View the Most Wanted LQ Wiki articles.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


Search this Thread
Old 09-08-2003, 07:48 AM   #1
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
please rate me security settings

Hi, im a newb to security....
so could some1 who knows a little rate my systems security, here's the relevent info...

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- localhost.localdomain localhost.localdomain
DROP tcp -- anywhere anywhere tcp dpts:0:1024
DROP udp -- anywhere anywhere udp dpts:0:1024
DROP tcp -- anywhere anywhere tcp dpt:x11

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Starting nmap V. 3.00 ( )
Interesting ports on (
(The 1025 ports scanned but not shown below are in state: filtered)
Port State Service
1025/tcp closed NFS-or-IIS
1026/tcp closed LSA-or-nterm
1027/tcp closed IIS
1029/tcp closed ms-lsa
1030/tcp closed iad1
1031/tcp closed iad2
1032/tcp closed iad3
1033/tcp closed netinfo
1050/tcp closed java-or-OTGfileshare
1058/tcp closed nim
1059/tcp closed nimreg
1067/tcp closed instl_boots
1068/tcp closed instl_bootc
1080/tcp closed socks
1083/tcp closed ansoft-lm-1
1084/tcp closed ansoft-lm-2
1103/tcp closed xaudio
1109/tcp closed kpop
1110/tcp closed nfsd-status
1112/tcp closed msql
1127/tcp closed supfiledbg
1139/tcp closed cce3x
1155/tcp closed nfa
1178/tcp closed skkserv
1212/tcp closed lupa
1222/tcp closed nerv
1234/tcp closed hotline
1241/tcp closed msg
1248/tcp closed hermes
1346/tcp closed alta-ana-lm
1347/tcp closed bbn-mmc
1348/tcp closed bbn-mmx
1349/tcp closed sbook
1350/tcp closed editbench
1351/tcp closed equationbuilder
1352/tcp closed lotusnotes
1353/tcp closed relief
1354/tcp closed rightbrain
1355/tcp closed intuitive-edge
1356/tcp closed cuillamartin
1357/tcp closed pegboard
1358/tcp closed connlcli
1359/tcp closed ftsrv
1360/tcp closed mimer
1361/tcp closed linx
1362/tcp closed timeflies
1363/tcp closed ndm-requester
1364/tcp closed ndm-server
1365/tcp closed adapt-sna
1366/tcp closed netware-csp
1367/tcp closed dcs
1368/tcp closed screencast
1369/tcp closed gv-us
1370/tcp closed us-gv
1371/tcp closed fc-cli
1372/tcp closed fc-ser
1373/tcp closed chromagrafx
1374/tcp closed molly
1375/tcp closed bytex
1376/tcp closed ibm-pps
1377/tcp closed cichlid
1378/tcp closed elan
1379/tcp closed dbreporter
1380/tcp closed telesis-licman
1381/tcp closed apple-licman
1383/tcp closed gwha
1384/tcp closed os-licman
1385/tcp closed atex_elmd
1386/tcp closed checksum
1387/tcp closed cadsi-lm
1388/tcp closed objective-dbc
1389/tcp closed iclpv-dm
1390/tcp closed iclpv-sc
1391/tcp closed iclpv-sas
1392/tcp closed iclpv-pm
1393/tcp closed iclpv-nls
1394/tcp closed iclpv-nlc
1395/tcp closed iclpv-wsm
1396/tcp closed dvl-activemail
1397/tcp closed audio-activmail
1398/tcp closed video-activmail
1399/tcp closed cadkey-licman
1400/tcp closed cadkey-tablet
1401/tcp closed goldleaf-licman
1402/tcp closed prm-sm-np
1403/tcp closed prm-nm-np
1404/tcp closed igi-lm
1405/tcp closed ibm-res
1406/tcp closed netlabs-lm
1407/tcp closed dbsa-lm
1408/tcp closed sophia-lm
1409/tcp closed here-lm
1410/tcp closed hiq
1411/tcp closed af
1412/tcp closed innosys
1413/tcp closed innosys-acl
1414/tcp closed ibm-mqseries
1415/tcp closed dbstar
1416/tcp closed novell-lu6.2
1417/tcp closed timbuktu-srv1
1418/tcp closed timbuktu-srv2
1419/tcp closed timbuktu-srv3
1420/tcp closed timbuktu-srv4
1421/tcp closed gandalf-lm
1422/tcp closed autodesk-lm
1423/tcp closed essbase
1424/tcp closed hybrid
1425/tcp closed zion-lm
1426/tcp closed sas-1
1427/tcp closed mloadd
1428/tcp closed informatik-lm
1429/tcp closed nms
1430/tcp closed tpdu
1431/tcp closed rgtp
1432/tcp closed blueberry-lm
1433/tcp closed ms-sql-s
1434/tcp closed ms-sql-m
1435/tcp closed ibm-cics
1436/tcp closed sas-2
1437/tcp closed tabula
1438/tcp closed eicon-server
1439/tcp closed eicon-x25
1440/tcp closed eicon-slp
1441/tcp closed cadis-1
1442/tcp closed cadis-2
1443/tcp closed ies-lm
1444/tcp closed marcam-lm
1445/tcp closed proxima-lm
1446/tcp closed ora-lm
1447/tcp closed apri-lm
1448/tcp closed oc-lm
1449/tcp closed peport
1450/tcp closed dwf
1451/tcp closed infoman
1452/tcp closed gtegsc-lm
1453/tcp closed genie-lm
1454/tcp closed interhdl_elmd
1455/tcp closed esl-lm
1456/tcp closed dca
1457/tcp closed valisys-lm
1458/tcp closed nrcabq-lm
1459/tcp closed proshare1
1460/tcp closed proshare2
1461/tcp closed ibm_wrless_lan
1462/tcp closed world-lm
1463/tcp closed nucleus
1464/tcp closed msl_lmd
1465/tcp closed pipes
1466/tcp closed oceansoft-lm
1467/tcp closed csdmbase
1468/tcp closed csdm
1469/tcp closed aal-lm
1470/tcp closed uaiact
1471/tcp closed csdmbase
1472/tcp closed csdm
1473/tcp closed openmath
1474/tcp closed telefinder
1475/tcp closed taligent-lm
1476/tcp closed clvm-cfg
1477/tcp closed ms-sna-server
1478/tcp closed ms-sna-base
1479/tcp closed dberegister
1480/tcp closed pacerforum
1481/tcp closed airs
1482/tcp closed miteksys-lm
1483/tcp closed afs
1484/tcp closed confluent
1485/tcp closed lansource
1486/tcp closed nms_topo_serv
1487/tcp closed localinfosrvr
1488/tcp closed docstor
1489/tcp closed dmdocbroker
1490/tcp closed insitu-conf
1491/tcp closed anynetgateway
1492/tcp closed stone-design-1
1493/tcp closed netmap_lm
1494/tcp closed citrix-ica
1495/tcp closed cvc
1496/tcp closed liberty-lm
1497/tcp closed rfx-lm
1498/tcp closed watcom-sql
1499/tcp closed fhc
1500/tcp closed vlsi-lm
1501/tcp closed sas-3
1502/tcp closed shivadiscovery
1503/tcp closed imtc-mcs
1504/tcp closed evb-elm
1505/tcp closed funkproxy
1506/tcp closed utcd
1507/tcp closed symplex
1508/tcp closed diagmond
1509/tcp closed robcad-lm
1510/tcp closed mvx-lm
1511/tcp closed 3l-l1
1512/tcp closed wins
1513/tcp closed fujitsu-dtc
1514/tcp closed fujitsu-dtcns
1515/tcp closed ifor-protocol
1516/tcp closed vpad
1517/tcp closed vpac
1518/tcp closed vpvd
1519/tcp closed vpvc
1520/tcp closed atm-zip-office
1521/tcp closed oracle
1522/tcp closed rna-lm
1523/tcp closed cichild-lm
1524/tcp closed ingreslock
1525/tcp closed orasrv
1526/tcp closed pdap-np
1527/tcp closed tlisrv
1528/tcp closed mciautoreg
1529/tcp closed support
1530/tcp closed rap-service
1531/tcp closed rap-listen
1532/tcp closed miroconnect
1533/tcp closed virtual-places
1534/tcp closed micromuse-lm
1535/tcp closed ampr-info
1536/tcp closed ampr-inter
1537/tcp closed sdsc-lm
1538/tcp closed 3ds-lm
1539/tcp closed intellistor-lm
1540/tcp closed rds
1541/tcp closed rds2
1542/tcp closed gridgen-elmd
1543/tcp closed simba-cs
1544/tcp closed aspeclmd
1545/tcp closed vistium-share
1546/tcp closed abbaccuray
1547/tcp closed laplink
1548/tcp closed axon-lm
1549/tcp closed shivahose
1550/tcp closed 3m-image-lm
1551/tcp closed hecmtl-db
1552/tcp closed pciarray
1600/tcp closed issd
1650/tcp closed nkd
1651/tcp closed shiva_confsrvr
1652/tcp closed xnmp
1661/tcp closed netview-aix-1
1662/tcp closed netview-aix-2
1663/tcp closed netview-aix-3
1664/tcp closed netview-aix-4
1665/tcp closed netview-aix-5
1666/tcp closed netview-aix-6
1667/tcp closed netview-aix-7
1668/tcp closed netview-aix-8
1669/tcp closed netview-aix-9
1670/tcp closed netview-aix-10
1671/tcp closed netview-aix-11
1672/tcp closed netview-aix-12
1680/tcp closed CarbonCopy
1720/tcp closed H.323/Q.931
1723/tcp closed pptp
1827/tcp closed pcm
1900/tcp closed UPnP
1986/tcp closed licensedaemon
1987/tcp closed tr-rsrb-p1
1988/tcp closed tr-rsrb-p2
1989/tcp closed tr-rsrb-p3
1990/tcp closed stun-p1
1991/tcp closed stun-p2
1992/tcp closed stun-p3
1993/tcp closed snmp-tcp-port
1994/tcp closed stun-port
1995/tcp closed perf-port
1996/tcp closed tr-rsrb-port
1997/tcp closed gdp-port
1998/tcp closed x25-svc-port
1999/tcp closed tcp-id-port
2000/tcp closed callbook
2001/tcp closed dc
2002/tcp closed globe
2003/tcp closed cfingerd
2004/tcp closed mailbox
2005/tcp closed deslogin
2006/tcp closed invokator
2007/tcp closed dectalk
2008/tcp closed conf
2009/tcp closed news
2010/tcp closed search
2011/tcp closed raid-cc
2012/tcp closed ttyinfo
2013/tcp closed raid-am
2014/tcp closed troff
2015/tcp closed cypress
2016/tcp closed bootserver
2017/tcp closed cypress-stat
2018/tcp closed terminaldb
2019/tcp closed whosockami
2020/tcp closed xinupageserver
2021/tcp closed servexec
2022/tcp closed down
2023/tcp closed xinuexpansion3
2024/tcp closed xinuexpansion4
2025/tcp closed ellpack
2026/tcp closed scrabble
2027/tcp closed shadowserver
2028/tcp closed submitserver
2030/tcp closed device2
2032/tcp closed blackboard
2033/tcp closed glogger
2034/tcp closed scoremgr
2035/tcp closed imsldoc
2038/tcp closed objectmanager
2040/tcp closed lam
2041/tcp closed interbase
2042/tcp closed isis
2043/tcp closed isis-bcast
2044/tcp closed rimsl
2045/tcp closed cdfunc
2046/tcp closed sdfunc
2047/tcp closed dls
2048/tcp closed dls-monitor
2049/tcp closed nfs
2053/tcp closed knetd
2064/tcp closed distrib-net-losers
2065/tcp closed dlsrpn
2067/tcp closed dlswpn
2105/tcp closed eklogin
2106/tcp closed ekshell
2108/tcp closed rkinit
2111/tcp closed kx
2112/tcp closed kip
2120/tcp closed kauth
2201/tcp closed ats
2232/tcp closed ivs-video
2241/tcp closed ivsd
2301/tcp closed compaqdiag
2307/tcp closed pehelp
2401/tcp closed cvspserver
2430/tcp closed venus
2431/tcp closed venus-se
2432/tcp closed codasrv
2433/tcp closed codasrv-se
2500/tcp closed rtsserv
2501/tcp closed rtsclient
2564/tcp closed hp-3000-telnet
2600/tcp closed zebrasrv
2601/tcp closed zebra
2602/tcp closed ripd
2603/tcp closed ripngd
2604/tcp closed ospfd
2605/tcp closed bgpd
2627/tcp closed webster
2638/tcp closed sybase
2766/tcp closed listen
2784/tcp closed www-dev
2998/tcp closed iss-realsec
3000/tcp closed ppp
3001/tcp closed nessusd
3005/tcp closed deslogin
3006/tcp closed deslogind
3049/tcp closed cfs
3052/tcp closed PowerChute
3064/tcp closed distrib-net-proxy
3086/tcp closed sj3
3128/tcp closed squid-http
3141/tcp closed vmodem
3264/tcp closed ccmail
3268/tcp closed globalcatLDAP
3269/tcp closed globalcatLDAPssl
3306/tcp closed mysql
3333/tcp closed dec-notes
3372/tcp closed msdtc
3389/tcp closed ms-term-serv
3421/tcp closed bmap
3455/tcp closed prsvp
3456/tcp closed vat
3457/tcp closed vat-control
3462/tcp closed track
3900/tcp closed udt_os
3984/tcp closed mapper-nodemgr
3985/tcp closed mapper-mapethd
3986/tcp closed mapper-ws_ethd
3999/tcp closed remoteanything
4000/tcp closed remoteanything
4008/tcp closed netcheque
4045/tcp closed lockd
4132/tcp closed nuts_dem
4133/tcp closed nuts_bootp
4144/tcp closed wincim
4321/tcp closed rwhois
4333/tcp closed msql
4343/tcp closed unicall
4444/tcp closed krb524
4480/tcp closed proxy-plus
4500/tcp closed sae-urn
4557/tcp closed fax
4559/tcp closed hylafax
4672/tcp closed rfa
4987/tcp closed maybeveritas
4998/tcp closed maybeveritas
5000/tcp closed UPnP
5001/tcp closed commplex-link
5002/tcp closed rfe
5010/tcp closed telelpathstart
5011/tcp closed telelpathattack
5050/tcp closed mmcc
5145/tcp closed rmonitor_secure
5190/tcp closed aol
5191/tcp closed aol-1
5192/tcp closed aol-2
5193/tcp closed aol-3
5232/tcp closed sgi-dgl
5236/tcp closed padl2sim
5300/tcp closed hacl-hb
5301/tcp closed hacl-gs
5302/tcp closed hacl-cfg
5303/tcp closed hacl-probe
5304/tcp closed hacl-local
5305/tcp closed hacl-test
5308/tcp closed cfengine
5400/tcp closed pcduo-old
5405/tcp closed pcduo
5432/tcp closed postgres
5510/tcp closed secureidprop
5520/tcp closed sdlog
5530/tcp closed sdserv
5540/tcp closed sdreport
5550/tcp closed sdadmind
5555/tcp closed freeciv
5631/tcp closed pcanywheredata
5632/tcp closed pcanywherestat
5680/tcp closed canna
5713/tcp closed proshareaudio
5714/tcp closed prosharevideo
5715/tcp closed prosharedata
5716/tcp closed prosharerequest
5717/tcp closed prosharenotify
5800/tcp closed vnc-http
5801/tcp closed vnc-http-1
5802/tcp closed vnc-http-2
5803/tcp closed vnc-http-3
5900/tcp closed vnc
5901/tcp closed vnc-1
5902/tcp closed vnc-2
5903/tcp closed vnc-3
5977/tcp closed ncd-pref-tcp
5978/tcp closed ncd-diag-tcp
5979/tcp closed ncd-conf-tcp
5997/tcp closed ncd-pref
5998/tcp closed ncd-diag
5999/tcp closed ncd-conf
6001/tcp closed X11:1
6002/tcp closed X11:2
6003/tcp closed X11:3
6004/tcp closed X11:4
6005/tcp closed X11:5
6006/tcp closed X11:6
6007/tcp closed X11:7
6008/tcp closed X11:8
6009/tcp closed X11:9
6050/tcp closed arcserve
6101/tcp closed VeritasBackupExec
6103/tcp closed RETS-or-BackupExec
6105/tcp closed isdninfo
6106/tcp closed isdninfo
6110/tcp closed softcm
6111/tcp closed spc
6112/tcp closed dtspc
6141/tcp closed meta-corp
6142/tcp closed aspentec-lm
6143/tcp closed watershed-lm
6144/tcp closed statsci1-lm
6145/tcp closed statsci2-lm
6146/tcp closed lonewolf-lm
6147/tcp closed montage-lm
6148/tcp closed ricardo-lm
6346/tcp closed gnutella
6502/tcp closed netop-rc
6547/tcp closed PowerChutePLUS
6548/tcp closed PowerChutePLUS
6558/tcp closed xdsxdm
6588/tcp closed analogx
6666/tcp closed irc-serv
6667/tcp closed irc
6668/tcp closed irc
6699/tcp closed napster
6969/tcp closed acmsoda
7000/tcp closed afs3-fileserver
7001/tcp closed afs3-callback
7002/tcp closed afs3-prserver
7003/tcp closed afs3-vlserver
7004/tcp closed afs3-kaserver
7005/tcp closed afs3-volser
7006/tcp closed afs3-errors
7007/tcp closed afs3-bos
7008/tcp closed afs3-update
7009/tcp closed afs3-rmtsys
7010/tcp closed ups-onlinet
7070/tcp closed realserver
7100/tcp closed font-service
7200/tcp closed fodms
7201/tcp closed dlip
7326/tcp closed icb
7597/tcp closed qaz
8007/tcp closed ajp12
8009/tcp closed ajp13
8080/tcp closed http-proxy
8081/tcp closed blackice-icecap
8082/tcp closed blackice-alerts
8888/tcp closed sun-answerbook
8892/tcp closed seosload
9090/tcp closed zeus-admin
9100/tcp closed jetdirect
9111/tcp closed DragonIDSConsole
9152/tcp closed ms-sql2000
9535/tcp closed man
9876/tcp closed sd
9991/tcp closed issa
9992/tcp closed issc
10000/tcp closed snet-sensor-mgmt
10005/tcp closed stel
10082/tcp closed amandaidx
10083/tcp closed amidxtape
11371/tcp closed pksd
12000/tcp closed cce4x
12345/tcp closed NetBus
12346/tcp closed NetBus
13701/tcp closed VeritasNetbackup
13702/tcp closed VeritasNetbackup
13705/tcp closed VeritasNetbackup
13706/tcp closed VeritasNetbackup
13708/tcp closed VeritasNetbackup
13709/tcp closed VeritasNetbackup
13710/tcp closed VeritasNetbackup
13711/tcp closed VeritasNetbackup
13712/tcp closed VeritasNetbackup
13713/tcp closed VeritasNetbackup
13714/tcp closed VeritasNetbackup
13715/tcp closed VeritasNetbackup
13716/tcp closed VeritasNetbackup
13717/tcp closed VeritasNetbackup
13718/tcp closed VeritasNetbackup
13720/tcp closed VeritasNetbackup
13721/tcp closed VeritasNetbackup
13722/tcp closed VeritasNetbackup
13782/tcp closed VeritasNetbackup
13783/tcp closed VeritasNetbackup
16959/tcp closed subseven
17007/tcp closed isode-dua
18000/tcp closed biimenu
20005/tcp closed btx
22273/tcp closed wnn6
22289/tcp closed wnn6_Cn
22305/tcp closed wnn6_Kr
22321/tcp closed wnn6_Tw
22370/tcp closed hpnpd
26208/tcp closed wnn6_DS
27374/tcp closed subseven
27665/tcp closed Trinoo_Master
31337/tcp closed Elite
32770/tcp closed sometimes-rpc3
32771/tcp closed sometimes-rpc5
32772/tcp closed sometimes-rpc7
32773/tcp closed sometimes-rpc9
32774/tcp closed sometimes-rpc11
32775/tcp closed sometimes-rpc13
32776/tcp closed sometimes-rpc15
32777/tcp closed sometimes-rpc17
32778/tcp closed sometimes-rpc19
32779/tcp closed sometimes-rpc21
32780/tcp closed sometimes-rpc23
32786/tcp closed sometimes-rpc25
32787/tcp closed sometimes-rpc27
43188/tcp closed reachout
44442/tcp closed coldfusion-auth
44443/tcp closed coldfusion-auth
47557/tcp closed dbbrowse
49400/tcp closed compaqdiag
54320/tcp closed bo2k
61439/tcp closed netprowler-manager
61440/tcp closed netprowler-manager2
61441/tcp closed netprowler-sensor
65301/tcp closed pcanywhere

Nmap run completed -- 1 IP address (1 host up) scanned in 131 seconds
Old 09-08-2003, 08:43 AM   #2
Registered: Feb 2003
Location: Somewhere, UK
Distribution: Slack, OpenBSD, Debian, SuSE
Posts: 189

Rep: Reputation: 30
try again from either an internal machine on your network or from the host your scanning itself scanning the loopback (ie., also try 'netstat -lap'
Old 09-09-2003, 04:28 AM   #3
Registered: May 2001
Posts: 27,017
Blog Entries: 54

Rep: Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764
could some1 who knows a little rate my systems security, here's the relevent info...
// First of all, if you're able to edit your first post and slash everything between "1026/tcp closed LSA-or-nterm" and "61441/tcp closed netprowler-sensor" that would make your post readable. You could've simply said all ports in the unprivileged port range where closed...

Wrt your firewall, I would like to suggest
- changing your default policy to DROP. You'll then have to add a line for each local service you want remote clients to connect to but it will not *by default* allow rogue servers to be run on high ports like you do now,
- changing the x11 line. X11 ain't a port, it's a port range, aprox 6000:6020 (IIRC),
- look at the first thread in this forum. It's got a section on Netfilter firewalling, and you're missing a lot like DROP rules for packets with bad flags, rate limiting, logging etc etc.
- scan your box from a remote one. There's some threads in this forum that list websites. (use search)

But, firewall != security. Please look at the first thread in this forum, the first post. Read two or three of "Checklists", "Securing", then move on to distro-specific stuff.

In broad lines you could say "securing and hardening" a box means taking away/investigating risks by
- installing only what you need,
- running only what you need,
- restricting local system users' processes and access ("nologin" shells, configuration issues like service anti-DOS features, running services as lesser-privileged users, chroots etc etc),
- restricting local and remote (human users' processes and) access (PAM login/limits, good passwds, sudo, no telnet but ssh, process restrictions like in or LIDS, service allow/deny files etc etc),
- performing auditing on a regular basis (system integrity checks like Aide, Samhain or tripwire, Tiger, Lsat, COPS, Chkrootkit, env_audit),
- performing continuous traffic/loganalysis (process table and connection tracking tools, IDS, logparsing tools etc etc) and
- performing maintenance (updates, configuration) on a regular basis.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
settings monitor to 100 Hz refresh rate TranceDude Linux - Hardware 2 09-25-2005 04:36 AM
security settings buzzycoy Linux - Security 2 12-09-2004 08:22 AM
security settings!! blind958 Mandriva 1 07-16-2004 01:49 PM
security settings infamous41md Linux - Newbie 1 06-03-2003 09:18 PM
how do I set the refresh rate settings? tdnik Linux - General 3 01-03-2002 11:10 AM

All times are GMT -5. The time now is 07:02 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration