port scan
Hi
i have been looking at the security of my linux red hat 8 server. When i use languard to do a port scan from the internet it comes up i have ports 161 snmp and rip 520 open. How can i block these from being seen from the internet and what are the implications if i try to disable these altogether? thanks |
The setup is pretty easy. Reference the thread started by Smooth called "Firewall Setup".
As far as the implications of port 161 and 520. Try doing a: lsof | grep ESTABLISH and a lsof | grep LISTEN You can also replace the lsof with a "netstat -a" This should give you some idea of what is using those two ports. |
i edited my services file and commented these two services out for the time being. Is this OK to do?
thanks |
161 is snmp and 520 is rip
|
i edited my services file and commented these two services out for the time being. Is this OK to do?
No, it isn't. The services file is just a mapping and should be left untouched unless you add service/port mappings. If these services are run, make sure you need then, and they correspond with the daemon that is sposed to run that service. If you don't need to run these services, make sure they don't get started in /etc/rc.d/rc(runlevel).d if standalone, or in Xinetd. Uninstalling them would be the best solution. If you need to run these services, but only accessable to some IP addresses or ranges, place the right restricitions in their own configs (and check your SNMP community strings setup), and Xinetd (where applicable), and the firewall, and TCP Wrappers. If you do, you'll be reasonably safe as there isn't a single point of failure then. |
how do i uninstall these services?
thanks again |
why would i need snmp and rip?
|
Have u blocked them by Iptables?
iptables -A INPUT -i ppp+ -p TCP --dport 0:1023 -j DROP iptables -A INPUT -i ppp+ -p UDP --dport 0:1023 -j DROP |
is this all i need to do to block snmp and rip? How come they use the same dport?
yes, it looks like i have blocked them when i look at my iptables by typing iptables -L. I just did not know what i was looking at. thanks |
how do i uninstall these services?
rpm -e <package name>. |
thanks again, but how do i find out the package name?
|
I would recommend simply disabling them at first. If that works without a hitch, then you can consider removing them.
All you have to do to stop them and have them not startup again is go to Server Setting ==> Services Here you can stop, start, and determine if you want the service to startup at boot. Normally, you'll start with RunLevel 5 displayed. You would also want to disable these services in the lower levels. To actually answer your question though... rpm -qa | grep snmp ==> will show all of the RPMs that have snmp in them. rpm -qa net-snmp.......... ==> will give details on that package rpm -e net-snmp ==> will delete the package man rpm ==> will give all this info and more Sometimes, you'll try "rpm -e" and it will give an error indicating that other packages are dependent on the one you are trying to delete. At this point, with the help of "rpm -qi", you have to decide if you wish to decide the packages that are dependent too. IF you do, you can list the original package you want to delete as well as the package that is dependent on it when you do the "rpm -e" a second time. e.g. rpm -e net-snmp 2nd_Package However, I'd still recommend holding off until you've run the system a while without using these packages. |
Oops,
change that goofy sentence to: At this point, with the help of "rpm -qi", you have to decide if you wish to remove the packages that are dependent too. |
you must have installed some routing stuff that you didnt need. rip is a routing
protocol (Routing Information Protcol) and snmp = Simple Network Management Protocol.....you probably dont need a RIP router...it is used for advertising routes that you know about and recieving routes from other routers (it updates the routing table). You probably really dont need this. You did a "install everything" huh? |
yes, robert0380, i did install everything and now i am regretting it!!
Thanks pjcp64, i will try this tomorrow and let you know how i go. These groups have been a great help to me. I really appreciate everyones help!! |
rpm -qa to find out the packages. if you think it's samba then rpm -qa | grep samba to ensure the right package name
|
rpm -qi net-snmp.......... ==> will give details on that package
Please note the above correction to by previous post. I'd like to claim it was a typo but the "i" and the "a" are nearly across the keyboard from each other. :-( Good Luck with it. Thom |
if you are short on space, then you should uninstall, but for the sake of
security, you can leave the stuff on there just turn it off. you can go to Service Configuration and uncheck the "Start on boot" box for: routed gated snmpsmarttrapd and anything esle you dont want to startup at boot (be careful though, dont turn off stuff you need) |
if you are short on space, then you should uninstall, but for the sake of security, you can leave the stuff on there just turn it off.
Your reasoning is dead wrong. In this case security means you know what you're running when you need it, how you're running it and how to validate/monitor it. IF YOU DONT NEED IT, REMOVE IT. Tigger: by now this thread is considered OT as far as security is concerned. Some people tend to give the wrong advise, other people repeat others, and so I'm closing this thread. If you still can't figure out how to uninstall rpm's, please open up a new thread in /Linux/General or /Linux/Software. |
All times are GMT -5. The time now is 03:27 AM. |