On Tue, Apr 25, 2000 at 09:03:18AM +0200, Ola Samuelson wrote:
> Hi!
> Sorry for the OT and you have probably discussed this before but ...
>
> "Suddenly" I can see a lot of cron.daily jobs running slocate on my box.
> What is this? If bad - how do I stop it?
It's a special version of the locate command. Locate searches your whole
Filesystems in a regular way and generates a huge database containing each
file. It's sometimes very comfortable working with it.
S-Locate is a 'secured' version of it since it also stores ownership and
permission of files to prevent people with inproper rights to spy on the
privacy of other peoples on your system.
However. A lot of people consider locate/slocate as beeing harmful since it
enables a user to see a lot of the system in an easy way.
As long as it isn't a high security system, my personal opinion is, that you
just may use it to make system administration easier. But then, use slocate
at least.
try man slocate next time. Manpages don't hurt!
>
> Also, ps -ax reveals a lot of processes reffering to gcc libraries.
> As far as I can remember this has never happened before.
>
> Port question:
> 1. Does connection attempts from and to port 65535 mean anything special?
Never seen this port before. But as it is the last port available, it seems
either that it's some kiddie hack game or a bad programmed application :)
> 2. How about port 111?
This is the portmapper. It's a general port which manages the rpc services
(most famous is nfs). You should not allow nfs to be reachable.
RPC on UN*X is the most often used way to break in. (It's in fact one
of the major waeknesses of a Solaris box that it is using all these rpc-
scrap to make tons of IPC (interprocess communication).
If I had to decide, I would surely block it.
Try examining the file /etc/services next time. It gives you a hint
which ports are used for which protocolls.
>
> I can also see alot of in.indent processes on my web-server.
Identd is a dinosaur way to give another process on another machine
information about a user belonging to a quadruple (IP,port,IP,port).
It's no longer useful but some stupid programms still insist on it.
> Is this something I need or can I prevent is from starting? If so HOW?
Just have a look in /etc/inetd.conf . (don't confuse with identd)
Its the config file of a super server-daemon which listens to a lot of
ports and starts other daemons if needed. The config file describes how
this is done. On a firewall system, you shouldn't need this file since
you use sshd for communicating.
(don't delete this file for switching off inetd. Just go to your system
startup scripts directory and delete it there.
I strongly advice you to learn more about system administration and network--
setup. If you manage the security of a company, you should know the facts
above!
Try the /usr/doc/HOWTO Directory first (think you are using linux)
and if you have read enough, try the Reading-List-HOWTO, which gives
you further references.
with kind regards
Jochen Kaiser
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
