how to minimize listening ports
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:32768 *:* LISTEN <----why twice listed? tcp 0 0 *:5900 *:* LISTEN <--- VNC ok tcp 0 0 *:sunrpc *:* LISTEN <-again item twice listed tcp 0 0 *:x11 *:* LISTEN <---- neccessary? tcp 0 0 localhost.localdomain:ipp *:* LISTEN <---? tcp 0 0 *:x11 *:* LISTEN <------neccessary? tcp 0 0 *:ssh *:* LISTEN udp 0 0 *:32768 *:* <---- why is that port used udp 0 0 *:772 *:* <------ I want to disable unneccessary udp 0 0 *:bootpc *:* udp 0 0 *:sunrpc *:* <---why is that for? udp 0 0 *:ipp *:* <--- why is that for? udp 0 0 cook:ntp *:* <---- udp 0 0 localhost.localdomain:ntp *:* <--- udp 0 0 *:ntp *:* <-------- why this one is 4 times present udp 0 0 *:ntp *:* <--- I know what's it for any suggestions are highly appreciated, thanks in advance! |
A lot of that looks like stuff that should only be running on localhost. What does your /etc/hosts file look like? Fedora/RedHat has written this file dead wrong for some time
Also do a chkconfig --list and see what all is turned on. Looks like you have a good deal of services that I'm guessing you don't need. |
10x will do that,
Code:
isdn 0:off 1:off 2:on 3:off 4:on 5:on 6:off Code:
messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off - Code:
sendmail 0:off 1:off 2:on 3:off 4:on 5:on 6:off Code:
vncserver 0:off 1:off 2:off 3:on 4:off 5:off 6:off what's arptables_jf for? Automates a packet filtering firewall with arptables.? how do I use that arptables to make a packet filter - don't need a manual just a tip, guess it's for binding stuff with MAC, or I'm confusing some terms? and arpwatch? The arpwatch daemon attempts to keep track of ethernet/ip address pairings.? what for? faster local net since AFAIK it's a non-routable |
There is a file you can use as a reference to find out what a partitcular port is assigned to.
less /etc/services I think the 32768 port is the ftp service. If you don't want to use it you can disable that one. You might also try using 'lsof -i | egrep "lsof -i | egrep "COMMAND|LISTEN|UDP" to list open ports, plus which user is using them. |
Or netstat -pn :p
|
jschiwal man thank you that command just did the trick :) the world is safer now :)
|
sigsegv thanks really that did the job too :)
any ideas about: (question at bottom) [root@cook ~]# netstat -apn |more Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN 3412/rpc.statd tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 4735/vino-server tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3392/portmap tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 4613/X tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3526/cupsd tcp 0 0 :::6000 :::* LISTEN 4613/X tcp 0 0 :::22 :::* LISTEN 3723/sshd udp 0 0 0.0.0.0:32768 0.0.0.0:* 3412/rpc.statd udp 0 0 0.0.0.0:68 0.0.0.0:* 3313/dhclient udp 0 0 0.0.0.0:620 0.0.0.0:* 3412/rpc.statd udp 0 0 0.0.0.0:111 0.0.0.0:* 3392/portmap udp 0 0 0.0.0.0:631 0.0.0.0:* 3526/cupsd udp 0 0 84.238.135.26:123 0.0.0.0:* 3904/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 3904/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 3904/ntpd udp 0 0 :::123 :::* 3904/ntpd is it necessary for the X port 6000 to be binded twice? how to bind it just to localhost ? and ntp 4 times wow pls someone how to lower ntp to just external ip? and I want to bind VNC to local host too if possible? this is driving me crazy - tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN 3412/rpc.statd why to have it opened???? I need to close it if possible? best regards, |
statd is part of the NFS daemons. If you're not using NFS, turn it off. If you are, it's time for a firewall somewhere between that socket and the internet.
NTPd is the network time server. If you're not syncing time on other machines with that machine, turn it off. X -- I forget the proceedure to disable the TCP sockets, but it can be done (and should in 99% of the cases out there.) vncserver takes an argument of which display to start the server on. vncserver localhost:0 or whatever. |
Great help just the kind I needed :) Thanks again! I just noticed thanks to you that it'a ntpdeamon I thought it's the client, which is wow, well I didn't specify in the first time just made it to load (the vncserver) but I don't want to be binded to *.* just localhost I'm begging for a quick tip I'm sure most of you use it, because I do it through ssh but still I don't want to see that binding I consider unappropriate. In few words can u point out top benefits of RHE u're using (I don't want the commercial version from web)
|
and arpwatch and arptables_jf? how to use that packet filter where are those tables stored? and for arpwatch what's the deal?
|
The RHEL listed in my profile is work related. It wouldn't be there if I had my way about things, but those decisions are made by hapless people with letters after their names ... But I digress ...
On the VNC issue, I'd just disable the service (chkconfig --level 2345 vncserver off) and then start it as needed and tunnel it through ssh. As for arpwatch and arptables_jf -- I have no idea. I don't have either of those things installed. |
will vncserver remain working in init 5 if I set it only on 3 or it's necessary for both to have it for both? and 4?
it's not taking it like that [root@cook ~]# vncserver localhost:0 usage: vncserver [:<number>] [-name <desktop-name>] [-depth <depth>] [-geometry <width>x<height>] [-pixelformat rgbNNN|bgrNNN] <Xvnc-options>... vncserver -kill <X-display> but also I want it to be enabled to whatever display is in use , how-to? and to listen on that 5900 but only for localhost (which i suppose is the needed config for ssh vnc) unfortunately in GUI config remote desktop seems it's assuming the alias for my external IP which is not good wondering how to set it from a config file for example whichout interfering with GUI setup? |
If you are using a windows manager, you are in init level 5. The startx command will take you from level 3 to level 5. I don't see how using vnc in level 3 would make any sense.
|
If you are using a windows manager, you are in init level 5. The startx command will take you from level 3 to level 5. I don't see how using vnc in level 3 would make any sense.
If you use ssh, it will run commands on the remote computer using a different screen number in the display variable. I think it uses screen 11 by default. You be well advised to google for both ssh and vnc and compare. I believe that there is also a tight-vnc that may use the ssl library by default. OK, I just googled for that: Quote:
----- P.S. Sorry for the repetition. I thought I was in edit mode and instead posted a new post. |
First, yes, runlevel is supposed to dictate if X runs or not, but in the real world, it doesn't. Example: Debian uses only 0, 1, 2 and 6.
Second, startx does not change what runlevel you're in. Third, port forwards are not the same as X forwarding. A port forward is what that's talking about. X forwarding is what uses DISPLAY=:1x.0 -- the former lets you create tunneled ports through your SSH connection while the latter fakes using a remote X display. Most SSH servers are configured to do port forwards by default. This is not the case for X forwarding. Just an FYI |
All times are GMT -5. The time now is 03:27 AM. |