LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Fedora (https://www.linuxquestions.org/questions/fedora-35/)
-   -   how to minimize listening ports (https://www.linuxquestions.org/questions/fedora-35/how-to-minimize-listening-ports-287811/)

johnnydangerous 02-08-2005 03:32 PM

how to minimize listening ports
 
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:32768 *:* LISTEN <----why twice listed?
tcp 0 0 *:5900 *:* LISTEN <--- VNC ok
tcp 0 0 *:sunrpc *:* LISTEN <-again item twice listed
tcp 0 0 *:x11 *:* LISTEN <---- neccessary?
tcp 0 0 localhost.localdomain:ipp *:* LISTEN <---?
tcp 0 0 *:x11 *:* LISTEN <------neccessary?
tcp 0 0 *:ssh *:* LISTEN
udp 0 0 *:32768 *:* <---- why is that port used
udp 0 0 *:772 *:* <------ I want to disable unneccessary
udp 0 0 *:bootpc *:*
udp 0 0 *:sunrpc *:* <---why is that for?
udp 0 0 *:ipp *:* <--- why is that for?
udp 0 0 cook:ntp *:* <----
udp 0 0 localhost.localdomain:ntp *:* <---
udp 0 0 *:ntp *:* <-------- why this one is 4 times present
udp 0 0 *:ntp *:* <--- I know what's it for

any suggestions are highly appreciated, thanks in advance!

sigsegv 02-08-2005 03:46 PM

A lot of that looks like stuff that should only be running on localhost. What does your /etc/hosts file look like? Fedora/RedHat has written this file dead wrong for some time

Also do a chkconfig --list and see what all is turned on. Looks like you have a good deal of services that I'm guessing you don't need.

johnnydangerous 02-08-2005 04:13 PM

10x will do that,
Code:

isdn            0:off  1:off  2:on    3:off  4:on    5:on    6:off
- great it's supposed to be stopped from services menu GUI, but how to make a final no for isdn? I know a console command that will do that but isn't it enought I removed it form service to be started?

Code:

messagebus      0:off  1:off  2:off  3:on    4:on    5:on    6:off -
is msgbus opening some ports?

Code:

sendmail        0:off  1:off  2:on    3:off  4:on    5:on    6:off
why on init 2? I don't use it, but not sure why it's set for 2,4 and 5, while not for 3 it's really interesting to understand that before I remove it from chkconfig

Code:

vncserver      0:off  1:off  2:off  3:on    4:off  5:off  6:off
how to properly set it because I guess on 3 it's not needed just for 5 ok?

what's arptables_jf for? Automates a packet filtering firewall with arptables.?
how do I use that arptables to make a packet filter - don't need a manual just a tip, guess it's for binding stuff with MAC, or I'm confusing some terms?

and arpwatch? The arpwatch daemon attempts to keep track of ethernet/ip address pairings.? what for? faster local net since AFAIK it's a non-routable

jschiwal 02-08-2005 04:18 PM

There is a file you can use as a reference to find out what a partitcular port is assigned to.

less /etc/services

I think the 32768 port is the ftp service. If you don't want to use it you can disable that one.

You might also try using 'lsof -i | egrep "lsof -i | egrep "COMMAND|LISTEN|UDP" to list open ports, plus which user is using them.

sigsegv 02-08-2005 04:25 PM

Or netstat -pn :p

johnnydangerous 02-08-2005 04:52 PM

jschiwal man thank you that command just did the trick :) the world is safer now :)

johnnydangerous 02-08-2005 04:55 PM

sigsegv thanks really that did the job too :)

any ideas about: (question at bottom)
[root@cook ~]# netstat -apn |more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN 3412/rpc.statd
tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 4735/vino-server
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3392/portmap
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 4613/X
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3526/cupsd
tcp 0 0 :::6000 :::* LISTEN 4613/X
tcp 0 0 :::22 :::* LISTEN 3723/sshd
udp 0 0 0.0.0.0:32768 0.0.0.0:* 3412/rpc.statd
udp 0 0 0.0.0.0:68 0.0.0.0:* 3313/dhclient
udp 0 0 0.0.0.0:620 0.0.0.0:* 3412/rpc.statd
udp 0 0 0.0.0.0:111 0.0.0.0:* 3392/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3526/cupsd
udp 0 0 84.238.135.26:123 0.0.0.0:* 3904/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 3904/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 3904/ntpd
udp 0 0 :::123 :::* 3904/ntpd
is it necessary for the X port 6000 to be binded twice? how to bind it just to localhost ?
and ntp 4 times wow pls someone how to lower ntp to just external ip?
and I want to bind VNC to local host too if possible?
this is driving me crazy - tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN 3412/rpc.statd why to have it opened???? I need to close it if possible?

best regards,


sigsegv 02-08-2005 05:06 PM

statd is part of the NFS daemons. If you're not using NFS, turn it off. If you are, it's time for a firewall somewhere between that socket and the internet.

NTPd is the network time server. If you're not syncing time on other machines with that machine, turn it off.

X -- I forget the proceedure to disable the TCP sockets, but it can be done (and should in 99% of the cases out there.)

vncserver takes an argument of which display to start the server on. vncserver localhost:0 or whatever.

johnnydangerous 02-08-2005 05:23 PM

Great help just the kind I needed :) Thanks again! I just noticed thanks to you that it'a ntpdeamon I thought it's the client, which is wow, well I didn't specify in the first time just made it to load (the vncserver) but I don't want to be binded to *.* just localhost I'm begging for a quick tip I'm sure most of you use it, because I do it through ssh but still I don't want to see that binding I consider unappropriate. In few words can u point out top benefits of RHE u're using (I don't want the commercial version from web)

johnnydangerous 02-08-2005 05:26 PM

and arpwatch and arptables_jf? how to use that packet filter where are those tables stored? and for arpwatch what's the deal?

sigsegv 02-08-2005 05:39 PM

The RHEL listed in my profile is work related. It wouldn't be there if I had my way about things, but those decisions are made by hapless people with letters after their names ... But I digress ...

On the VNC issue, I'd just disable the service (chkconfig --level 2345 vncserver off) and then start it as needed and tunnel it through ssh.

As for arpwatch and arptables_jf -- I have no idea. I don't have either of those things installed.

johnnydangerous 02-08-2005 05:51 PM

will vncserver remain working in init 5 if I set it only on 3 or it's necessary for both to have it for both? and 4?


it's not taking it like that
[root@cook ~]# vncserver localhost:0

usage: vncserver [:<number>] [-name <desktop-name>] [-depth <depth>]
[-geometry <width>x<height>]
[-pixelformat rgbNNN|bgrNNN]
<Xvnc-options>...

vncserver -kill <X-display>


but also I want it to be enabled to whatever display is in use , how-to? and to listen on that 5900 but only for localhost (which i suppose is the needed config for ssh vnc)

unfortunately in GUI config remote desktop seems it's assuming the alias for my external IP which is not good wondering how to set it from a config file for example whichout interfering with GUI setup?

jschiwal 02-10-2005 07:22 PM

If you are using a windows manager, you are in init level 5. The startx command will take you from level 3 to level 5. I don't see how using vnc in level 3 would make any sense.

jschiwal 02-10-2005 07:33 PM

If you are using a windows manager, you are in init level 5. The startx command will take you from level 3 to level 5. I don't see how using vnc in level 3 would make any sense.

If you use ssh, it will run commands on the remote computer using a different screen number in the display variable. I think it uses screen 11 by default. You be well advised to google for both ssh and vnc and compare. I believe that there is also a tight-vnc that may use the ssl library by default. OK, I just googled for that:

Quote:

-via gateway
Automatically create encrypted TCP tunnel to the gateway machine before connection, connect to the host through that tunnel (TightVNC-specific). By default, this option invokes SSH local port forwarding, assuming that SSH client binary can be accessed as /usr/bin/ssh. Note that when using the -via option, the host machine name should be specified as known to the gateway machine, e.g. "localhost" denotes the gateway, not the machine where vncviewer was launched. See the ENVIRONMENT section below for the information on configuring the -via option.
http://www.tightvnc.com/vncviewer.1.html

-----
P.S. Sorry for the repetition. I thought I was in edit mode and instead posted a new post.

sigsegv 02-10-2005 08:42 PM

First, yes, runlevel is supposed to dictate if X runs or not, but in the real world, it doesn't. Example: Debian uses only 0, 1, 2 and 6.

Second, startx does not change what runlevel you're in.

Third, port forwards are not the same as X forwarding. A port forward is what that's talking about. X forwarding is what uses DISPLAY=:1x.0 -- the former lets you create tunneled ports through your SSH connection while the latter fakes using a remote X display. Most SSH servers are configured to do port forwards by default. This is not the case for X forwarding.

Just an FYI


All times are GMT -5. The time now is 03:27 AM.