LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-18-2004, 07:02 PM   #1
uniQ
Member
 
Registered: Jan 2004
Distribution: SME 6/SuSE9 x64
Posts: 30

Rep: Reputation: 15
Listening SuSE 9 ports


Hi, I just installed SuSE 9 on x86-64 and ran netstat --proto=inet -l and got:

tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:x11 *:* LISTEN
tcp 0 0 *:ipp *:* LISTEN
tcp 0 0 localhost:smtp *:* LISTEN
udp 0 0 *:32776 *:*
udp 888 0 *:bootpc *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*

Any advices on how to close these ports?

-uniQ

PS. I'm behind a router so somewhat safe, I just want to be most sure.
 
Old 01-19-2004, 02:26 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
SuSE uses the Redhat chkconfig utility to control what services are on or off.

To see what services you have on:
chkconfig --list | grep on

To turn a service off:
chkconfig servicename off
where servicename is the name of a service listed in the chkconfig output

portmap = sunrpc
cups = ipp
postfix = smtp

After a reboot, the changes in chkconfig will be applied. If you don't want to reboot, you can shut the various services off manually, like:
/sbin/portmap stop

You won't be able to shut off X11 unless you don't have X windows running or if you use the -- nolisten-tcp option. Easiest way is to just firewall X. If you're already behind a firewall then that's not ideal, but still reasonably safe.

Hope that helps.

Last edited by Capt_Caveman; 01-19-2004 at 02:28 PM.
 
Old 01-19-2004, 08:29 PM   #3
uniQ
Member
 
Registered: Jan 2004
Distribution: SME 6/SuSE9 x64
Posts: 30

Original Poster
Rep: Reputation: 15
OK! Now it's down to:

tcp 0 0 *:x11 *:* LISTEN
udp 0 0 *:bootpc *:*


What is BootPC doing? What what was that X11 option? How do I use it every time I start?

Thx,

-uniQ
 
Old 01-20-2004, 06:39 AM   #4
cycl3fr3ak
LQ Newbie
 
Registered: Jan 2004
Distribution: SuSE 9.0
Posts: 3

Rep: Reputation: 0
Talking

uniQ,

I just started using SuSE and it took me a while to figure where to put the -nolisten tcp option. It seems everyone knows what the command was but couldn't tell me the correct place to put it.

Well if your running KDE - /etc/opt/kde3/share/config/kdm/ copy the Xservers file to Xservers.back then vi on the Xservers file and edit the following line.

:0 local /usr/X11R6/bin/X vt7
change it to look like the line below.
:0 local /usr/X11R6/bin/X vt7 -nolisten tcp

Now when you restart it will be gone.
As for Gnome I'm not sure if it's the same maybe somebody (or you) will post back what it is for Gnome. (I don't currently have it loaded.)

I do have to say I'm very dissapointed that there's no SUSE forums anywhere ... well the only one I could find was in german. I hope that Novell/Suse brings back the forum that now seems dead.


I think that the future of Novell 7.0 on the backend and Suse on the desktop could provide some very good setups for school systems that are looking to save money and are already a Novell shop. IMHO.

PS. Just FYI. Redhat didn't create chkconfig (and man I was pissed when the arguments I learned in redhat didn't work in SuSE ie. using the --levels options (which is nice).) It was created for IRIX and then later redone via RedHat and given additional arguments etc. However the chkconfig works in SuSE ... just not EXACTLY the same as redhats version.



Good luck.

Last edited by cycl3fr3ak; 01-20-2004 at 06:45 AM.
 
Old 01-20-2004, 07:30 AM   #5
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
bootpc is your linux box's bootp client. It does network discovery stuff like grab its IP address and locate DNS server info. If you're using some kind of bootp or other dynamic IP assignment protocol, it should be on. If you have a static IP then you won't need it, but usually this is determined during your initial networking setup. Again if you're concerned about abuse, you can firewall it and only allow communication with your dhcp/bootp server.

Last edited by Capt_Caveman; 01-20-2004 at 07:34 AM.
 
Old 01-22-2004, 08:31 PM   #6
uniQ
Member
 
Registered: Jan 2004
Distribution: SME 6/SuSE9 x64
Posts: 30

Original Poster
Rep: Reputation: 15
Well, thanks for the help both of U!!! I've afferto'd both of you.

Yea, SuSE is good, I hope Novell does a good job and deosn't royally scrwe it up.

-uniQ
 
Old 01-22-2004, 08:50 PM   #7
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Thanks uniQ, I appreciate that!
 
Old 01-23-2004, 03:31 PM   #8
uniQ
Member
 
Registered: Jan 2004
Distribution: SME 6/SuSE9 x64
Posts: 30

Original Poster
Rep: Reputation: 15
The continuing story...

YaY! X11 is now stopped listening.

Now, I've got something else:

udp 0 0 *:filenet-tms *:*


That's port 32768 (or 2^15).

ANy ideas?

Thanks!

-uniQ
 
Old 01-23-2004, 04:06 PM   #9
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Try lsof -i

That should let you know what's got the port open. Likely it's something that uses dnamic port assignment, because 32768 is usually one of the first dynamic ports opened (see here for details).
 
Old 01-24-2004, 12:48 AM   #10
witeshark
Member
 
Registered: Jan 2004
Location: Miami FL
Distribution: Mac OS X 10.4.11 Ubuntu 12.04 LTS
Posts: 429

Rep: Reputation: 30
32768+ nice Capt_Caveman - I see why you're a moderator. Isn't a bit annoying what it takes to hold off these idiots that insist on *haking* (sic) All at once I get tired of it, but I still will never give up the good fight!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Quick Question about listening ports nevarlen Linux - Newbie 9 06-24-2005 03:40 PM
how to minimize listening ports johnnydangerous Fedora 19 02-13-2005 03:15 PM
Perl program to list listening ports doza Programming 1 07-29-2004 01:57 PM
Ports listening? dareino Linux - Networking 2 03-31-2004 08:40 AM
XDM listening to ports tarballedtux Linux - Security 7 04-28-2002 05:25 AM


All times are GMT -5. The time now is 02:43 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration