /var/lib/portsentry/portsentry.history file, we get the a result similar to the last line in this screenshot: