Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello,
Just for the record im real new to linux. Im running fedora 2 with apache not to sure what version, it was on installed with the os.
Im trying to close up ports. Right now 80 http, and 443 https, (assuming i need both for the webserver) , 21 ftp and 110 pop3, are open. Id like to close 21 and 110.
oh and im running a fire wall and have port 80 trusted.
so far i have tried the following to close 21:
Followign instruction from "Basic hardening" from linux exposed
i edited /etc/xinetd.d/tftp
and commented out the "service tftp"
i did a restart then did a scan from a local xp bawx and it still showed me 21 as open.
so
then i edited /etc/services
I commented out the ftp parts
restarted and did anouther scan from the same machine and got the same results
then...
i edited /etc/vsfpd/vsftpd.conf
and commented out everything
restarted and scanned same results.
Im not to sure what to do now
Is there something im missing (obviously)
any help or literature would be much apreciated
oh and i have stopped all the services via system settings > serversettings > services
1) TFTP is not FTP, they're different (though related)
2) The /etc/services file is a list of ports; it doesn't control what's listening on your machine
3) Commenting stuff out in config files usually just resets to default behavior.
The answer to your question is to stop vsftpd from listening. There should be a ftp file in /etc/xinetd.d -- open that file and set disable to yes and restart xinetd. If vsftpd isn't actually started from xinetd, service vsftpd stop should do the trick and chkconfig vsftpd off to keep it from restarting on boot.
I tried all of what you said ans 2 ouit of three3 scanners find it open. One acts weird, first scan not matter what the tiemout doesnt find it, stop and restart the scan and it gets it.
i edited/etc/vsftpd/vsftpd.conf
and made the change
listen=no
not sure if this is right
it was commented out when i got to it
when i tried to stop the service i got 'failed',
i then went to sys settings, server settings, services
i looked at vsftpd i started the service there.....said it was running,
tried to stop it and i got
'vsftpd dead but subsys locked'
I have no idea what that means
thanks for the info
much help
Probably vsftpd left a lock file in /var/lock/subsys or some such similar place. When you do ps aux do you see any vsftpd processes?
Oh -- here's another hint that may help -- do:
netstat -tpan | grep LISTEN
as root -- it will show you all processes and process ids listening on ports. You can use this info to figure out what process to kill, but it might restart on reboot, so check what's starting up with chkconfig (see the man page for more info).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.