SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Just installed Slackware 8.1 and being from a Red Hat background am having trouble in closing a lot of open ports !!
PS - I read somewhere on here that SLackware is secure out-of-the-box ... well unless I've set something up incorrectly then it really is VERY insecure
A few ports that are open:
21
22
23
25
80
111
113
and a dozen more !!
My question is this:
I believe the confiugration of which services run/are loaded is done in /etc/rc.d/ but how do you CORRECTLY disable or add a service?
I want to run Apache and am happy with that but don't require
FTP
Telnet
SMTP etc ...
Any help would be greatly appreciated
PS - has anyone had much joy with the Linux drivers for NVidia GPU's?
My X-Windows works fine ATM after a lot of tweaking but may upgrade in the future
22 is telnet, 23 is ssh ( or the other way arround), 80 http (I think you like browsing dont you? eheh). You could set up a iptable script to close the open ports.
I have never done it, but I would point you to any place on google/linux to find a proper script.
The thing is I don't want to just block them ... I want to close them.
I don't want them running at all and wasting CPU Cycles and RAM
I've already checked Google but can't really find much slackware documentation which is a little dissapoiting as I was under the impression that it was the choice of "More experienced users"
I chose Slackware because I was fed up of the RPM's in Red Hat.
I wanted really to compile and build packages myself.
I believe that comenting out, or adding a "#" at the beggining of the corresponding line of these ports in the /etc/services files will do the trick of closing these ports for you.
Originally posted by figadiablo I believe that comenting out, or adding a "#" at the beggining of the corresponding line of these ports in the /etc/services files will do the trick of closing these ports for you.
Cheers,
Figa
it ensures the process doesnt start, but does it also secure the port? isnt that the point of making a iptable script?
I believe that comenting out, or adding a "#" at the beggining of the corresponding line of these ports in the /etc/services files will do the trick of closing these ports for you.
Thanks I'll try it when I get home later
Does that mean the process isn't loading then at boot???
Quote:
it ensures the process doesnt start, but does it also secure the port? isnt that the point of making an iptable script?
The port is secure if no process/daemon is listening !
If the process isn't running then no exploit exists because the port is closed
Closing a port is much more secure than controlling access to a port which is what a firewall does
In your /etc/rc.d/rc.M script, you'll see that it calls rc.inet1 adn rc.inet2. In these two scripts you will find all kinds of net-related processes and such. On my laptop which doesn't serve anything, I have the rc.inet2 commented out in rc.M. Also, I make sure that the inetd super-daemon is not run, which can be a vulnerability. Then, if I need some of those services, I can manually run /etc/rc.d/rc.inet2 start.
This would be in addition to blocking ports in your services file and including an iptables script for extra protection. It depends on how vigorous you want to be. I try to lock down everything except ssh on my office computer. I can pretty much accomplish whatever I need through that port if I'm away.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.