LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices

Reply
 
Search this Thread
Old 02-08-2005, 03:32 PM   #1
johnnydangerous
Member
 
Registered: Jan 2005
Location: Sofia, Bulgaria
Distribution: Fedora Core 4 Rawhide
Posts: 431

Rep: Reputation: 30
how to minimize listening ports


Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:32768 *:* LISTEN <----why twice listed?
tcp 0 0 *:5900 *:* LISTEN <--- VNC ok
tcp 0 0 *:sunrpc *:* LISTEN <-again item twice listed
tcp 0 0 *:x11 *:* LISTEN <---- neccessary?
tcp 0 0 localhost.localdomain:ipp *:* LISTEN <---?
tcp 0 0 *:x11 *:* LISTEN <------neccessary?
tcp 0 0 *:ssh *:* LISTEN
udp 0 0 *:32768 *:* <---- why is that port used
udp 0 0 *:772 *:* <------ I want to disable unneccessary
udp 0 0 *:bootpc *:*
udp 0 0 *:sunrpc *:* <---why is that for?
udp 0 0 *:ipp *:* <--- why is that for?
udp 0 0 cook:ntp *:* <----
udp 0 0 localhost.localdomain:ntp *:* <---
udp 0 0 *:ntp *:* <-------- why this one is 4 times present
udp 0 0 *:ntp *:* <--- I know what's it for

any suggestions are highly appreciated, thanks in advance!
 
Old 02-08-2005, 03:46 PM   #2
sigsegv
Senior Member
 
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197

Rep: Reputation: 46
A lot of that looks like stuff that should only be running on localhost. What does your /etc/hosts file look like? Fedora/RedHat has written this file dead wrong for some time

Also do a chkconfig --list and see what all is turned on. Looks like you have a good deal of services that I'm guessing you don't need.
 
Old 02-08-2005, 04:13 PM   #3
johnnydangerous
Member
 
Registered: Jan 2005
Location: Sofia, Bulgaria
Distribution: Fedora Core 4 Rawhide
Posts: 431

Original Poster
Rep: Reputation: 30
10x will do that,
Code:
 isdn            0:off   1:off   2:on    3:off   4:on    5:on    6:off
- great it's supposed to be stopped from services menu GUI, but how to make a final no for isdn? I know a console command that will do that but isn't it enought I removed it form service to be started?

Code:
 messagebus      0:off   1:off   2:off   3:on    4:on    5:on    6:off -
is msgbus opening some ports?

Code:
 sendmail        0:off   1:off   2:on    3:off   4:on    5:on    6:off
why on init 2? I don't use it, but not sure why it's set for 2,4 and 5, while not for 3 it's really interesting to understand that before I remove it from chkconfig

Code:
 vncserver       0:off   1:off   2:off   3:on    4:off   5:off   6:off
how to properly set it because I guess on 3 it's not needed just for 5 ok?

what's arptables_jf for? Automates a packet filtering firewall with arptables.?
how do I use that arptables to make a packet filter - don't need a manual just a tip, guess it's for binding stuff with MAC, or I'm confusing some terms?

and arpwatch? The arpwatch daemon attempts to keep track of ethernet/ip address pairings.? what for? faster local net since AFAIK it's a non-routable

Last edited by johnnydangerous; 02-08-2005 at 04:15 PM.
 
Old 02-08-2005, 04:18 PM   #4
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
There is a file you can use as a reference to find out what a partitcular port is assigned to.

less /etc/services

I think the 32768 port is the ftp service. If you don't want to use it you can disable that one.

You might also try using 'lsof -i | egrep "lsof -i | egrep "COMMAND|LISTEN|UDP" to list open ports, plus which user is using them.
 
Old 02-08-2005, 04:25 PM   #5
sigsegv
Senior Member
 
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197

Rep: Reputation: 46
Or netstat -pn
 
Old 02-08-2005, 04:52 PM   #6
johnnydangerous
Member
 
Registered: Jan 2005
Location: Sofia, Bulgaria
Distribution: Fedora Core 4 Rawhide
Posts: 431

Original Poster
Rep: Reputation: 30
jschiwal man thank you that command just did the trick the world is safer now
 
Old 02-08-2005, 04:55 PM   #7
johnnydangerous
Member
 
Registered: Jan 2005
Location: Sofia, Bulgaria
Distribution: Fedora Core 4 Rawhide
Posts: 431

Original Poster
Rep: Reputation: 30
sigsegv thanks really that did the job too

any ideas about: (question at bottom)
[root@cook ~]# netstat -apn |more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN 3412/rpc.statd
tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 4735/vino-server
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3392/portmap
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 4613/X
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3526/cupsd
tcp 0 0 :::6000 :::* LISTEN 4613/X
tcp 0 0 :::22 :::* LISTEN 3723/sshd
udp 0 0 0.0.0.0:32768 0.0.0.0:* 3412/rpc.statd
udp 0 0 0.0.0.0:68 0.0.0.0:* 3313/dhclient
udp 0 0 0.0.0.0:620 0.0.0.0:* 3412/rpc.statd
udp 0 0 0.0.0.0:111 0.0.0.0:* 3392/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3526/cupsd
udp 0 0 84.238.135.26:123 0.0.0.0:* 3904/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 3904/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 3904/ntpd
udp 0 0 :::123 :::* 3904/ntpd
is it necessary for the X port 6000 to be binded twice? how to bind it just to localhost ?
and ntp 4 times wow pls someone how to lower ntp to just external ip?
and I want to bind VNC to local host too if possible?
this is driving me crazy - tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN 3412/rpc.statd why to have it opened???? I need to close it if possible?

best regards,


Last edited by johnnydangerous; 02-08-2005 at 05:01 PM.
 
Old 02-08-2005, 05:06 PM   #8
sigsegv
Senior Member
 
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197

Rep: Reputation: 46
statd is part of the NFS daemons. If you're not using NFS, turn it off. If you are, it's time for a firewall somewhere between that socket and the internet.

NTPd is the network time server. If you're not syncing time on other machines with that machine, turn it off.

X -- I forget the proceedure to disable the TCP sockets, but it can be done (and should in 99% of the cases out there.)

vncserver takes an argument of which display to start the server on. vncserver localhost:0 or whatever.

Last edited by sigsegv; 02-08-2005 at 05:10 PM.
 
Old 02-08-2005, 05:23 PM   #9
johnnydangerous
Member
 
Registered: Jan 2005
Location: Sofia, Bulgaria
Distribution: Fedora Core 4 Rawhide
Posts: 431

Original Poster
Rep: Reputation: 30
Great help just the kind I needed Thanks again! I just noticed thanks to you that it'a ntpdeamon I thought it's the client, which is wow, well I didn't specify in the first time just made it to load (the vncserver) but I don't want to be binded to *.* just localhost I'm begging for a quick tip I'm sure most of you use it, because I do it through ssh but still I don't want to see that binding I consider unappropriate. In few words can u point out top benefits of RHE u're using (I don't want the commercial version from web)

Last edited by johnnydangerous; 02-08-2005 at 05:24 PM.
 
Old 02-08-2005, 05:26 PM   #10
johnnydangerous
Member
 
Registered: Jan 2005
Location: Sofia, Bulgaria
Distribution: Fedora Core 4 Rawhide
Posts: 431

Original Poster
Rep: Reputation: 30
and arpwatch and arptables_jf? how to use that packet filter where are those tables stored? and for arpwatch what's the deal?
 
Old 02-08-2005, 05:39 PM   #11
sigsegv
Senior Member
 
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197

Rep: Reputation: 46
The RHEL listed in my profile is work related. It wouldn't be there if I had my way about things, but those decisions are made by hapless people with letters after their names ... But I digress ...

On the VNC issue, I'd just disable the service (chkconfig --level 2345 vncserver off) and then start it as needed and tunnel it through ssh.

As for arpwatch and arptables_jf -- I have no idea. I don't have either of those things installed.
 
Old 02-08-2005, 05:51 PM   #12
johnnydangerous
Member
 
Registered: Jan 2005
Location: Sofia, Bulgaria
Distribution: Fedora Core 4 Rawhide
Posts: 431

Original Poster
Rep: Reputation: 30
will vncserver remain working in init 5 if I set it only on 3 or it's necessary for both to have it for both? and 4?


it's not taking it like that
[root@cook ~]# vncserver localhost:0

usage: vncserver [:<number>] [-name <desktop-name>] [-depth <depth>]
[-geometry <width>x<height>]
[-pixelformat rgbNNN|bgrNNN]
<Xvnc-options>...

vncserver -kill <X-display>


but also I want it to be enabled to whatever display is in use , how-to? and to listen on that 5900 but only for localhost (which i suppose is the needed config for ssh vnc)

unfortunately in GUI config remote desktop seems it's assuming the alias for my external IP which is not good wondering how to set it from a config file for example whichout interfering with GUI setup?

Last edited by johnnydangerous; 02-08-2005 at 06:20 PM.
 
Old 02-10-2005, 07:22 PM   #13
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
If you are using a windows manager, you are in init level 5. The startx command will take you from level 3 to level 5. I don't see how using vnc in level 3 would make any sense.
 
Old 02-10-2005, 07:33 PM   #14
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
If you are using a windows manager, you are in init level 5. The startx command will take you from level 3 to level 5. I don't see how using vnc in level 3 would make any sense.

If you use ssh, it will run commands on the remote computer using a different screen number in the display variable. I think it uses screen 11 by default. You be well advised to google for both ssh and vnc and compare. I believe that there is also a tight-vnc that may use the ssl library by default. OK, I just googled for that:

Quote:
-via gateway
Automatically create encrypted TCP tunnel to the gateway machine before connection, connect to the host through that tunnel (TightVNC-specific). By default, this option invokes SSH local port forwarding, assuming that SSH client binary can be accessed as /usr/bin/ssh. Note that when using the -via option, the host machine name should be specified as known to the gateway machine, e.g. "localhost" denotes the gateway, not the machine where vncviewer was launched. See the ENVIRONMENT section below for the information on configuring the -via option.
http://www.tightvnc.com/vncviewer.1.html

-----
P.S. Sorry for the repetition. I thought I was in edit mode and instead posted a new post.

Last edited by jschiwal; 02-10-2005 at 07:36 PM.
 
Old 02-10-2005, 08:42 PM   #15
sigsegv
Senior Member
 
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197

Rep: Reputation: 46
First, yes, runlevel is supposed to dictate if X runs or not, but in the real world, it doesn't. Example: Debian uses only 0, 1, 2 and 6.

Second, startx does not change what runlevel you're in.

Third, port forwards are not the same as X forwarding. A port forward is what that's talking about. X forwarding is what uses DISPLAY=:1x.0 -- the former lets you create tunneled ports through your SSH connection while the latter fakes using a remote X display. Most SSH servers are configured to do port forwards by default. This is not the case for X forwarding.

Just an FYI
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Quick Question about listening ports nevarlen Linux - Newbie 9 06-24-2005 03:40 PM
Perl program to list listening ports doza Programming 1 07-29-2004 01:57 PM
Ports listening? dareino Linux - Networking 2 03-31-2004 08:40 AM
Listening SuSE 9 ports uniQ Linux - Security 9 01-24-2004 12:48 AM
XDM listening to ports tarballedtux Linux - Security 7 04-28-2002 05:25 AM


All times are GMT -5. The time now is 02:11 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration