Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I've only been using linux for 6 months, so in this time i've been getting my head around the basic. Now i'm moving into securing my box. Being breastfed on windows for years i've tended to ignore the issue beyond installing more patches and security software.
I'm told i shouldn't have ports open i'm not using as these are security vulnerabilities right???? So i run the
and find i have unknown ports open ie
737/tcp open unknown
956/tcp open unknown
not only that, but can someone tell me what the following are for
111/tcp open sunrpc
199/tcp open smux
32770/tcp open sometimes-rpc3
apart from what they are for, if i can shut them down, how do i go about it???????
First of all, the word “unknown” just means that there isn't an entry in the portmap file for this port, so nmap doesn't know which protocol it's supposed to be assigned to.
A port that isn't being used is not a security vunrability in itself; only if a server is actually listening on the port is it necessarily a problem. However, it is a good way to protect yourself against possible attacks by disallowing connections (blocking) on ports that shouldn't get used.
To do this, you need to look at the firewall software that comes with Red Hat.
If a port is open, it means that something is using it. Find out what before you do anything, by logging in to the server and running “netstat -a”. If it's a service you don't want to be running, shut it down in the runlevel editor or (better) uninstall it.
By the way, ports with numbers above 1024 are unprivilaged ports that tend to be used for things like the client-side of communications, so if you block all packets on these ports, you'll find that your machine only works as a network server and you can't do things like browsing web-sites or establishing FTP connections to download system updates. So be careful about locking down 32770.
If you don't run any RPC services, you don't need the portmapper (it's a locator service for RPC), and the mountd service is used with NFS, so if you're not using NFS, you don'r need it. No idea about what smux is, but I doubt it's something you need.
thanks for the help guys. just a few points
yeah all the ports are open, i ran nmap from my client computer ( i have a 2 pc LAN) (wow!!!).
As for the print out from either
i have no idea what the output, which is a hell of alot means, all pure swahili to me chaps. as i say i'm just a noob at this. This is why i was rather hoping someone could tell me which ports to close, which incidently i still have not a clue. i figure i can close down the unknown ports, but whats the syntax for that????????
is there any security vulnerabilities by leaving all alone???????
It's good to close all unwanted ports, so the risk of compromise is lower. I'm not familiar with RH but I guess it has a management tool to assist you on disabling unwanted services. You can also take a look here: http://www.uic.edu/depts/accc/security/os/rhlinux.html
Consider using a firewall also for better security.
On RH9 (KDE) the menu option is:
System Settings ->Server Settings ->Services
which will give you the Service Config GUI, showing you which services are running at each run-level, and allowing you to turn them off/on.
Don't forget to use 'Save Changes' under the 'File' menu, otherwise a reboot will lose the changes.
If you're using Gnome, the menu should be similar..
You have to identify the services using those ports to be able to stop them. If the commands, fuser and lsof didn't return anything you can use:
nmap -A -T4 -F xx.xx.xx.xx
from another box. Perhaps it's output will tell you what's running on those ports.
But you have to start to worry that there is something wrong with your box since fuser and lsof didn't came up with the services that use those ports.