LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-19-2006, 05:53 AM   #1
ganz_friedrich
Member
 
Registered: Dec 2005
Posts: 47

Rep: Reputation: 16
Restricting Daemons to Local Host


(Still very much a newbie)

Hello,

I want to restrict the sendmail and mysql daemons to listen only on localhost. How would I do this? When I look at netstat, I see that they are listening on all devices (so I guess this means that sendmail would accept emails from the www and I would eventually be responsible for mass spam atrocities).

Once I restrict listening ports for the www to those that I want, is there any further benefit to making rules in iptables that block packets on all other ports? E.g. if nothing is listening on port x for the www, is it still worth blocking packets to port x or is this implicit?

And just quickly, from all the reading I've done over the past couple of days I could not find this out; is sendmail a type of smtp server? If not, what relation does it have to smtp?

Thank you.
 
Old 01-19-2006, 06:48 AM   #2
ugenn
Member
 
Registered: Apr 2002
Posts: 549

Rep: Reputation: 30
You can block their respective ports with iptables. Alternatively,

for mysql, you can use the skip_networking option (specified either using the config file or as a command-line parameter) which will restrict the daemon to listening on unix (local) sockets.

for sendmail, if all you need is local relay, you can turn off the daemon altogether. Most unix MUAs will directly invoke the MTA program and pipe data through.
 
Old 01-19-2006, 07:54 AM   #3
ganz_friedrich
Member
 
Registered: Dec 2005
Posts: 47

Original Poster
Rep: Reputation: 16
Thank you very much for replying.

Re mysql: Sorry, this is going to sound really dumb, but are you refering to the compile-time configuration file or run-time configuration file? If the second, where can I find it? (I installed from rpm).

Re sendmail: I would like to use php running under apache to send emails and this did not work until I started the daemon. Is there a way to do what you described on this set-up? (php.ini asks for the sendmail path, I put this in with the options -t -i)

Thanks again.
 
Old 01-19-2006, 08:00 AM   #4
ugenn
Member
 
Registered: Apr 2002
Posts: 549

Rep: Reputation: 30
mysql: runtime config. Usually /etc/my.cnf.
sendmail:try using an absolute path. eg /usr/sbin/sendmail -t -i
 
Old 01-19-2006, 08:10 AM   #5
ganz_friedrich
Member
 
Registered: Dec 2005
Posts: 47

Original Poster
Rep: Reputation: 16
Sorry to be a pest.

I've searched the entire filesystem and can't find a file my.cnf.
Also, "/usr/sbin/sendmail -t -i" is exactly what I have in php.ini.

I'll keep looking/messing around
 
Old 01-19-2006, 08:13 AM   #6
ugenn
Member
 
Registered: Apr 2002
Posts: 549

Rep: Reputation: 30
1. search for my.cnf, my.ini.
2. check web server logs for errors msgs.
 
Old 01-19-2006, 09:59 AM   #7
ganz_friedrich
Member
 
Registered: Dec 2005
Posts: 47

Original Poster
Rep: Reputation: 16
just looking at /etc/rc.d/init.d/mysql and it seems that it checks for my.cnf in /etc, so I guess I can just create it. But I have not idea what to put in it?

RE sendmail, as I said, sendmail is working fine if the daemon is started. If it is stopped (there are no errors in the logs), and the messages are only sent after the daemon is started again.
 
Old 01-19-2006, 11:00 AM   #8
ugenn
Member
 
Registered: Apr 2002
Posts: 549

Rep: Reputation: 30
mysql:
check your /usr/share/mysql directory for sample config file. Then add the following:

[mysqld]
skip-networking

sendmail:
no idea as of now.
 
Old 01-19-2006, 03:12 PM   #9
ganz_friedrich
Member
 
Registered: Dec 2005
Posts: 47

Original Poster
Rep: Reputation: 16
Fantastic! Mysql is solved. (They have three example files that's why my.cnf wasn't being found)

In the meantime I was working on iptables (reading the guide at iptablesrocks.org) and I managed to set it up HOWEVER I think I made bo bo. So PLEASE HELP.

I followed the instructions setting up the "saftey net" using a cron to reset iptables every 15min. This seemed to work perfectly since I made a mistake in the set-up file which caused me to loose ssh access, but sure enough when the hour hit I was able to access the server again.

HOWEVER - and this is where my curiosity my have punished me - when I entered "crontab -l" no jobs came up (nothing came up at all, just next command prompt)!!!??!?! So how did the reset happen???

Anyway, I tried to add the job again - this time using emacs instead of vi - and "crontab -l" listed the job. So I thought OK - to hell with it - I don't know what happened but luckily it happened and I was saved. So I typed "crontab -r".

BUT now "crontab -l" prints "no crontab for root"!!!

Have I deleted some "hidden" jobs by accident!!!???

Thanks
 
Old 01-19-2006, 11:51 PM   #10
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,356

Rep: Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367
try crontab -e
 
Old 01-20-2006, 05:31 AM   #11
ganz_friedrich
Member
 
Registered: Dec 2005
Posts: 47

Original Poster
Rep: Reputation: 16
There is nothing, yet if /etc/cron.daily, /etc/cron.weekly, etc. are not empty. So I guess its ok.

Thinking about, I guess there wouldn't be such a thing as "hidden jobs" that would be stupid.

Thanks for your help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
restricting website access from local machine Stridier Linux - Networking 9 01-30-2006 04:26 AM
Local Host? mac_casey Linux - General 7 03-02-2005 08:04 AM
restricting an email account to receive mails from local users only dm0nkz Linux - Security 2 09-03-2004 02:08 AM
local host login ? reecedeg Red Hat 5 08-10-2004 06:17 AM
Local Host Webpage littlebradley Linux - Software 4 05-09-2003 08:39 PM


All times are GMT -5. The time now is 02:26 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration