Re: open ports remaining
On Sat, Feb 17, 2001 at 11:13:52PM -0500, Glenn Becker wrote: Interesting ports on localhost (127.0.0.1): PortState Protocol Service 22 opentcpssh 25 opentcpsmtp 53 opentcpdomain 111 opentcpsunrpc So, the questions: I have read some about sunrpc in the list archives but have not found how to close the port; don't know what domain is, and am confused smtp is still there since I've commented out the line in inetd.conf ... I have set my hosts.deny to the best way ive found to disable portmap is to rename /sbin/portmap to something else. there are so many different things that may call on it, its just easier for me to rename it then modify a bunch of scripts. as for smtp it depends what MTA your using, if you dont plan on having a mail server i would reccomend using postfix as it's easy to get it to listen on the internal network interfaces and not the external. domain is the DNS, usually bind. you can remove it if you want. ssh is fine. also be sure to run a UDP portscan as well. (nmap -sU) i also reccomend if your not already to scan all ports with -p 1-65535 nate
Re: open ports remaining
On Sat, Feb 17, 2001 at 10:46:40PM -0800, [EMAIL PROTECTED] wrote: the best way ive found to disable portmap is to rename /sbin/portmap to something else. there are so many different things that may call on it, its just easier for me to rename it then modify a bunch of just make sure you rename it with dpkg-divert or else you will just get a new /sbin/portmap the next time netbase gets upgraded (say if there were a security release). fortunatly in woody portmap is split into its very own package so you can disable it the Right Way: apt-get --purge remove portmap ;-) myself i have not had problems with just doing a simple rm -f /etc/rcS.d/*portmap, along with purging nfs-common, nfs-*server, and nis (which is not priority standard). scripts. as for smtp it depends what MTA your using, if you dont plan on having a mail server i would reccomend using postfix as it's easy to get it to listen on the internal network interfaces and not the external. domain is the DNS, usually bind. you can remove it if you want. ssh is fine. also be sure to run a UDP portscan as well. (nmap -sU) i also reccomend if your not already to scan all ports with -p 1-65535 hehe and then go away for a week or three while it works on that ;-) -- Ethan Benson http://www.alaska.net/~erbenson/ pgpBqhs2FQuAb.pgp Description: PGP signature
open ports remaining
All, I have been trying to secure my Debian box, which enjoys a DSL connection. I've been going through /etc/inetd.conf, commenting out services, and K'ing others in the /etc/rc2.d/, until what I have left is the following (output from nmap): Interesting ports on localhost (127.0.0.1): PortState Protocol Service 22 opentcpssh 25 opentcpsmtp 53 opentcpdomain 111 opentcpsunrpc So, the questions: I have read some about sunrpc in the list archives but have not found how to close the port; don't know what domain is, and am confused smtp is still there since I've commented out the line in inetd.conf ... I have set my hosts.deny to ALL EXCEPT sshd: ALL ... I guess then port 22 is not a concern? Thanks for any help with this. Trying (always!) to become a smarter user. Best, Glenn Becker Online Producer, Community SCIFI.COM
Re: open ports remaining
To quote Glenn Becker [EMAIL PROTECTED], # # All, # # I have been trying to secure my Debian box, which enjoys a DSL # connection. I've been going through /etc/inetd.conf, commenting out # services, and K'ing others in the /etc/rc2.d/, until what I have left is # the following (output from nmap): # # Interesting ports on localhost (127.0.0.1): # PortState Protocol Service # 22 opentcpssh # 25 opentcpsmtp # 53 opentcpdomain # 111 opentcpsunrpc # # So, the questions: I have read some about sunrpc in the list archives but # have not found how to close the port; don't know what domain is, and am # confused smtp is still there since I've commented out the line in # inetd.conf ... I have set my hosts.deny to # # ALL EXCEPT sshd: ALL # # ... I guess then port 22 is not a concern? Personally, I've never put a whole lot of faith into just turning services off. Now, I could be wrong. What I usually do is use 'ipchains' to set up a firewall. Not that it helps you here, but it's something to think about :) David Barclay Harris, Clan Barclay Aut agere, aut mori. (Either action, or death.)