I was just wondering if it is a good idea to close the follwing ports.

25/tcp open smtp
37/tcp open time
113/tcp open auth
587/tcp open submission
6000/tcp open X11

what is the purpose for ports 37,587,6000? Do I really need 113?

if your box runs as workstation, u can close all ports. just allow loopback interface to comminicate via those ports.


good luck.

Well, this is like a home server I am playing with. I am planning on running MySQL, SAMBA, SSH, SFTP and I will also make it a print server. Do you know what's the purpose of those ports and of i can close them

alagenchev,
The main ports fall within the port no 1024 . Some of the reserved ports are
ftp - 20, 21
http - 80
ssh - 22
telnet - 23
smtp - 25
pop3 - 110
dns - 58

You may also check the file /etc/services for more port numbers.

Your X server is using port 4000 which is a unreserved port. You may block it safely by using iptables. But make sure you open all ports for your localhost.
You might be interested in reading the following post...
http://linuxhelp.blogspot.com/2005/1...ables-for.html

ravee, thank you for your post! I was more interested in the particular ports that I had posted in the previos post.

I am wondering why do I need SMTP open? Is it only for a mail server or do I need it to even be able to check my mail from that box?

OK, I just answered all my questions, and I decided to post the resuts here, in case someone has same/similar questions.

first off , run "nmap localhost":


You should get something similar:

PORT STATE SERVICE
669/tcp open unknown


This tells you which ports are open. My 669 is SSH, if you run SSH, most likely yours is 22. You can change that in /etc/ssh/shd_config

now you can run "fuser -n tcp yourport"

this will give you the UID for the service running on that port. For example fuser -n tcp 25 returned sendmail. For some reason port 669 does not return a valid UID on my system. But I know 669 is SSH, since I set it this way. Once you get the UID, you can do ps -ax|grep "YourUIDhere", and you will get the program with tha UID. Now you know what to kill and what not. In my case, I had 25-sendmail,37 -time, 113-auth.
Ok, There are two places where processes get started automatically, from /etc/inetd.conf , or /etc/rc.d. inetd.conf will show you something similar:

<more stuff here>
# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>

time stream tcp nowait root internal->service of interest
time dgram udp wait root internal->service of interest

<more stuff>
# Ident service is used for net authentication
auth stream tcp wait root /usr/sbin/in.identd in.identd->service of interest
<more stuff>

All you need to do is comment out the services of interest with the # sign in front.

OK now to rc.d

bash-3.00# cd /etc/rc.d
bash-3.00# ls
rc.0 rc.M rc.bind rc.gpm rc.inet1.conf rc.local rc.saslauthd rc.syslog rc.wireless.conf
rc.4 rc.S rc.cups rc.hotplug rc.inet2 rc.modules rc.sendmail rc.sysvinit
rc.6 rc.acpid rc.dnsmasq rc.httpd rc.inetd rc.mysqld rc.serial rc.udev
rc.K rc.alsa rc.font.new rc.inet1 rc.ip_forward rc.portmap rc.sshd rc.wireless

These are some of the scripts that may/do get started during bootup. To prevent them from starting, just remove the execute option from permissions. you can do that using
chmod -x yourservice
or just using chmod 640 yourservice
Next time you boot up, you can do nmap localhost again, and all this stuff should be closed.

To stop X listening to port 6000, in your /usr/X11/bin/startx file edit :
serverargs="-nolisten tcp"

Oh yeah almost forgot, auth is some ancient internet authentication service, I removed it and I don't have any problems. Time , correct me if wrong, synchronises your local time using the internet. You need SMTP, port 25 only if you are running a mail server. That's it, write if you have comments