Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
are you running any sun systems on your network? If not turn off that port 111/tcp sunrpc. Don't use that one. Also you dont need the 1024/tcp open kdm port unless you need to administer the box from a remote location.
Firstly, I would like to thank you for your reply. I must say this forum is fast.
To be honest, I have no idea if I am running any sun systems. I just installed Mandrake 8.2 today. What I do know is that I am not interrested in being able to administer my computer remotely, so I would be greatful if you could tell me how, I can turn that function off.
Just out of curiosity how would I log into my computer over the internet?
I just installed Slackware 8.0 and had to track down that blasted sunrpc service. I found that it was being started by the rc.portmapper (I believe that's the name) in /etc/inetd.conf
That file is fairly well commented, so you should have no problem finding where the portmapper is being started. When you find that line, just put a # at the beginning of it. That should prevent the service from starting again when you next boot.
Also, you can get rid of that X service on port 6000 by starting X using startx -- -nolisten tcp
run ntsysv as root and uncheck portmap to turn off sunrpc services in the current runlevel.
ntsysv --level <1-5> to pick a different runlevel to modify.ie:
ntsysv --level 5 would modify runlevel 5 services if you are in runlevel 3.
Thank you all, with your assistance, I was able to hinder portmapper from starting at boot. But since I do not start x manually I was not able to make it start with " startx -- -nolisten tcp " so that it does not accept remote logins.
Does anyone know how this is done when x is started automacticly on bootup?
Thank you for your reply unSpawn, but I think your suggestion was just a bit to complex for me. What I did was ad - nolisten tcp to the last line of /etc/X11/xdm/Xservers. It seems to work but do you see a problem in doing so.
For the kdm part I don't know, but for looking at the app listening on the "netbus" port you could try "lsof -i TCP" or "netstat -an -A inet -p". This will give you a listing of apps listening on TCP/UDP/RAW sockets with their Process ID. The PID's matching the offending TCP port should match output from something like "ps ax -eo pid,args", the "args" give you the commandline the app is started with.
There are some minor caveats. Nmap comes with it's own (excellent) copy of /etc/services, and lists more than the IANA assigned ports in /etc/services. Nmap can't know it's netbus listening on that port but just maps it to the entry in it's list. The second caveat is serious only if your box would be cracked, because it's quite common for skiddies to change output by loading up "fixed" binaries that are/can be configured to just not show some ports etc etc, so only a remote scan could show open ports.
Since nmap states both "netbus" ports as filtered this shows your firewall is working, you could try the same for the kdm port and see if something breaks :-]