LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 06-01-2002, 04:41 PM   #1
NSKL
Senior Member
 
Registered: Jan 2002
Location: Rome, Italy ; Novi Sad, Srbija; Brisbane, Australia
Distribution: Ubuntu / ITOS2008
Posts: 1,207

Rep: Reputation: 46
Open Ports


Since Slackware claims to be the most secure Linux distro "out of the box" i nmapped myself and got the following results.
Port State Service
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
37/tcp open time
79/tcp open finger
111/tcp open sunrpc
113/tcp open auth
139/tcp open netbios-ssn
513/tcp open login
514/tcp open shell
515/tcp open printer
6000/tcp open X11
Now i need ssh/telnet open, but shell, and login are worrying me since i dont know what they are. Is this set of open ports safe enough? Should i block some, and which ones. I dont think ftp should be running either unless it is used to download files from ftp sites as well. Please give me some advice on which ports should i block and how? IPtables?
Thanks in advance
-NSKL
 
Old 06-01-2002, 05:09 PM   #2
jpweston
Member
 
Registered: Mar 2002
Location: Sacramento, CA
Distribution: Slackware 8.1; Debian 3.0
Posts: 222

Rep: Reputation: 30
NSKL,

To the best of my knowledge, you can close all of those ports - except, of course, the ones you mentioned that you needed. 21 can be closed if you're just going to download files to or upload files from your box. Time and finger can safely be closed (both are in /etc/inetd.conf.) The sunrpc is kicked off by the portmapper in /etc/rc.d/rc.inet2. The open 6000 port is from your X session. You can close it by kicking off X with startx -- -nolisten tcp. Port 113 is for identd (also kicked off in /etc/inetd.conf). You can close it and probably won't have any issues except with some IRC servers (i.e. most DAL Net servers) that will reject you when they don't receive an ident response.

I'm not sure what the 5xx ports are.

Here's one of my favorite security "quickie" howtos:

http://www.tldp.org/HOWTO/Security-Q...WTO/index.html

j.

Last edited by jpweston; 06-01-2002 at 05:10 PM.
 
Old 06-01-2002, 05:39 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,118
Blog Entries: 54

Rep: Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785
513 rsh, 514 rexec and 515 is lpd, spose you search your rc(.M) file and disable 'em.
 
Old 06-02-2002, 05:14 AM   #4
NSKL
Senior Member
 
Registered: Jan 2002
Location: Rome, Italy ; Novi Sad, Srbija; Brisbane, Australia
Distribution: Ubuntu / ITOS2008
Posts: 1,207

Original Poster
Rep: Reputation: 46
I can't find the init script that starts rsh and rlogin.. I looked through rc.M but didnt find it. Any ideas where these services are started?

Thanks in advance

-NSKL
EDIT: Nevermind, the services were started by inetd, i edited inetd.conf and stopped them. Now when i scan my self with Nmap i get the following:
Port State Service
22/tcp open ssh
111/tcp open sunrpc
113/tcp open auth
515/tcp open printer
6000/tcp open X11
I need ssh open, i beleive sunrpc is used by a number of programs so i left it running, auth is needed for many IRC servers to get authentication response so i left it running, i (will be) sharing a printer on a LAN so printer is running (I beleive i need to firewall it later so only users on the lan can use the printer) and X11 is obviously running since im in X (X11 needs to be firewalled tho if im not wrong, so only local LAN users can use it?)
Is this range of open ports safe enough. Keep in mind that some of these services like printer and X11 might be firewalled already but i can not verify it since im scaning myself and firewall is bypassed AFAIK.
Any suggestions welcome,
Thanks in advance
-NSKL

Last edited by NSKL; 06-02-2002 at 05:21 AM.
 
Old 06-02-2002, 09:07 AM   #5
jpweston
Member
 
Registered: Mar 2002
Location: Sacramento, CA
Distribution: Slackware 8.1; Debian 3.0
Posts: 222

Rep: Reputation: 30
NSKL,

If you firewall the lpd service, that should be ok. Same with X, or you can do the -- -nolisten tcp option when you start X.

For port 113, I would do one of two things:

1. Get a replacement identd program off of freshmeat which is more secure.

-or-

2. Modify the call in inetd.conf to use some of identd's flags. Here is my entry:

auth stream tcp wait nobody /usr/sbin/in.identd in.identd -o -n -P/dev/null

-P Sends the file containing the PID, which is created by default, to /dev/null

-o Directs identd to return OTHER instead of UNIX as the operating system.

-n Returns user numbers instead of usernames.

j.

Last edited by jpweston; 06-03-2002 at 10:16 PM.
 
Old 06-03-2002, 10:02 PM   #6
spook
LQ Newbie
 
Registered: Jun 2002
Location: UK
Distribution: slackware, freebsd, solaris,sunOS, IRIX
Posts: 18

Rep: Reputation: 0
On my machine at home I decided that I wanted to make it as secure as possible. I found that not running inetd at all was the best idea: how much do you actually need any of the ports that it runs for you? Also the same with sunrpc: unless you want to do stuff with NFS or whatever there is little reason to run it. identd is also not required for some efnet irc servers such as irc.concentric.net or efnet.demon.co.uk amongst others. Basically it is not really neccesary to have any ports open at all on a home machine: I keep ssh open in case I need to login remotely but that it all.
spook
.
 
Old 06-04-2002, 01:43 AM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,118
Blog Entries: 54

Rep: Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785
Just a note, it's best to close off all services you need. If you don't, plz note firewalling alone ain't enough; add access restrictions (tcp wrappers, or alike in case of lpd) as well, because if your fw script somehow fsck's up that would have been your last line of defense (vewwy wwonk).
 
Old 06-04-2002, 10:48 AM   #8
NSKL
Senior Member
 
Registered: Jan 2002
Location: Rome, Italy ; Novi Sad, Srbija; Brisbane, Australia
Distribution: Ubuntu / ITOS2008
Posts: 1,207

Original Poster
Rep: Reputation: 46
Ok now i have only printer, ssh, auth and X open. I will tweak auth like jpweston suggested (Thanks!), then only X and printer reamain that i will firewall and use tcp wrappers to secure.
This is a home machine, dynamic IP (PPP) so i think the chance that someone will attempt anything are very small...
Thanks for all the help, i will do as suggested!
-NSKL
 
Old 06-04-2002, 11:22 AM   #9
geoffm33
Member
 
Registered: May 2002
Distribution: RH 7.3 - YDL 2.3
Posts: 63

Rep: Reputation: 15
Also, as jpweston suggested, start your X windows session with the following command:

startx -- -nolisten tcp

This will stop X from listening on port 6000.

create an alias in your .bashrc (or similar)

alias startx='startx -- -nolisten tcp'
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot Open Mail Server Ports 25, 110, and 220. Other Ports will open. Binxter Linux - Newbie 9 11-29-2007 02:03 AM
open ports on linksys, i have ssh open but thats it PlatinumRik Linux - Security 1 07-07-2005 10:38 AM
Open ports! WWMPCDD Linux - Networking 6 10-28-2004 09:29 PM
How to open ports? kaboom Linux - Networking 1 01-05-2004 05:23 PM
open ports nakkaya Linux - General 2 02-05-2003 03:21 AM


All times are GMT -5. The time now is 09:36 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration