Hi RaQ Gurus, I checked the archive and google, but can't seem to get any definite info why Ports 1 and 6 seem to be running. I've check it with netstat -avp in root but it keeps coming up as a blank with which process is running/using the port. I've disable everything on my RaQ3 apart from the web and email pop3 server and control via https and SSH2 for ftp and shell. I've temporarily disable portsentry and ipchains for the read out below. I also checked in both: /etc/admserv/conf/httpd.conf and /etc/httpd/conf/httpd.conf.
In the '/etc/services' both ports 1 and 6 look open, ie do not have a '#' before. Is this where I can disable them or are they being used by something else. Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name Tcp 0 0 0.0.0.0:22 0.0.0.0:* ESTABLISHED 10979/sshd Tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 461/sendmail Tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 428/httpd Tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 428/httpd Tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 346/httpd Tcp 0 0 0.0.0.0:444 0.0.0.0:* LISTEN 346/httpd Tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 326/sshd Tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 321/inetd Tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 321/inetd Raw 0 0 0.0.0.0:1 (icmp) 0.0.0.0:* 7 - Raw 0 0 0.0.0.0:6 (tcp) 0.0.0.0:* 7 - (I've taken out my address on port 22 above) Thanks for you help, after reading a lot on security I'm getting pretty paranoid... A really helpful page for newbies I found for recently: http://www.ego.ws/linux/ Regards, Charles Teton _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
