LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   how to close open ports (https://www.linuxquestions.org/questions/linux-security-4/how-to-close-open-ports-4147/)

zyan 07-10-2001 08:30 PM
how to close open ports
 
hi friends!
i read somewhere that i can close my open ports by putting a '#' before the lines containing that port no. in the file inetd.conf
but since the latest varsions have started coming with the more secure xinetd.conf how can i customize it?
thanx in advance.

unSpawn 07-10-2001 08:54 PM
aint it in the manual? I aint running xinetd, but ports are bound to a running service, so if im caught guessing its either adding it to the
"disabled = (servicenames)"
in the main part of the xinetd.conf or comment out the whole per-service part like
"# service (servicename) {
# args
# args
# args
# }"

btw upgrade to the latest version of xinetd, it has had some bugs.

raz 07-11-2001 05:48 AM
Hi,

I agree first patch the xinetd for security fixes.

The easiest and quickest way to do this is to create a directory in the /etc/xinetd.d directory called disabled.

Then you should see the start up services scripts in /etc/xinetd.d like this
-rw-r--r-- 1 root root 297 Feb 27 17:17 chargen
-rw-r--r-- 1 root root 321 Feb 27 17:17 chargen-udp
-rw-r--r-- 1 root root 297 Feb 27 17:17 daytime
-rw-r--r-- 1 root root 321 Feb 27 17:17 daytime-udp
-rw-r--r-- 1 root root 289 Feb 27 17:17 echo
-rw-r--r-- 1 root root 312 Feb 27 17:17 echo-udp
-rw-r--r-- 1 root root 318 Feb 27 17:17 finger
-rw-r--r-- 1 root root 259 Feb 27 17:13 ntalk
-rw-r--r-- 1 root root 361 Feb 5 22:43 rexec
-rw-r--r-- 1 root root 378 Feb 5 22:43 rlogin
-rw-r--r-- 1 root root 431 Feb 5 22:43 rsh
-rw-r--r-- 1 root root 317 Sep 30 2000 rsync
-rw-r--r-- 1 root root 247 Feb 27 17:13 talk
-rw-r--r-- 1 root root 305 Jan 22 13:52 telnet
-rw-r--r-- 1 root root 321 Feb 27 17:17 time
-rw-r--r-- 1 root root 317 Feb 27 17:17 time-udp

Move each file service name to the new disabled directory "/etc/xinetd.d/disabled" that you don't want started.

Then type:
/etc/rc.d/init.d/xinetd stop
/etc/rc.d/init.d/xinetd start

To enable a service again simply move the file back and stop/start xinetd.

Raz

s-k-a 08-04-2001 08:11 PM
Didn't even think of the new disabled directory idea, been commenting eveything out of each folder sepratly...

Thanks..


All times are GMT -5. The time now is 12:32 AM.