Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address Stat e PID/Program name
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LIST EN -
tcp 0 0 0.0.0.0:32769 0.0.0.0:* LIST EN 2391/rpc.statd
tcp 0 0 0.0.0.0:32770 0.0.0.0:* LIST EN -
tcp 0 0 0.0.0.0:779 0.0.0.0:* LIST EN 2720/rpc.mountd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LIST EN 2370/portmap
tcp 0 0 218.111.5.196:53 0.0.0.0:* LIST EN 2660/named
tcp 0 0 192.168.0.5:53 0.0.0.0:* LIST EN 2660/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LIST EN 2660/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LIST EN 2580/cupsd
tcp 0 0 127.0.0.1:5335 0.0.0.0:* LIST EN 2544/mDNSResponder
tcp 0 0 127.0.0.1:25 0.0.0.0:* LIST EN 2757/sendmail: acce
tcp 0 0 127.0.0.1:953 0.0.0.0:* LIST EN 2660/named
tcp 0 0 0.0.0.0:763 0.0.0.0:* LIST EN 2703/rpc.rquotad
tcp 0 0 60.48.91.156:32823 66.94.234.72:80 TIME _WAIT -
tcp 0 0 60.48.91.156:32826 66.94.234.72:80 TIME _WAIT -
tcp 0 0 60.48.91.156:32827 64.179.4.149:80 TIME _WAIT -
tcp 0 0 60.48.91.156:32777 203.106.50.8:80 ESTA BLISHED 3877/firefox-bin
tcp 0 0 60.48.91.156:32778 203.106.50.8:80 ESTA BLISHED 3877/firefox-bin
tcp 0 0 60.48.91.156:32832 216.239.57.103:80 ESTA BLISHED 3877/firefox-bin
tcp 0 0 60.48.91.156:32830 216.239.57.103:80 ESTA BLISHED 3877/firefox-bin
tcp 0 0 60.48.91.156:32779 66.218.70.70:443 ESTA BLISHED 3877/firefox-bin
tcp 0 0 60.48.91.156:32794 203.106.50.9:80 ESTA BLISHED 3877/firefox-bin
tcp 0 0 60.48.91.156:32821 66.35.229.145:80 ESTA BLISHED 3877/firefox-bin
tcp 0 0 60.48.91.156:32787 203.106.50.16:80 ESTA BLISHED 3877/firefox-bin
tcp 0 0 :::22 :::* LIST EN 2673/sshd
udp 0 0 0.0.0.0:32768 0.0.0.0:* 2391/rpc.statd
udp 0 0 0.0.0.0:2049 0.0.0.0:* -
udp 0 0 0.0.0.0:32769 0.0.0.0:* 2660/named
udp 0 0 0.0.0.0:32772 0.0.0.0:* -
udp 0 0 0.0.0.0:776 0.0.0.0:* 2720/rpc.mountd
udp 0 0 218.111.5.196:53 0.0.0.0:* 2660/named
udp 0 0 192.168.0.5:53 0.0.0.0:* 2660/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 2660/named
udp 0 0 0.0.0.0:871 0.0.0.0:* 2391/rpc.statd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 2544/mDNSResponder
udp 0 0 0.0.0.0:5353 0.0.0.0:* 2544/mDNSResponder
udp 0 0 0.0.0.0:111 0.0.0.0:* 2370/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 2580/cupsd
udp 0 0 0.0.0.0:760 0.0.0.0:* 2703/rpc.rquotad
udp 0 0 :::32770 :::* 2660/named
Quote:
Originally posted by Capt_Caveman
Just NFS and DNS server for now.
Is it running an actual DNS server (like BIND) on the machine itself or do you mean that it connects to some other remote DNS server for hostname resolution (i.e. it acts as a DNS client)?
Is that secure ?
There are serious security considerations for either one, but they can be run reasonably safely if done so properly. Both DNS and NFS were not really design for use in a hostile environment (at least for most implementations). So if at all possible, they should really be run behind a firewall so that only LAN clients can access them. In some cases though it's not an option and you really need to lockdown and harden the server as best you can. I certainly wouldn't recommend running DNS and NFS on your firewall machine, as they should really be running on a seperate box(es), preferably in a DMZ. If this system is just a DNS/NFS client and you don't have the resources necessary for multiple boxes, then I would just use a decent firewall and do some standard hardening (turning off unneeded services, install a file integrity scanner like tripwire/aide/samhain, etc).
Are there unnecessary services or ports running?
Dunno. Run "netstat -pantu" as root and post the output.
|