Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The lines in bold are the ones I'm unsure about, all the others should be running services although these need proper configuration but I'll leave that for another time/thread if I cant sort it out.
The ones I'm concerned about are running on ports 111 & 6000 as these are the ones the online port scanner warned about.
I found some info saying that if I enter -nolisten tcp to the Xservers file this would stop it running but this didn't work for me.
Ideally I'd like to stealth almost all my ports and just have the ports open that I need open, like 53 for DNS. I guess I could run a shell script to alternate between configurations once I know what each one will do.
Could anyone advise on how I could close these two ports (111 & 6000)?
Ideally I'd like to stealth almost all my ports and just have the ports open that I need open, like 53 for DNS. I guess I could run a shell script to alternate between configurations once I know what each one will do.
Could anyone advise on how I could close these two ports (111 & 6000)?
Thanks in advance
Hi - im a newbie to this forum and with Linux, so please excuse any stupid obvious remarks from me - he he....
Anyways, dont you have a "firewall" installed ? - i just downloaded "Guarddog", did a port scan at grc.com and had "stealth" on all the ports. The programme was easy to install and configure with a good online manual as well. Found it here: http://www.simonzone.com/software/guarddog/
As regards those "open" ports though - sorry, cant help you as to what they are or why they are open.
I downloaded Guard Dog, but when I ran the config prog I got errors, saying that there was no acceptable cc path found in $PATH, read through the doc but couldn't find anything to help.
If you're just wanting to close the open ports, then it depends which kernel you're running. I'll assume you're running 2.4.x. What you need to do is make sure that iptables are compiled into your kernel, for help on that check out www.netfilter.org. Once you make the new kernel with iptables, you can do this.
For example, if you wanted to close off the sendmail port, you would do this:
IPTABLES -A INPUT -p tcp --dport 1025 -j DROP
To close the others ones you want, use the same commant above, but replace 1025 with the port you want. Just make sure you're aware that you're only closing it to tcp connections, not udp.
Now, on another note, you probably don't want to close your portmapper and you probably want to leave the X one open too. Sendmail, unless you need it, probably doesn't need to run. I would like to know though, do you use samba and nfs at all? Are you sharing any directories on that machine? If you aren't, then it's just a security risk and you should take samba off the machine. Finally, if you really want a secure machine, you should set iptables to drop any incoming packets then only turn on ones you want. That process is also explained at www.netfilter.org. But if you PM me, I'd be happy to give you a little script.
Good luck.
Last edited by blueplazma; 06-11-2003 at 02:38 PM.
Nice one Astro, I tried what you said and went into the inetd.conf file and the only thing I could see that remotely looked like any of the services running in the above list was for send mail:
Also remember some aren't ONLY in the inetd.conf file...they are actual programs running from your startup files....in slackware which is in /etc/rc.d/rc.M for example or rc.local... you might need to comment them out in there. Which is where sendmail might be... sorry I don't know much about the startups of other distros, only slackware ones :-)
Generally you do not want X Windows to have ports open to the outside, unless you want to run X apps remotely. Firewalling them (as per unSpawn's instructions) is a good idea.
Now, if you don't need a mail daemon (you only need it for running a mail server, not for using smtp/pop/imap), kill sendmail as well; for slackware, execute '/etc/rc.d/rc.sendmail stop', do 'chmod a-x rc.sendmail', and that should take care of it. If you want to remove sendmail, 'cd /var/log/packages; removepkg sendmail*'. For (almost) all other distributions, look in the directories "/etc/rc?.d" (where '?' is a number between 1 and 5 corresponding to the runlevel). They hold symlinks to scripts in '/etc/init.d'; if it starts with a 'K' it is killed when entering that runlevel, and if it starts with an 'S' it is started when entering that runlevel. Check those startup scripts. When you find it, execute it with the 'stop' option, then delete each of those symlinks in each runlevel directory ('/etc/rc?.d'). If you find that you do need an SMTP transfer agent (because you can't find a good one, and you ISP didn't give you one), check out nbsmtp. It does not run as a daemon, has no config files to worry about, and is generally painless for simple use.
And for port 111; that is the portmapper. It is required if you are running a fileserver (nfs). To run the nfsd fileserver, you need to leave that port open so the various utilities can find each other; however, if you only need to mount remote nfs volumes, you need the portmapper running, but you do not need that port exposed; firewall it too.
When in doubt: log and drop incoming ports, log and reject outgoing ports. If an application complains, check the logs.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.