cant get port 21 to close
Hello,
Just for the record im real new to linux. Im running fedora 2 with apache not to sure what version, it was on installed with the os. Im trying to close up ports. Right now 80 http, and 443 https, (assuming i need both for the webserver) , 21 ftp and 110 pop3, are open. Id like to close 21 and 110. oh and im running a fire wall and have port 80 trusted. so far i have tried the following to close 21: Followign instruction from "Basic hardening" from linux exposed i edited /etc/xinetd.d/tftp and commented out the "service tftp" i did a restart then did a scan from a local xp bawx and it still showed me 21 as open. so then i edited /etc/services I commented out the ftp parts restarted and did anouther scan from the same machine and got the same results then... i edited /etc/vsfpd/vsftpd.conf and commented out everything restarted and scanned same results. Im not to sure what to do now Is there something im missing (obviously) any help or literature would be much apreciated oh and i have stopped all the services via system settings > serversettings > services and still shows open all out of ideas for now.. |
A couple of points:
1) TFTP is not FTP, they're different (though related) 2) The /etc/services file is a list of ports; it doesn't control what's listening on your machine 3) Commenting stuff out in config files usually just resets to default behavior. The answer to your question is to stop vsftpd from listening. There should be a ftp file in /etc/xinetd.d -- open that file and set disable to yes and restart xinetd. If vsftpd isn't actually started from xinetd, service vsftpd stop should do the trick and chkconfig vsftpd off to keep it from restarting on boot. Follow the same procedure with POP3. |
Hey
Thanks for the reply I tried all of what you said ans 2 ouit of three3 scanners find it open. One acts weird, first scan not matter what the tiemout doesnt find it, stop and restart the scan and it gets it. i edited/etc/vsftpd/vsftpd.conf and made the change listen=no not sure if this is right it was commented out when i got to it when i tried to stop the service i got 'failed', i then went to sys settings, server settings, services i looked at vsftpd i started the service there.....said it was running, tried to stop it and i got 'vsftpd dead but subsys locked' I have no idea what that means thanks for the info much help |
Probably vsftpd left a lock file in /var/lock/subsys or some such similar place. When you do ps aux do you see any vsftpd processes?
Oh -- here's another hint that may help -- do: netstat -tpan | grep LISTEN as root -- it will show you all processes and process ids listening on ports. You can use this info to figure out what process to kill, but it might restart on reboot, so check what's starting up with chkconfig (see the man page for more info). |
hey whats up
ok i tried ps aux nothing that looked like vsftpd or close to it i did find vsftpd in /var/lock/subsys can i do anything with that? when i did netstat -tpan | grep listen it showed me 80 and 443 then i did chkconfig --list showed me abunch of things but vsftpd 1through 6 off seems to me that its off all over the place and still showing for some reason lock file? thanks |
All times are GMT -5. The time now is 06:41 PM. |