LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   please rate me security settings (https://www.linuxquestions.org/questions/linux-security-4/please-rate-me-security-settings-90468/)

qwijibow 09-08-2003 07:48 AM
please rate me security settings
 
Hi, im a newb to security....
so could some1 who knows a little rate my systems security, here's the relevent info...

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- localhost.localdomain localhost.localdomain
DROP tcp -- anywhere anywhere tcp dpts:0:1024
DROP udp -- anywhere anywhere udp dpts:0:1024
DROP tcp -- anywhere anywhere tcp dpt:x11

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination



Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on m470-mp1.cvx2-b.not.dial.ntli.net (213.104.57.214):
(The 1025 ports scanned but not shown below are in state: filtered)
Port State Service
1025/tcp closed NFS-or-IIS
1026/tcp closed LSA-or-nterm
1027/tcp closed IIS
1029/tcp closed ms-lsa
1030/tcp closed iad1
1031/tcp closed iad2
1032/tcp closed iad3
1033/tcp closed netinfo
1050/tcp closed java-or-OTGfileshare
1058/tcp closed nim
1059/tcp closed nimreg
1067/tcp closed instl_boots
1068/tcp closed instl_bootc
1080/tcp closed socks
1083/tcp closed ansoft-lm-1
1084/tcp closed ansoft-lm-2
1103/tcp closed xaudio
1109/tcp closed kpop
1110/tcp closed nfsd-status
1112/tcp closed msql
1127/tcp closed supfiledbg
1139/tcp closed cce3x
1155/tcp closed nfa
1178/tcp closed skkserv
1212/tcp closed lupa
1222/tcp closed nerv
1234/tcp closed hotline
1241/tcp closed msg
1248/tcp closed hermes
1346/tcp closed alta-ana-lm
1347/tcp closed bbn-mmc
1348/tcp closed bbn-mmx
1349/tcp closed sbook
1350/tcp closed editbench
1351/tcp closed equationbuilder
1352/tcp closed lotusnotes
1353/tcp closed relief
1354/tcp closed rightbrain
1355/tcp closed intuitive-edge
1356/tcp closed cuillamartin
1357/tcp closed pegboard
1358/tcp closed connlcli
1359/tcp closed ftsrv
1360/tcp closed mimer
1361/tcp closed linx
1362/tcp closed timeflies
1363/tcp closed ndm-requester
1364/tcp closed ndm-server
1365/tcp closed adapt-sna
1366/tcp closed netware-csp
1367/tcp closed dcs
1368/tcp closed screencast
1369/tcp closed gv-us
1370/tcp closed us-gv
1371/tcp closed fc-cli
1372/tcp closed fc-ser
1373/tcp closed chromagrafx
1374/tcp closed molly
1375/tcp closed bytex
1376/tcp closed ibm-pps
1377/tcp closed cichlid
1378/tcp closed elan
1379/tcp closed dbreporter
1380/tcp closed telesis-licman
1381/tcp closed apple-licman
1383/tcp closed gwha
1384/tcp closed os-licman
1385/tcp closed atex_elmd
1386/tcp closed checksum
1387/tcp closed cadsi-lm
1388/tcp closed objective-dbc
1389/tcp closed iclpv-dm
1390/tcp closed iclpv-sc
1391/tcp closed iclpv-sas
1392/tcp closed iclpv-pm
1393/tcp closed iclpv-nls
1394/tcp closed iclpv-nlc
1395/tcp closed iclpv-wsm
1396/tcp closed dvl-activemail
1397/tcp closed audio-activmail
1398/tcp closed video-activmail
1399/tcp closed cadkey-licman
1400/tcp closed cadkey-tablet
1401/tcp closed goldleaf-licman
1402/tcp closed prm-sm-np
1403/tcp closed prm-nm-np
1404/tcp closed igi-lm
1405/tcp closed ibm-res
1406/tcp closed netlabs-lm
1407/tcp closed dbsa-lm
1408/tcp closed sophia-lm
1409/tcp closed here-lm
1410/tcp closed hiq
1411/tcp closed af
1412/tcp closed innosys
1413/tcp closed innosys-acl
1414/tcp closed ibm-mqseries
1415/tcp closed dbstar
1416/tcp closed novell-lu6.2
1417/tcp closed timbuktu-srv1
1418/tcp closed timbuktu-srv2
1419/tcp closed timbuktu-srv3
1420/tcp closed timbuktu-srv4
1421/tcp closed gandalf-lm
1422/tcp closed autodesk-lm
1423/tcp closed essbase
1424/tcp closed hybrid
1425/tcp closed zion-lm
1426/tcp closed sas-1
1427/tcp closed mloadd
1428/tcp closed informatik-lm
1429/tcp closed nms
1430/tcp closed tpdu
1431/tcp closed rgtp
1432/tcp closed blueberry-lm
1433/tcp closed ms-sql-s
1434/tcp closed ms-sql-m
1435/tcp closed ibm-cics
1436/tcp closed sas-2
1437/tcp closed tabula
1438/tcp closed eicon-server
1439/tcp closed eicon-x25
1440/tcp closed eicon-slp
1441/tcp closed cadis-1
1442/tcp closed cadis-2
1443/tcp closed ies-lm
1444/tcp closed marcam-lm
1445/tcp closed proxima-lm
1446/tcp closed ora-lm
1447/tcp closed apri-lm
1448/tcp closed oc-lm
1449/tcp closed peport
1450/tcp closed dwf
1451/tcp closed infoman
1452/tcp closed gtegsc-lm
1453/tcp closed genie-lm
1454/tcp closed interhdl_elmd
1455/tcp closed esl-lm
1456/tcp closed dca
1457/tcp closed valisys-lm
1458/tcp closed nrcabq-lm
1459/tcp closed proshare1
1460/tcp closed proshare2
1461/tcp closed ibm_wrless_lan
1462/tcp closed world-lm
1463/tcp closed nucleus
1464/tcp closed msl_lmd
1465/tcp closed pipes
1466/tcp closed oceansoft-lm
1467/tcp closed csdmbase
1468/tcp closed csdm
1469/tcp closed aal-lm
1470/tcp closed uaiact
1471/tcp closed csdmbase
1472/tcp closed csdm
1473/tcp closed openmath
1474/tcp closed telefinder
1475/tcp closed taligent-lm
1476/tcp closed clvm-cfg
1477/tcp closed ms-sna-server
1478/tcp closed ms-sna-base
1479/tcp closed dberegister
1480/tcp closed pacerforum
1481/tcp closed airs
1482/tcp closed miteksys-lm
1483/tcp closed afs
1484/tcp closed confluent
1485/tcp closed lansource
1486/tcp closed nms_topo_serv
1487/tcp closed localinfosrvr
1488/tcp closed docstor
1489/tcp closed dmdocbroker
1490/tcp closed insitu-conf
1491/tcp closed anynetgateway
1492/tcp closed stone-design-1
1493/tcp closed netmap_lm
1494/tcp closed citrix-ica
1495/tcp closed cvc
1496/tcp closed liberty-lm
1497/tcp closed rfx-lm
1498/tcp closed watcom-sql
1499/tcp closed fhc
1500/tcp closed vlsi-lm
1501/tcp closed sas-3
1502/tcp closed shivadiscovery
1503/tcp closed imtc-mcs
1504/tcp closed evb-elm
1505/tcp closed funkproxy
1506/tcp closed utcd
1507/tcp closed symplex
1508/tcp closed diagmond
1509/tcp closed robcad-lm
1510/tcp closed mvx-lm
1511/tcp closed 3l-l1
1512/tcp closed wins
1513/tcp closed fujitsu-dtc
1514/tcp closed fujitsu-dtcns
1515/tcp closed ifor-protocol
1516/tcp closed vpad
1517/tcp closed vpac
1518/tcp closed vpvd
1519/tcp closed vpvc
1520/tcp closed atm-zip-office
1521/tcp closed oracle
1522/tcp closed rna-lm
1523/tcp closed cichild-lm
1524/tcp closed ingreslock
1525/tcp closed orasrv
1526/tcp closed pdap-np
1527/tcp closed tlisrv
1528/tcp closed mciautoreg
1529/tcp closed support
1530/tcp closed rap-service
1531/tcp closed rap-listen
1532/tcp closed miroconnect
1533/tcp closed virtual-places
1534/tcp closed micromuse-lm
1535/tcp closed ampr-info
1536/tcp closed ampr-inter
1537/tcp closed sdsc-lm
1538/tcp closed 3ds-lm
1539/tcp closed intellistor-lm
1540/tcp closed rds
1541/tcp closed rds2
1542/tcp closed gridgen-elmd
1543/tcp closed simba-cs
1544/tcp closed aspeclmd
1545/tcp closed vistium-share
1546/tcp closed abbaccuray
1547/tcp closed laplink
1548/tcp closed axon-lm
1549/tcp closed shivahose
1550/tcp closed 3m-image-lm
1551/tcp closed hecmtl-db
1552/tcp closed pciarray
1600/tcp closed issd
1650/tcp closed nkd
1651/tcp closed shiva_confsrvr
1652/tcp closed xnmp
1661/tcp closed netview-aix-1
1662/tcp closed netview-aix-2
1663/tcp closed netview-aix-3
1664/tcp closed netview-aix-4
1665/tcp closed netview-aix-5
1666/tcp closed netview-aix-6
1667/tcp closed netview-aix-7
1668/tcp closed netview-aix-8
1669/tcp closed netview-aix-9
1670/tcp closed netview-aix-10
1671/tcp closed netview-aix-11
1672/tcp closed netview-aix-12
1680/tcp closed CarbonCopy
1720/tcp closed H.323/Q.931
1723/tcp closed pptp
1827/tcp closed pcm
1900/tcp closed UPnP
1986/tcp closed licensedaemon
1987/tcp closed tr-rsrb-p1
1988/tcp closed tr-rsrb-p2
1989/tcp closed tr-rsrb-p3
1990/tcp closed stun-p1
1991/tcp closed stun-p2
1992/tcp closed stun-p3
1993/tcp closed snmp-tcp-port
1994/tcp closed stun-port
1995/tcp closed perf-port
1996/tcp closed tr-rsrb-port
1997/tcp closed gdp-port
1998/tcp closed x25-svc-port
1999/tcp closed tcp-id-port
2000/tcp closed callbook
2001/tcp closed dc
2002/tcp closed globe
2003/tcp closed cfingerd
2004/tcp closed mailbox
2005/tcp closed deslogin
2006/tcp closed invokator
2007/tcp closed dectalk
2008/tcp closed conf
2009/tcp closed news
2010/tcp closed search
2011/tcp closed raid-cc
2012/tcp closed ttyinfo
2013/tcp closed raid-am
2014/tcp closed troff
2015/tcp closed cypress
2016/tcp closed bootserver
2017/tcp closed cypress-stat
2018/tcp closed terminaldb
2019/tcp closed whosockami
2020/tcp closed xinupageserver
2021/tcp closed servexec
2022/tcp closed down
2023/tcp closed xinuexpansion3
2024/tcp closed xinuexpansion4
2025/tcp closed ellpack
2026/tcp closed scrabble
2027/tcp closed shadowserver
2028/tcp closed submitserver
2030/tcp closed device2
2032/tcp closed blackboard
2033/tcp closed glogger
2034/tcp closed scoremgr
2035/tcp closed imsldoc
2038/tcp closed objectmanager
2040/tcp closed lam
2041/tcp closed interbase
2042/tcp closed isis
2043/tcp closed isis-bcast
2044/tcp closed rimsl
2045/tcp closed cdfunc
2046/tcp closed sdfunc
2047/tcp closed dls
2048/tcp closed dls-monitor
2049/tcp closed nfs
2053/tcp closed knetd
2064/tcp closed distrib-net-losers
2065/tcp closed dlsrpn
2067/tcp closed dlswpn
2105/tcp closed eklogin
2106/tcp closed ekshell
2108/tcp closed rkinit
2111/tcp closed kx
2112/tcp closed kip
2120/tcp closed kauth
2201/tcp closed ats
2232/tcp closed ivs-video
2241/tcp closed ivsd
2301/tcp closed compaqdiag
2307/tcp closed pehelp
2401/tcp closed cvspserver
2430/tcp closed venus
2431/tcp closed venus-se
2432/tcp closed codasrv
2433/tcp closed codasrv-se
2500/tcp closed rtsserv
2501/tcp closed rtsclient
2564/tcp closed hp-3000-telnet
2600/tcp closed zebrasrv
2601/tcp closed zebra
2602/tcp closed ripd
2603/tcp closed ripngd
2604/tcp closed ospfd
2605/tcp closed bgpd
2627/tcp closed webster
2638/tcp closed sybase
2766/tcp closed listen
2784/tcp closed www-dev
2998/tcp closed iss-realsec
3000/tcp closed ppp
3001/tcp closed nessusd
3005/tcp closed deslogin
3006/tcp closed deslogind
3049/tcp closed cfs
3052/tcp closed PowerChute
3064/tcp closed distrib-net-proxy
3086/tcp closed sj3
3128/tcp closed squid-http
3141/tcp closed vmodem
3264/tcp closed ccmail
3268/tcp closed globalcatLDAP
3269/tcp closed globalcatLDAPssl
3306/tcp closed mysql
3333/tcp closed dec-notes
3372/tcp closed msdtc
3389/tcp closed ms-term-serv
3421/tcp closed bmap
3455/tcp closed prsvp
3456/tcp closed vat
3457/tcp closed vat-control
3462/tcp closed track
3900/tcp closed udt_os
3984/tcp closed mapper-nodemgr
3985/tcp closed mapper-mapethd
3986/tcp closed mapper-ws_ethd
3999/tcp closed remoteanything
4000/tcp closed remoteanything
4008/tcp closed netcheque
4045/tcp closed lockd
4132/tcp closed nuts_dem
4133/tcp closed nuts_bootp
4144/tcp closed wincim
4321/tcp closed rwhois
4333/tcp closed msql
4343/tcp closed unicall
4444/tcp closed krb524
4480/tcp closed proxy-plus
4500/tcp closed sae-urn
4557/tcp closed fax
4559/tcp closed hylafax
4672/tcp closed rfa
4987/tcp closed maybeveritas
4998/tcp closed maybeveritas
5000/tcp closed UPnP
5001/tcp closed commplex-link
5002/tcp closed rfe
5010/tcp closed telelpathstart
5011/tcp closed telelpathattack
5050/tcp closed mmcc
5145/tcp closed rmonitor_secure
5190/tcp closed aol
5191/tcp closed aol-1
5192/tcp closed aol-2
5193/tcp closed aol-3
5232/tcp closed sgi-dgl
5236/tcp closed padl2sim
5300/tcp closed hacl-hb
5301/tcp closed hacl-gs
5302/tcp closed hacl-cfg
5303/tcp closed hacl-probe
5304/tcp closed hacl-local
5305/tcp closed hacl-test
5308/tcp closed cfengine
5400/tcp closed pcduo-old
5405/tcp closed pcduo
5432/tcp closed postgres
5510/tcp closed secureidprop
5520/tcp closed sdlog
5530/tcp closed sdserv
5540/tcp closed sdreport
5550/tcp closed sdadmind
5555/tcp closed freeciv
5631/tcp closed pcanywheredata
5632/tcp closed pcanywherestat
5680/tcp closed canna
5713/tcp closed proshareaudio
5714/tcp closed prosharevideo
5715/tcp closed prosharedata
5716/tcp closed prosharerequest
5717/tcp closed prosharenotify
5800/tcp closed vnc-http
5801/tcp closed vnc-http-1
5802/tcp closed vnc-http-2
5803/tcp closed vnc-http-3
5900/tcp closed vnc
5901/tcp closed vnc-1
5902/tcp closed vnc-2
5903/tcp closed vnc-3
5977/tcp closed ncd-pref-tcp
5978/tcp closed ncd-diag-tcp
5979/tcp closed ncd-conf-tcp
5997/tcp closed ncd-pref
5998/tcp closed ncd-diag
5999/tcp closed ncd-conf
6001/tcp closed X11:1
6002/tcp closed X11:2
6003/tcp closed X11:3
6004/tcp closed X11:4
6005/tcp closed X11:5
6006/tcp closed X11:6
6007/tcp closed X11:7
6008/tcp closed X11:8
6009/tcp closed X11:9
6050/tcp closed arcserve
6101/tcp closed VeritasBackupExec
6103/tcp closed RETS-or-BackupExec
6105/tcp closed isdninfo
6106/tcp closed isdninfo
6110/tcp closed softcm
6111/tcp closed spc
6112/tcp closed dtspc
6141/tcp closed meta-corp
6142/tcp closed aspentec-lm
6143/tcp closed watershed-lm
6144/tcp closed statsci1-lm
6145/tcp closed statsci2-lm
6146/tcp closed lonewolf-lm
6147/tcp closed montage-lm
6148/tcp closed ricardo-lm
6346/tcp closed gnutella
6502/tcp closed netop-rc
6547/tcp closed PowerChutePLUS
6548/tcp closed PowerChutePLUS
6558/tcp closed xdsxdm
6588/tcp closed analogx
6666/tcp closed irc-serv
6667/tcp closed irc
6668/tcp closed irc
6699/tcp closed napster
6969/tcp closed acmsoda
7000/tcp closed afs3-fileserver
7001/tcp closed afs3-callback
7002/tcp closed afs3-prserver
7003/tcp closed afs3-vlserver
7004/tcp closed afs3-kaserver
7005/tcp closed afs3-volser
7006/tcp closed afs3-errors
7007/tcp closed afs3-bos
7008/tcp closed afs3-update
7009/tcp closed afs3-rmtsys
7010/tcp closed ups-onlinet
7070/tcp closed realserver
7100/tcp closed font-service
7200/tcp closed fodms
7201/tcp closed dlip
7326/tcp closed icb
7597/tcp closed qaz
8007/tcp closed ajp12
8009/tcp closed ajp13
8080/tcp closed http-proxy
8081/tcp closed blackice-icecap
8082/tcp closed blackice-alerts
8888/tcp closed sun-answerbook
8892/tcp closed seosload
9090/tcp closed zeus-admin
9100/tcp closed jetdirect
9111/tcp closed DragonIDSConsole
9152/tcp closed ms-sql2000
9535/tcp closed man
9876/tcp closed sd
9991/tcp closed issa
9992/tcp closed issc
10000/tcp closed snet-sensor-mgmt
10005/tcp closed stel
10082/tcp closed amandaidx
10083/tcp closed amidxtape
11371/tcp closed pksd
12000/tcp closed cce4x
12345/tcp closed NetBus
12346/tcp closed NetBus
13701/tcp closed VeritasNetbackup
13702/tcp closed VeritasNetbackup
13705/tcp closed VeritasNetbackup
13706/tcp closed VeritasNetbackup
13708/tcp closed VeritasNetbackup
13709/tcp closed VeritasNetbackup
13710/tcp closed VeritasNetbackup
13711/tcp closed VeritasNetbackup
13712/tcp closed VeritasNetbackup
13713/tcp closed VeritasNetbackup
13714/tcp closed VeritasNetbackup
13715/tcp closed VeritasNetbackup
13716/tcp closed VeritasNetbackup
13717/tcp closed VeritasNetbackup
13718/tcp closed VeritasNetbackup
13720/tcp closed VeritasNetbackup
13721/tcp closed VeritasNetbackup
13722/tcp closed VeritasNetbackup
13782/tcp closed VeritasNetbackup
13783/tcp closed VeritasNetbackup
16959/tcp closed subseven
17007/tcp closed isode-dua
18000/tcp closed biimenu
20005/tcp closed btx
22273/tcp closed wnn6
22289/tcp closed wnn6_Cn
22305/tcp closed wnn6_Kr
22321/tcp closed wnn6_Tw
22370/tcp closed hpnpd
26208/tcp closed wnn6_DS
27374/tcp closed subseven
27665/tcp closed Trinoo_Master
31337/tcp closed Elite
32770/tcp closed sometimes-rpc3
32771/tcp closed sometimes-rpc5
32772/tcp closed sometimes-rpc7
32773/tcp closed sometimes-rpc9
32774/tcp closed sometimes-rpc11
32775/tcp closed sometimes-rpc13
32776/tcp closed sometimes-rpc15
32777/tcp closed sometimes-rpc17
32778/tcp closed sometimes-rpc19
32779/tcp closed sometimes-rpc21
32780/tcp closed sometimes-rpc23
32786/tcp closed sometimes-rpc25
32787/tcp closed sometimes-rpc27
43188/tcp closed reachout
44442/tcp closed coldfusion-auth
44443/tcp closed coldfusion-auth
47557/tcp closed dbbrowse
49400/tcp closed compaqdiag
54320/tcp closed bo2k
61439/tcp closed netprowler-manager
61440/tcp closed netprowler-manager2
61441/tcp closed netprowler-sensor
65301/tcp closed pcanywhere

Nmap run completed -- 1 IP address (1 host up) scanned in 131 seconds

phoeniXflame 09-08-2003 08:43 AM
try again from either an internal machine on your network or from the host your scanning itself scanning the loopback (ie. 127.0.0.1), also try 'netstat -lap'

unSpawn 09-09-2003 04:28 AM
could some1 who knows a little rate my systems security, here's the relevent info...
// First of all, if you're able to edit your first post and slash everything between "1026/tcp closed LSA-or-nterm" and "61441/tcp closed netprowler-sensor" that would make your post readable. You could've simply said all ports in the unprivileged port range where closed...

Wrt your firewall, I would like to suggest
- changing your default policy to DROP. You'll then have to add a line for each local service you want remote clients to connect to but it will not *by default* allow rogue servers to be run on high ports like you do now,
- changing the x11 line. X11 ain't a port, it's a port range, aprox 6000:6020 (IIRC),
- look at the first thread in this forum. It's got a section on Netfilter firewalling, and you're missing a lot like DROP rules for packets with bad flags, rate limiting, logging etc etc.
- scan your box from a remote one. There's some threads in this forum that list websites. (use search)

But, firewall != security. Please look at the first thread in this forum, the first post. Read two or three of "Checklists", "Securing", then move on to distro-specific stuff.

In broad lines you could say "securing and hardening" a box means taking away/investigating risks by
- installing only what you need,
- running only what you need,
- restricting local system users' processes and access ("nologin" shells, configuration issues like service anti-DOS features, running services as lesser-privileged users, chroots etc etc),
- restricting local and remote (human users' processes and) access (PAM login/limits, good passwds, sudo, no telnet but ssh, process restrictions like in Grsecurity.net or LIDS, service allow/deny files etc etc),
- performing auditing on a regular basis (system integrity checks like Aide, Samhain or tripwire, Tiger, Lsat, COPS, Chkrootkit, env_audit),
- performing continuous traffic/loganalysis (process table and connection tracking tools, IDS, logparsing tools etc etc) and
- performing maintenance (updates, configuration) on a regular basis.


All times are GMT -5. The time now is 01:05 AM.