Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I just ran: nmap <myipaddress> and this is what I got:
Quote:
(The 1597 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
23/tcp open telnet
80/tcp open http
5190/tcp open aol
Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds
I never opened any of these ports and the funniest thing about all this is that I don't even have AOL. How do I close these ports? Thanks.
You didn't mention your distro to help us be more specific, but you can generally close the first 2 ports from /etc/inetd.conf (if your distro uses inetd) by commenting out the respective entries, or from /etc/xinetd.d/* by removing the respective files.
Port 80 is used from apache, so find its startup script and make in no-executable, or move it to another place. The same goes for port 5190 (I guess it's aim).
Are you certain that the respective files must be removed? Since telnet is one of the files, I'll show you its content:
Quote:
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = yes
}
As you can see, "default:on" has been commented; and "disable=yes" is written. I think that this file is fine, but I'm not sure-- I'm a newbie. Thank you for the help.
Changing "disable=yes" does the job. The folder /etc/xinetd.d contains control files for all the services that can be start at system startup. Since you use RH you can also use the "chkconfig" utility to control the services you want to start or no. Take a look at
Huh? Should I change disable=yes to disable=no? Wouldn't that be the exact opposite of what I want?
I used the chkconfig utility in this manner:
Code:
chkconfig --list telnet
It gave me:
Code:
telnet off
I'm a bit confused over here. When I went to www.whatismyip.com, I obtained an IP address. I "nmaped" that IP and got the four ports I mentioned earlier, but when I run nmap localhost, I get:
111/tcp open sunrpc
6000/tcp open X11
Anyway, I telneted to the first IP address and actually got a prompt! It gave me:
What exactly makes them vulnerable? Not every open port means a security risk. If you're that concerned about sec; I think you might want to reconsider the choice for your distribution.
As for the router.. learn what they are and how they work.. or simply forget about it and live just as happily.
What exactly makes them vulnerable? Not every open port means a security risk. If you're that concerned about sec; I think you might want to reconsider the choice for your distribution.
I ran an online security scanner and it listed the ports as vulnerable. I ran nmap to confirm that the ports were open. RH9 is the only distribution I have access to.
Quote:
As for the router.. learn what they are and how they work.. or simply forget about it and live just as happily.
Did you read my previous post completely? I never stated that I wanted to learn what a router was and how it worked. I wanted to know the difference between scanning localhost and scanning the IP I had obtained by going to that particular website. I simply provided more information.
Thanks for the help billy-- I already tried that two posts ago. I just want to know why I get a different result from nmapping localhost and from nmapping the IP as shown on www.whatismyip.com
Probably the services you get when nmaping localhost are only listening on the local interface. Daemons can listen on only the loopback interface (and in fact this is quite normal for X11 and other services that would only expect to be accessed locally).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
