"Bob Puff@NLE" wrote:
>
> Hi Gang,
>
> I keep getting this in my mail and also in my logs. Is this normal?
>
> *** Diff Check, Wed Jul 5 04:01:57 EDT 2000 ***
>
> Security Warning: There is modifications for port listening on your machine :
> - Opened ports : tcp 0 0 *:www *:*
> LISTEN 747/httpd
> - Opened ports : tcp 0 0 *:10000 *:*
> LISTEN 784/perl
> - Opened ports : tcp 0 0 *:smtp *:*
> LISTEN 718/master
> - Opened ports : tcp 0 0 *:cfengine *:*
> LISTEN 600/cfd
> - Opened ports : tcp 0 0 *:nntp *:*
> LISTEN 587/inetd
> - Opened ports : tcp 0 0 *:pop3 *:*
> LISTEN 587/inetd
> - Opened ports : tcp 0 0 *:telnet *:*
> LISTEN 587/inetd
> - Opened ports : tcp 0 0 *:ftp *:*
> LISTEN 587/inetd
> - Opened ports : tcp 0 0 *:sunrpc *:*
> LISTEN 490/portmap
> - Opened ports : udp 0 0 *:10000 *:*
> 784/perl
> - Opened ports : udp 0 0 *:sunrpc *:*
> 490/portmap
> - Closed ports : tcp 0 0 *:www *:*
> LISTEN 30057/httpd
>
> - Closed ports : tcp 0 0 *:10000 *:*
> LISTEN 825/perl
> - Closed ports : tcp 0 0 *:smtp *:*
> LISTEN 748/master
> - Closed ports : tcp 0 0 *:cfengine *:*
> LISTEN 630/cfd
> - Closed ports : tcp 0 0 *:nntp *:*
> LISTEN 617/inetd
> - Closed ports : tcp 0 0 *:pop3 *:*
> LISTEN 617/inetd
> - Closed ports : tcp 0 0 *:telnet *:*
> LISTEN 617/inetd
> - Closed ports : tcp 0 0 *:ftp *:*
> LISTEN 617/inetd
> - Closed ports : tcp 0 0 *:sunrpc *:*
> LISTEN 520/portmap
> - Closed ports : udp 0 0 *:10000 *:*
> 825/perl
> - Closed ports : udp 0 0 *:sunrpc *:*
> 520/portmap
>
> *** Security Check, Wed Jul 5 04:02:06 EDT 2000 ***
>
> Security Warning: World Writeable files found :
> - /home/bob/http
> - /tmp
> - /tmp/.X11-unix
> - /tmp/.X11-unix/X9
> - /tmp/.font-unix
> - /tmp/.font-unix/fs-1
> - /var/lib/svgalib
> - /var/lib/texmf
> - /var/lib/texmf/ls-R
> - /var/spool/fax/outgoing
> - /var/spool/fax/outgoing/locks
> - /var/spool/postfix/maildrop
> - /var/spool/postfix/private/bounce
> - /var/spool/postfix/private/bsmtp
> - /var/spool/postfix/private/cleanup
> - /var/spool/postfix/private/cyrus
> - /var/spool/postfix/private/defer
> - /var/spool/postfix/private/error
> - /var/spool/postfix/private/ifmail
> - /var/spool/postfix/private/local
> - /var/spool/postfix/private/rewrite
> - /var/spool/postfix/private/smtp
> - /var/spool/postfix/private/uucp
> - /var/spool/postfix/public/pickup
> - /var/spool/postfix/public/qmgr
> - /var/spool/postfix/public/showq
> - /var/spool/samba
> - /var/tmp
>
> These are the ports listening on your machine :
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address Foreign Address State
>PID/Program name
> tcp 0 0 *:www *:* LISTEN
>747/httpd
> tcp 0 0 *:10000 *:* LISTEN
>784/perl
> tcp 0 0 *:smtp *:* LISTEN
>718/master
> tcp 0 0 *:cfengine *:* LISTEN
>600/cfd
> tcp 0 0 *:nntp *:* LISTEN
>587/inetd
> tcp 0 0 *:pop3 *:* LISTEN
>587/inetd
> tcp 0 0 *:telnet *:* LISTEN
>587/inetd
> tcp 0 0 *:ftp *:* LISTEN
>587/inetd
> tcp 0 0 *:sunrpc *:* LISTEN
>490/portmap
> udp 0 0 *:10000 *:*
>784/perl
> udp 0 0 *:sunrpc *:*
>490/portmap
> raw 0 0 *:icmp *:* 7 -
> raw 0 0 *:tcp *:* 7 -
>
> What does this mean? Should I modify anything?
>
> Bob
You DO have webmin running on 10000. Unless you plan to do
remote control, fire up netscape and
http://127.0.0.1:10000
login is root
password is root's password
Go to Webmin Configuration->IP Access control and tick "allow
only from listed addresses" then type in 127.0.0.1 and any other
addresses you care to access webmin from and SAVE.
Then look around--you have one of the most powerful
administration tools in your own control. Want to configure
servers, stop processes, set up boot defaults, look at disk
partitioning? It's all there and more.
Civileme
