LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-13-2004, 03:33 PM   #1
crosswire
LQ Newbie
 
Registered: Jul 2004
Posts: 5

Rep: Reputation: 0
cant get port 21 to close


Hello,
Just for the record im real new to linux. Im running fedora 2 with apache not to sure what version, it was on installed with the os.
Im trying to close up ports. Right now 80 http, and 443 https, (assuming i need both for the webserver) , 21 ftp and 110 pop3, are open. Id like to close 21 and 110.
oh and im running a fire wall and have port 80 trusted.
so far i have tried the following to close 21:

Followign instruction from "Basic hardening" from linux exposed
i edited /etc/xinetd.d/tftp
and commented out the "service tftp"
i did a restart then did a scan from a local xp bawx and it still showed me 21 as open.

so

then i edited /etc/services

I commented out the ftp parts

restarted and did anouther scan from the same machine and got the same results

then...
i edited /etc/vsfpd/vsftpd.conf
and commented out everything

restarted and scanned same results.

Im not to sure what to do now

Is there something im missing (obviously)

any help or literature would be much apreciated

oh and i have stopped all the services via system settings > serversettings > services

and still shows open

all out of ideas for now..
 
Old 09-13-2004, 03:43 PM   #2
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,290

Rep: Reputation: 378Reputation: 378Reputation: 378Reputation: 378
A couple of points:

1) TFTP is not FTP, they're different (though related)
2) The /etc/services file is a list of ports; it doesn't control what's listening on your machine
3) Commenting stuff out in config files usually just resets to default behavior.

The answer to your question is to stop vsftpd from listening. There should be a ftp file in /etc/xinetd.d -- open that file and set disable to yes and restart xinetd. If vsftpd isn't actually started from xinetd, service vsftpd stop should do the trick and chkconfig vsftpd off to keep it from restarting on boot.

Follow the same procedure with POP3.
 
Old 09-13-2004, 08:30 PM   #3
crosswire
LQ Newbie
 
Registered: Jul 2004
Posts: 5

Original Poster
Rep: Reputation: 0
Hey
Thanks for the reply

I tried all of what you said ans 2 ouit of three3 scanners find it open. One acts weird, first scan not matter what the tiemout doesnt find it, stop and restart the scan and it gets it.

i edited/etc/vsftpd/vsftpd.conf

and made the change
listen=no
not sure if this is right
it was commented out when i got to it


when i tried to stop the service i got 'failed',
i then went to sys settings, server settings, services
i looked at vsftpd i started the service there.....said it was running,
tried to stop it and i got
'vsftpd dead but subsys locked'


I have no idea what that means
thanks for the info
much help
 
Old 09-13-2004, 11:56 PM   #4
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,290

Rep: Reputation: 378Reputation: 378Reputation: 378Reputation: 378
Probably vsftpd left a lock file in /var/lock/subsys or some such similar place. When you do ps aux do you see any vsftpd processes?

Oh -- here's another hint that may help -- do:

netstat -tpan | grep LISTEN

as root -- it will show you all processes and process ids listening on ports. You can use this info to figure out what process to kill, but it might restart on reboot, so check what's starting up with chkconfig (see the man page for more info).
 
Old 09-14-2004, 06:17 PM   #5
crosswire
LQ Newbie
 
Registered: Jul 2004
Posts: 5

Original Poster
Rep: Reputation: 0
hey whats up

ok i tried ps aux
nothing that looked like vsftpd or close to it

i did find vsftpd in /var/lock/subsys
can i do anything with that?

when i did

netstat -tpan | grep listen

it showed me 80 and 443

then i did chkconfig --list

showed me abunch of things but vsftpd 1through 6 off

seems to me that its off all over the place and still showing for some reason

lock file?

thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Which port should I close? schneemann Linux - Networking 5 11-15-2005 03:15 AM
close a port mfrangos79 Linux - Security 7 11-03-2005 01:32 AM
close port 22202 Gerry76 Linux - Security 3 02-01-2004 10:52 AM
is there a way to close the port X11 uses nakkaya Linux - General 5 02-08-2003 12:07 PM
port 6000, how to close it? neo77777 Linux - Security 2 05-16-2002 10:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration