7.9. Port Sentry

The following configuration will work after boot and while LIDS_GLOBAL is on because it gives portsentry the CAP_NET_BIND_SERVICE capability. Depending on what you want portsentry to do, you may or may not need all of the following ACLs.
/sbin/lidsconf -A -s /usr/local/psionic/portsentry/portsentry \
                  -o /usr/local/psionic/portsentry 					-j WRITE
/sbin/lidsconf -A -s /usr/local/psionic/portsentry/portsentry \
                  -o /var/log 												-j WRITE
/sbin/lidsconf -A -s /usr/local/psionic/portsentry/portsentry \
                  -o CAP_NET_BIND_SERVICE                        -j GRANT

# For portsentry to be able to update the firewall:
/sbin/lidsconf -A -s /usr/local/psionic/portsentry/portsentry \
                  -o CAP_NET_RAW -i 1                            -j GRANT

# For portsentry to be able to update /etc/hosts.allow and/or /etc/hosts.deny:
/sbin/lidsconf -A -s /usr/local/psionic/portsentry/portsentry \
                  -o /etc/hosts.allow             		-j WRITE
/sbin/lidsconf -A -s /usr/local/psionic/portsentry/portsentry \
                  -o /etc/hosts.deny             		-j WRITE