don't understand netstat -a
Ladies & Gents
In the process of setting up a linux firewall the instructions I am following says Code:
check for running network services by issuing the command netstat -a. Ensure that only required services are running and listening for connections. This helps in preventing security compromises on possibly unknown and unpatched services. Code:
Active Internet connections (servers and established) I do understand some of the lines in regards to things like ssh, localhost and my local ip. Thanks again for all the wonderful advice given on this site. |
I type the following command which I find a bit more clear (although the wording is unfortunate ;) ). You should be looking for all the lines that say "LISTEN" and check if you really need these services running.
Code:
# netstat -putan|grep LISTEN Hope this helps. |
man netstat should be elucidating. But the long and the short of it is that:
You can find out about the UNIX domain sockets in man netstat. Also, while the -p option is nice, IIRC it requires root privileges. Use -n to avoid translating service and host names to words (i.e. "numeric"). |
Thanks eco
I have posted below with the command your way but I still don't know which ones I really need and which ones I don't. This firewall will be doing only 3 things. They are iptables, nat and dns. It will take the place of my existing linux firewall and be my primary firewall between my cable modem and my network. I need to keep ssh open for config and monitoring, at least to my lan. I see that you don't have a local ip open and I suppose that after my setup is complete I wont need one either. I have to do everything from the shell on this box as it has no gui. My understanding is that I have to disable the services I don't need in /etc/init.d, but beyond uninstalling a package I am not really sure how to do that. I know about changing the 'S' or something in some of the sub-folders. I have looked through most of the files in said folder but most of them make little sense to me. I can see where the scripts call other files, I don't know beyond prefixing the line with a # what else to do. My experience with doing that to scrips has been less than favorable, usually breaking them. I am also recalling that there is a command that can be run that will turn stuff off services, something like '/etc/init.d update rc. ssh stop' but that is only memory and mine is somewhat faulty.:scratch: Still the bigger problem remains that I don't know which ones to turn off. Or why, which is probably more important. I just need this machine to be locked down hard before I start installing the things I need. FYI this machine has only a Debian Lenny base install on it, and I have striped it down a little further at this point. Code:
tcp 0 0 0.0.0.0:51660 0.0.0.0:* LISTEN 1699/rpc.statd |
All times are GMT -5. The time now is 11:22 AM. |