LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 07-01-2005, 05:06 PM   #1
jasone
Member
 
Registered: Oct 2004
Location: Sweden
Distribution: FreeBSD, OpenBSD, Debian Etch
Posts: 160

Rep: Reputation: 30
Closing unused ports & kill deamons


Hi!

I've searched this forum and didn't get the answer I need.

I don't think I need these ports to be open:

Code:
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-07-01 23:03 CEST
Interesting ports on localhost (127.0.0.1):
(The 1659 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
22/tcp   open  ssh
37/tcp   open  time
113/tcp  open  auth
6000/tcp open  X11

Nmap finished: 1 IP address (1 host up) scanned in 0.224 seconds
Can anyone tell me how to close them?

Thanks in advance!

Last edited by jasone; 07-01-2005 at 05:41 PM.
 
Old 07-01-2005, 05:14 PM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,539

Rep: Reputation: 149Reputation: 149
The question is if you need the services running. For time and auth I'd say that not. By default they're run from inetd, so (if you don't have other programs that need it) shut it down.

Ssh - if you don't want it running at all, turn off sshd daemon.

X11 - if you want X and the port closed, close it using iptables using something like
iptables -A INPUT --dport 6000 -j DROP
or start X with -nolisten option.
 
Old 07-01-2005, 05:18 PM   #3
jasone
Member
 
Registered: Oct 2004
Location: Sweden
Distribution: FreeBSD, OpenBSD, Debian Etch
Posts: 160

Original Poster
Rep: Reputation: 30
Great answer! Thanks!

But the iptables command did not work... Unknown arg: --dport

Last edited by jasone; 07-01-2005 at 05:20 PM.
 
Old 07-01-2005, 05:31 PM   #4
Noth
Member
 
Registered: Jun 2005
Distribution: Debian
Posts: 356

Rep: Reputation: 30
Disable X from listening on that port with the -nolisten option, I'm actually surprised any distro would install X like that by default these days.
 
Old 07-01-2005, 05:33 PM   #5
jasone
Member
 
Registered: Oct 2004
Location: Sweden
Distribution: FreeBSD, OpenBSD, Debian Etch
Posts: 160

Original Poster
Rep: Reputation: 30
Ok... Thanks but:
-nolisten = Bad option at startx?

Btw where do I disable ssh?

Last edited by jasone; 07-01-2005 at 05:37 PM.
 
Old 07-01-2005, 05:43 PM   #6
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,539

Rep: Reputation: 149Reputation: 149
Quote:
Originally posted by jasone
But the iptables command did not work... Unknown arg: --dport
Forgot one thing:
iptables -A INPUT -p tcp --dport 6000 -j DROP
 
Old 07-01-2005, 05:50 PM   #7
jasone
Member
 
Registered: Oct 2004
Location: Sweden
Distribution: FreeBSD, OpenBSD, Debian Etch
Posts: 160

Original Poster
Rep: Reputation: 30
Quote:
Forgot one thing:
iptables -A INPUT -p tcp --dport 6000 -j DROP
Didn't get an error but it's still open

And how about kill the ssh deamon?
 
Old 07-01-2005, 06:26 PM   #8
Noth
Member
 
Registered: Jun 2005
Distribution: Debian
Posts: 356

Rep: Reputation: 30
Quote:
Originally posted by jasone
Didn't get an error but it's still open

And how about kill the ssh deamon?
If you're scanning 127.0.0.1 it had better still show as open, if you start filtering on your loopback adapter you're asking for trouble.

And the -nolisten option is for XFree86, not startx. You can probably run startx -- -nolisten, but it's been so long since I've used startx I don't remember. Debian puts the X server options in /etc/X11/xinit/xserverrc and I believe you can also use ~/.xserverrc but I've never tried.

If you want to shutdown ssh, just disable the init script, there's no reason to mess around with iptables for what you're doing.
 
Old 07-01-2005, 06:38 PM   #9
jasone
Member
 
Registered: Oct 2004
Location: Sweden
Distribution: FreeBSD, OpenBSD, Debian Etch
Posts: 160

Original Poster
Rep: Reputation: 30
Ok thanks! Here is an embarrassing question: How/where do I disable the init script you was talking about?
 
Old 07-01-2005, 07:24 PM   #10
Noth
Member
 
Registered: Jun 2005
Distribution: Debian
Posts: 356

Rep: Reputation: 30
Depends on the distribution and default runlevel. Usually they're in /etc/rcX.d where is the runlevel you're using. The files in those dirs are symlinks back to there real script in /etc/init.d, the name and number determines whether they're started or stopped and in what order. Don't delete anything from /etc/init.d, just the symlinks in /etc/rcX.d.
 
Old 07-01-2005, 07:32 PM   #11
jasone
Member
 
Registered: Oct 2004
Location: Sweden
Distribution: FreeBSD, OpenBSD, Debian Etch
Posts: 160

Original Poster
Rep: Reputation: 30
Haha! I see that slackware is a bit different than debian. I don't have any of those files. I'll ask in the slack forum. Thanks anyway!
 
Old 07-01-2005, 07:36 PM   #12
Noth
Member
 
Registered: Jun 2005
Distribution: Debian
Posts: 356

Rep: Reputation: 30
Oh, you're using the BSD-wannabe...
 
Old 07-02-2005, 03:49 PM   #13
perfect_circle
Senior Member
 
Registered: Oct 2004
Location: Athens, Greece
Distribution: Slackware, arch
Posts: 1,783

Rep: Reputation: 52
Quote:
Originally posted by jasone
Haha! I see that slackware is a bit different than debian. I don't have any of those files. I'll ask in the slack forum. Thanks anyway!
OK. to close port 6000 open /usr/X11/bin/startx
You'll find a line
serverargs=""
change it to
Code:
serverargs="-nolisten tcp"
next time you start x the 6000 won't be open.

to close ports 37 and 113,
open /etc/inetd.conf
and comment out the lines:
Code:
time            stream  tcp     nowait  root    internal
time            dgram   udp     wait    root    internal
and
Code:
auth    stream  tcp     wait    root    /usr/sbin/in.identd     in.identd
make them look like this:
Code:
#time            stream  tcp     nowait  root    internal
#time            dgram   udp     wait    root    internal
and
Code:
#auth    stream  tcp     wait    root    /usr/sbin/in.identd     in.identd
and send a SIGHUP signal to inetd:
Code:
killall -1 inetd
If that doesn't work, go to init 1 and then back to init 3
or reboot(this one always works )

You need the ipp for CUPS. It will reject any connection outside localhost by default anyway.

If you want to have a firewall and you are using the 2.4 kernel series go to http://easyfwgen.morizot.net/gen/index.php
and create a iptable script. save it as /etc/rc.d/rc.firewall and give execute permissions to the file. It will load up automatically next time you reboot.

To load/unload it manually try:
Code:
. /etc/rc.d/rc.firewall start/stop
*EDIT*
If you are trying to close all the unneeded open ports, u may also wanna try a UDP port scan
Code:
nmap -sU localhost

Last edited by perfect_circle; 07-02-2005 at 03:53 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Closing Ports Murdock1979 Linux - Security 1 09-23-2005 10:44 AM
List of unused ports on a machine linuxprogrammer Linux - Newbie 2 10-18-2004 03:20 PM
List of unused ports on a machine linuxprogrammer Linux - Newbie 4 10-18-2004 03:20 PM
List of unused ports on a machine linuxprogrammer Linux - Networking 1 10-18-2004 03:42 AM
closing ports Tigger Linux - Newbie 15 06-11-2003 03:23 PM


All times are GMT -5. The time now is 07:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration