LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-29-2004, 04:54 AM   #1
N|k0N
Member
 
Registered: Aug 2004
Location: New York
Posts: 63

Rep: Reputation: 15
Security Risk?


I been looking around for Tutorials on Securing Slack 10 and i found a few, but tonight i decided to run netstat and i got these when i typed in the command.
Code:
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  8      [ ]         DGRAM                    45     /dev/log
unix  3      [ ]         STREAM     CONNECTED     1126624 /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1126623
unix  3      [ ]         STREAM     CONNECTED     1126619 /tmp/.ICE-unix/1814
unix  3      [ ]         STREAM     CONNECTED     1126618
unix  3      [ ]         STREAM     CONNECTED     1126616 /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1126615
unix  3      [ ]         STREAM     CONNECTED     1125398 /tmp/orbit-root/linc-ab2-0-58c851da7b22
unix  3      [ ]         STREAM     CONNECTED     1125397
unix  3      [ ]         STREAM     CONNECTED     1125396 /tmp/orbit-root/linc-ab7-0-18851e52a5cde
unix  3      [ ]         STREAM     CONNECTED     1125393
unix  2      [ ]         DGRAM                    1125384
unix  3      [ ]         STREAM     CONNECTED     1125364 /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1125363
unix  3      [ ]         STREAM     CONNECTED     1064410 /tmp/ksocket-root/klauncher3M6g6b.slave-socket
unix  3      [ ]         STREAM     CONNECTED     1064409
unix  3      [ ]         STREAM     CONNECTED     637031 /tmp/.ICE-unix/1814
unix  3      [ ]         STREAM     CONNECTED     637030
unix  3      [ ]         STREAM     CONNECTED     637026 /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     637025
unix  3      [ ]         STREAM     CONNECTED     33962  /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     33961
unix  3      [ ]         STREAM     CONNECTED     33869  /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     33868
unix  3      [ ]         STREAM     CONNECTED     33858  /tmp/.ICE-unix/1814
unix  3      [ ]         STREAM     CONNECTED     33857
unix  3      [ ]         STREAM     CONNECTED     33797  /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     33796
unix  3      [ ]         STREAM     CONNECTED     15661  /tmp/.ICE-unix/1814
unix  3      [ ]         STREAM     CONNECTED     15660
unix  3      [ ]         STREAM     CONNECTED     15657  /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     15656
unix  3      [ ]         STREAM     CONNECTED     15655  /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     15654
unix  3      [ ]         STREAM     CONNECTED     1576   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1575
unix  3      [ ]         STREAM     CONNECTED     1569   /tmp/.ICE-unix/1814
unix  3      [ ]         STREAM     CONNECTED     1568
unix  3      [ ]         STREAM     CONNECTED     1567   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1564
unix  3      [ ]         STREAM     CONNECTED     1563   /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1562
unix  3      [ ]         STREAM     CONNECTED     1541   /tmp/.ICE-unix/1814
unix  3      [ ]         STREAM     CONNECTED     1540
unix  3      [ ]         STREAM     CONNECTED     1533   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1532
unix  3      [ ]         STREAM     CONNECTED     1531   /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1530
unix  3      [ ]         STREAM     CONNECTED     1519   /tmp/.ICE-unix/1814
unix  3      [ ]         STREAM     CONNECTED     1518
unix  3      [ ]         STREAM     CONNECTED     1513   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1512
unix  3      [ ]         STREAM     CONNECTED     1511   /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1510
unix  3      [ ]         STREAM     CONNECTED     1509   /tmp/.ICE-unix/1814
unix  3      [ ]         STREAM     CONNECTED     1508
unix  3      [ ]         STREAM     CONNECTED     1504   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1503
unix  3      [ ]         STREAM     CONNECTED     1502   /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1501
unix  3      [ ]         STREAM     CONNECTED     1494   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1493
unix  3      [ ]         STREAM     CONNECTED     1491   /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1490
unix  3      [ ]         STREAM     CONNECTED     1482   /tmp/.ICE-unix/1814
unix  3      [ ]         STREAM     CONNECTED     1481
unix  3      [ ]         STREAM     CONNECTED     1480   /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1479
unix  3      [ ]         STREAM     CONNECTED     1476   /tmp/.ICE-unix/1814
unix  3      [ ]         STREAM     CONNECTED     1475
unix  3      [ ]         STREAM     CONNECTED     1474   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1473
unix  3      [ ]         STREAM     CONNECTED     1468   /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1467
unix  3      [ ]         STREAM     CONNECTED     1464   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1463
unix  3      [ ]         STREAM     CONNECTED     1454   /tmp/ksocket-root/kdeinit__0
unix  3      [ ]         STREAM     CONNECTED     1453
unix  3      [ ]         STREAM     CONNECTED     1450   /tmp/mcop-root/EcCeNTrIc-070e-414b7907
unix  3      [ ]         STREAM     CONNECTED     1449
unix  3      [ ]         STREAM     CONNECTED     1414   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1413
unix  3      [ ]         STREAM     CONNECTED     1412   /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1411
unix  3      [ ]         STREAM     CONNECTED     1370   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1369
unix  3      [ ]         STREAM     CONNECTED     1366   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1365
unix  3      [ ]         STREAM     CONNECTED     1351   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1350
unix  3      [ ]         STREAM     CONNECTED     1347   /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1346
unix  3      [ ]         STREAM     CONNECTED     1335   /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1334
unix  3      [ ]         STREAM     CONNECTED     1330
unix  3      [ ]         STREAM     CONNECTED     1329
unix  3      [ ]         STREAM     CONNECTED     1291   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1285
unix  2      [ ]         DGRAM                    1251
unix  2      [ ]         DGRAM                    1244
unix  2      [ ]         DGRAM                    1240
unix  2      [ ]         DGRAM                    261
unix  2      [ ]         DGRAM                    48
Code:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:6000            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN
udp        0      0 0.0.0.0:68              0.0.0.0:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     1405   /tmp/mcop-root/EcCeNTrIc-070e-414b7907
unix  2      [ ACC ]     STREAM     LISTENING     1317   /tmp/.ICE-unix/dcop1792-1095465212
unix  2      [ ACC ]     STREAM     LISTENING     1469   /tmp/.ICE-unix/1814
unix  2      [ ACC ]     STREAM     LISTENING     1125388 /tmp/orbit-root/linc-ab7-0-18851e52a5cde
unix  2      [ ACC ]     STREAM     LISTENING     1252   /dev/gpmctl
unix  2      [ ACC ]     STREAM     LISTENING     1125394 /tmp/orbit-root/linc-ab2-0-58c851da7b22
unix  2      [ ACC ]     STREAM     LISTENING     1309   /tmp/ksocket-root/kdeinit__0
unix  2      [ ACC ]     STREAM     LISTENING     1311   /tmp/ksocket-root/kdeinit-:0
unix  2      [ ACC ]     STREAM     LISTENING     1339   /tmp/ksocket-root/klauncher3M6g6b.slave-socket
unix  2      [ ACC ]     STREAM     LISTENING     1283   /tmp/.X11-unix/X0
Can these be security risks in any way? And if so how can i secure them? I been looking around /etc/inetd.conf and /etc/rc.d and i havent seen anything so i am not sure what to think right now.
 
Old 09-29-2004, 05:54 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,962

Rep: Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341
Quote:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
udp 0 0 0.0.0.0:68 0.0.0.0:*
Ports 25 and 587 are used from sendmail (mail server)
Port 6000 is the X-server
As for port 68 according to /etc/services is used by bootpc.
If you don't use sendmail and bootpc you should disable them, or use a firewall to block respective ports.
sendmail is started from /etc/rc.d/rc.M but I don't know about bootpc.
Try:
Code:
fuser -v -n tcp 68
to see if it tells you how bootpc is started (from inetd or standalone)
 
Old 09-29-2004, 04:06 PM   #3
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
And you should set your X to start with nolisten -tcp. If you only use X locally, there's no reason to allow TCP/IP connections to it.

The UNIX domain sockets are all local to your machine and are not available across the network.
 
Old 09-30-2004, 02:52 AM   #4
BajaNick
Senior Member
 
Registered: Jul 2003
Location: So. Cal.
Distribution: Slack 11
Posts: 1,737

Rep: Reputation: 46
Quote:
Originally posted by chort
And you should set your X to start with nolisten -tcp. If you only use X locally, there's no reason to allow TCP/IP connections to it.

The UNIX domain sockets are all local to your machine and are not available across the network.
Thats if you dont connect remotely to your own machine, right? Where do you put nolisten -tcp?
 
Old 09-30-2004, 04:22 AM   #5
N|k0N
Member
 
Registered: Aug 2004
Location: New York
Posts: 63

Original Poster
Rep: Reputation: 15
And how could i set my X to start with nolisten -tcp? I have no idea how to do this
 
Old 10-01-2004, 06:52 PM   #6
Krugger
Member
 
Registered: Oct 2004
Posts: 229

Rep: Reputation: 30
It is a good idea to close the services you don't need. Have a look through the /etc/rc.d directory and inetd.conf.

To close the XServer tcp listen you put it in the startx script.

which startx - this gives you the location of the script

Then add the flag so the script uses it when you launch the XServer.
 
Old 10-02-2004, 04:55 PM   #7
BajaNick
Senior Member
 
Registered: Jul 2003
Location: So. Cal.
Distribution: Slack 11
Posts: 1,737

Rep: Reputation: 46
Quote:
Originally posted by Krugger
It is a good idea to close the services you don't need. Have a look through the /etc/rc.d directory and inetd.conf.

To close the XServer tcp listen you put it in the startx script.

which startx - this gives you the location of the script

Then add the flag so the script uses it when you launch the XServer.
How do we add -tcp nolisten " to the startx script? at the top or does it go somewhere in the code? Thanks
 
Old 10-02-2004, 05:52 PM   #8
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Here's a good post describing what files to modify. If I recall correctly, it get's added to the "serverargs" string.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Risk computerdude Linux - Security 3 08-31-2005 03:25 PM
Gentoo security risk? mikieboy Linux - Security 1 03-08-2005 08:44 PM
is this a security risk? shanenin Linux - Security 8 11-02-2003 05:27 PM
X windows a security risk? aneikei Linux - Newbie 4 09-11-2003 02:06 AM
security risk? Notfromkansas Linux - Security 12 04-04-2002 11:30 AM


All times are GMT -5. The time now is 01:25 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration