If you don't pop mail from this machine, turn off inetd completely (you don't need it). If you do, put a # sign in front of all _except_ pop3, then stop and start inetd.
Then also run: netstat -tupan and look at all your open ports. If you don't need the service, turn it off. If you only need the service locally, block it with iptables from external use. You should protect your system with iptables: iptables -t filter -i <ext_dev> -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t filter -A INPUT -i <ext_dev> -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t filter -A FORWARD -i <ext_dev> -m state --state NEW,INVALID -j DROP iptables -t filter -A INPUT -i <ext_dev> -m state --state NEW,INVALID -j DROP replace ext_dev with your external device, i.e., ppp0 (or ppp+), eth0, etc. On Wed, 13 Feb 2002 23:35:17 -0600 begin daddy <[EMAIL PROTECTED]> spewed forth: > With my recent hacker scare I decided to look into my security. Here > is a portion of my inetd.conf file. I only use my internet > connection receive email (pop3) and surf the internet at this point. > What can I turn off? > > #echo dgram udp wait root internal > discard stream tcp nowait root internal > discard dgram udp wait root internal > daytime stream tcp nowait root internal > daytime dgram udp wait root internal > #chargen stream tcp nowait root internal > #chargen dgram udp wait root internal > time stream tcp nowait root internal > time dgram udp wait root internal > # > # These are standard services. > # > ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a > telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd > > # > # Mail and news > # > # Do not uncomment either unless you *really* know what you are doing. > # Both are started as standalone daemons from the /etc/rc.d scripts. > #smtp stream tcp nowait root /usr/bin/smtpd smtpd > #nntp stream tcp nowait root /usr/sbin/tcpd in.nntpd > > # > # Shell, login, exec and talk are BSD protocols. > # > shell stream tcp nowait root /usr/sbin/tcpd in.rshd > login stream tcp nowait root /usr/sbin/tcpd in.rlogind > exec stream tcp nowait root /usr/sbin/tcpd in.rexecd > talk dgram udp wait nobody.tty /usr/sbin/tcpd in.talkd > ntalk dgram udp wait nobody.tty /usr/sbin/tcpd in.ntalkd > #dtalk stream tcp wait nobody.tty /usr/sbin/tcpd in.dtalkd > > # > # Pop and imap mail services et al > # > pop2 stream tcp nowait root /usr/sbin/tcpd ipop2d > pop3 stream tcp nowait root /usr/sbin/tcpd ipop3d > imap stream tcp nowait root /usr/sbin/tcpd imapd > # > # The Internet UUCP service. > # > uucp stream tcp nowait uucp /usr/sbin/tcpd /usr/sbin/uucico -l > # > # Tftp service is provided primarily for booting. Most sites > # run this only on machines acting as "boot servers." Do not uncomment > # this unless you *need* it. > # > #tftp dgram udp wait root /usr/sbin/tcpd in.tftpd > #bootps dgram udp wait root /usr/sbin/tcpd bootpd > # > # This is for the finger service > # > finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd -u > /var/run/.ppp_socket stream unix nowait root > /usr/sbin/ppp-envoy ppp-envoy -da > # > # Finger, systat and netstat give out user information which may be > # valuable to potential "system crackers." Many sites choose to > disable > # some or all of these services to improve security. > # > #systat stream tcp nowait nobody /usr/sbin/tcpd /bin/ps -auwwx > #netstat stream tcp nowait nobody /usr/sbin/tcpd /bin/netstat --inet > # > # Authentication > # > auth stream tcp nowait root /usr/sbin/in.identd in.identd > swat stream tcp nowait.400 root /usr/sbin/tcpd swat > # > # End of inetd.conf > > Sometime in the near future I would like to use this box as a gateway > to a home network. Would I need to reactivate anything at that > point? Thanks for the input. > > Mark > _______________________________________________ > Linux-users mailing list - http://linux.nf/mailman/listinfo/linux-users > Subscribe/Unsubscribe info, Archives,and Digests are located at the > above URL. Ciao, David A. Bandel -- Focus on the dream, not the competition. -- Nemesis Racing Team motto Internet (H323) phone: 206.28.187.30 _______________________________________________ Linux-users mailing list - http://linux.nf/mailman/listinfo/linux-users Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.
