disabling portsentry for certain ports
Just FYI, I had an issue with portsentry preventing access to the secure ports while the non-secure were running and stunnel was also running :
[email protected] [/etc/portsentry]# netstat -l --program | grep stunnel
tcp 0 0 *:imaps *:* LISTEN 29792/stunnel-4.04l
tcp 0 0 *:2083 *:* LISTEN 29792/stunnel-4.04l
tcp 0 0 *:pop3s *:* LISTEN 29792/stunnel-4.04l
tcp 0 0 *:2087 *:* LISTEN 29792/stunnel-4.04l
tcp 0 0 *:2096 *:* LISTEN 29792/stunnel-4.04l
Simple cpanel restart didn't fix it.
After :
/etc/rc.d/init.d/portsentry stop
/etc/rc.d/init.d/cpanel restart
/etc/rc.d/init.d/portsentry start
Everything is working.
The permanent fix for this is to add the ports to the exclude list so that portsentry will ignore these ports and never bind to them.
in /etc/portsentry/portsentry.conf change :
ADVANCED_EXCLUDE_TCP="113,139" <- default setting from my experience
to :
ADVANCED_EXCLUDE_TCP="113,139,2083,2087,2096"
restart portsentry :
/etc/rc.d/init.d/portsentry restart
Hope this helps someone, and I have no idea why these ports aren't excluded by default. My guess is that portsentry doesn't mess with the non-secure as they don't contain as much gibberish(at least as far as the tcp wrapper is concerned)
Just FYI, I had an issue with portsentry preventing access to the secure ports while the non-secure were running and stunnel was also running :
[email protected] [/etc/portsentry]# netstat -l --program | grep stunnel
tcp 0 0 *:imaps *:* LISTEN 29792/stunnel-4.04l
tcp 0 0 *:2083 *:* LISTEN 29792/stunnel-4.04l
tcp 0 0 *:pop3s *:* LISTEN 29792/stunnel-4.04l
tcp 0 0 *:2087 *:* LISTEN 29792/stunnel-4.04l
tcp 0 0 *:2096 *:* LISTEN 29792/stunnel-4.04l
Simple cpanel restart didn't fix it.
After :
/etc/rc.d/init.d/portsentry stop
/etc/rc.d/init.d/cpanel restart
/etc/rc.d/init.d/portsentry start
Everything is working.
The permanent fix for this is to add the ports to the exclude list so that portsentry will ignore these ports and never bind to them.
in /etc/portsentry/portsentry.conf change :
ADVANCED_EXCLUDE_TCP="113,139" <- default setting from my experience
to :
ADVANCED_EXCLUDE_TCP="113,139,2083,2087,2096"
restart portsentry :
/etc/rc.d/init.d/portsentry restart
Hope this helps someone, and I have no idea why these ports aren't excluded by default. My guess is that portsentry doesn't mess with the non-secure as they don't contain as much gibberish(at least as far as the tcp wrapper is concerned)
