LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > AIX
User Name
Password
AIX This forum is for the discussion of IBM AIX.
eserver and other IBM related questions are also on topic.

Notices


Reply
  Search this Thread
Old 07-27-2010, 08:31 AM   #1
unix1adm
Member
 
Registered: Oct 2008
Posts: 688

Rep: Reputation: 32
how to block unused/needed ports in AIX


We have a system and we have modified the /etc/ind.conf and the
/etc/services and the /etc/rc.tcpip file to turn off specific applications.

I need to know what is the correct procedure for locking down unused
ports that still appear to be in a listen mode even if they are not in
/etc/services file.

If we run a netstat we can see port 65000 is listening but don't need
it or know what process is holding it open.

We have several such ports.
Please advise the correct method of locking down such ports.
I know we also have to block it with the FW rules but thats not good enough. We need to block the server from even allowing them to be used.

Last edited by unix1adm; 07-27-2010 at 08:50 AM.
 
Old 07-27-2010, 09:36 AM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
Get LSOF from the IBM AIX Toolbox and use it to find what is listening on port 65000. Then stop/kill the process.

I was going to suggest just firewalling it. You can't prevent a port from being used, you can only stop things that are using a port, or firewall it.
 
Old 07-27-2010, 09:37 AM   #3
hujer
LQ Newbie
 
Registered: Jun 2009
Posts: 3

Rep: Reputation: 1
Try to install lsof-4.61-4.rpm (Linux Toolbox CD or other source) and run 'lsof -i'.
 
Old 07-27-2010, 02:01 PM   #4
unix1adm
Member
 
Registered: Oct 2008
Posts: 688

Original Poster
Rep: Reputation: 32
yes i have lsof i was more concerned with fw rules if not able to block on the system. IBM did tell me i can use iptables but that will make for a non standard system.
 
Old 07-28-2010, 08:45 AM   #5
unix1adm
Member
 
Registered: Oct 2008
Posts: 688

Original Poster
Rep: Reputation: 32
this is interesting. I looked in /etc/init.d and do not see anything for rlogin there. So I did a man on rlogin and it bring up the man for ssh.

When i do an rlogin without any options I get this....
rlogin
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-e escape_char] [-F configfile]
[-i identity_file] [-L [bind_address:]port:host:hostport]
[-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
[-R [bind_address:]port:host:hostport] [-S ctl_path]
[-w local_tun[:remote_tun]] [user@]hostname [command]
So I am assuming that rlogin is an alias back to ssh at the system level.
As the alias command returns nothing back. And I know I have not set up any aliases.

Is this a safe assumption to say that rlogin is the same a ssh now? I dont want to have an open system with these ports etc.


When I try to rlogin i get this message:

Warning: Permanently added 'myltt' (RSA) to the list of known hosts.
root@mylt's password:
Linux cj454lt 2.6.32-24-generic #38-Ubuntu SMP Mon Jul 5 09:22:14 UTC 2010 i686 GNU/Linux
Ubuntu 10.04.1 LTS

Welcome to Ubuntu!
* Documentation: https://help.ubuntu.com/

1 package can be updated.
0 updates are security updates.


The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.


Any way to verify this? I htink its using ssh from what I am seeing.
 
Old 07-29-2010, 07:47 AM   #6
unix1adm
Member
 
Registered: Oct 2008
Posts: 688

Original Poster
Rep: Reputation: 32
well what i figured out so far is that unless you use iptables this cannot be done and you have to rely on the firewall not the server.

You can stop the applications but something else could (if written to) talk on an unused port.

IP tables can be very difficult when updating an os and can cause other issues from what i was reading. At this time Ill leave it that we turn off the application/process talking on the port and leave the port blocking up to the FW rules.
 
Old 08-23-2010, 04:38 AM   #7
born4linux
Senior Member
 
Registered: Sep 2002
Location: Philippines
Distribution: Slackware, RHEL&variants, AIX, SuSE
Posts: 1,127

Rep: Reputation: 49
Quote:
Originally Posted by unix1adm View Post
yes i have lsof i was more concerned with fw rules if not able to block on the system. IBM did tell me i can use iptables but that will make for a non standard system.
use ipsec:

smitty ipsec4
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Close unused ports and SSH annielee Linux - Security 18 12-04-2006 11:46 AM
Closing unused ports jasone Linux - Security 12 07-02-2005 02:49 PM
List of unused ports on a machine linuxprogrammer Linux - Newbie 2 10-18-2004 02:20 PM
List of unused ports on a machine linuxprogrammer Linux - Newbie 4 10-18-2004 02:20 PM
List of unused ports on a machine linuxprogrammer Linux - Networking 1 10-18-2004 02:42 AM

LinuxQuestions.org > Forums > Other *NIX Forums > AIX

All times are GMT -5. The time now is 06:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration