Security Risk?

N|k0N · 09-29-2004, 03:54 AM

I been looking around for Tutorials on Securing Slack 10 and i found a few, but tonight i decided to run netstat and i got these when i typed in the command.

Code:

Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  8      [ ]         DGRAM                    45     /dev/log
unix  3      [ ]         STREAM     CONNECTED     1126624 /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1126623
unix  3      [ ]         STREAM     CONNECTED     1126619 /tmp/.ICE-unix/1814
unix  3      [ ]         STREAM     CONNECTED     1126618
unix  3      [ ]         STREAM     CONNECTED     1126616 /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1126615
unix  3      [ ]         STREAM     CONNECTED     1125398 /tmp/orbit-root/linc-ab2-0-58c851da7b22
unix  3      [ ]         STREAM     CONNECTED     1125397
unix  3      [ ]         STREAM     CONNECTED     1125396 /tmp/orbit-root/linc-ab7-0-18851e52a5cde
unix  3      [ ]         STREAM     CONNECTED     1125393
unix  2      [ ]         DGRAM                    1125384
unix  3      [ ]         STREAM     CONNECTED     1125364 /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1125363
unix  3      [ ]         STREAM     CONNECTED     1064410 /tmp/ksocket-root/klauncher3M6g6b.slave-socket
unix  3      [ ]         STREAM     CONNECTED     1064409
unix  3      [ ]         STREAM     CONNECTED     637031 /tmp/.ICE-unix/1814
unix  3      [ ]         STREAM     CONNECTED     637030
unix  3      [ ]         STREAM     CONNECTED     637026 /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     637025
unix  3      [ ]         STREAM     CONNECTED     33962  /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     33961
unix  3      [ ]         STREAM     CONNECTED     33869  /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     33868
unix  3      [ ]         STREAM     CONNECTED     33858  /tmp/.ICE-unix/1814
unix  3      [ ]         STREAM     CONNECTED     33857
unix  3      [ ]         STREAM     CONNECTED     33797  /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     33796
unix  3      [ ]         STREAM     CONNECTED     15661  /tmp/.ICE-unix/1814
unix  3      [ ]         STREAM     CONNECTED     15660
unix  3      [ ]         STREAM     CONNECTED     15657  /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     15656
unix  3      [ ]         STREAM     CONNECTED     15655  /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     15654
unix  3      [ ]         STREAM     CONNECTED     1576   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1575
unix  3      [ ]         STREAM     CONNECTED     1569   /tmp/.ICE-unix/1814
unix  3      [ ]         STREAM     CONNECTED     1568
unix  3      [ ]         STREAM     CONNECTED     1567   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1564
unix  3      [ ]         STREAM     CONNECTED     1563   /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1562
unix  3      [ ]         STREAM     CONNECTED     1541   /tmp/.ICE-unix/1814
unix  3      [ ]         STREAM     CONNECTED     1540
unix  3      [ ]         STREAM     CONNECTED     1533   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1532
unix  3      [ ]         STREAM     CONNECTED     1531   /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1530
unix  3      [ ]         STREAM     CONNECTED     1519   /tmp/.ICE-unix/1814
unix  3      [ ]         STREAM     CONNECTED     1518
unix  3      [ ]         STREAM     CONNECTED     1513   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1512
unix  3      [ ]         STREAM     CONNECTED     1511   /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1510
unix  3      [ ]         STREAM     CONNECTED     1509   /tmp/.ICE-unix/1814
unix  3      [ ]         STREAM     CONNECTED     1508
unix  3      [ ]         STREAM     CONNECTED     1504   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1503
unix  3      [ ]         STREAM     CONNECTED     1502   /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1501
unix  3      [ ]         STREAM     CONNECTED     1494   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1493
unix  3      [ ]         STREAM     CONNECTED     1491   /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1490
unix  3      [ ]         STREAM     CONNECTED     1482   /tmp/.ICE-unix/1814
unix  3      [ ]         STREAM     CONNECTED     1481
unix  3      [ ]         STREAM     CONNECTED     1480   /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1479
unix  3      [ ]         STREAM     CONNECTED     1476   /tmp/.ICE-unix/1814
unix  3      [ ]         STREAM     CONNECTED     1475
unix  3      [ ]         STREAM     CONNECTED     1474   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1473
unix  3      [ ]         STREAM     CONNECTED     1468   /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1467
unix  3      [ ]         STREAM     CONNECTED     1464   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1463
unix  3      [ ]         STREAM     CONNECTED     1454   /tmp/ksocket-root/kdeinit__0
unix  3      [ ]         STREAM     CONNECTED     1453
unix  3      [ ]         STREAM     CONNECTED     1450   /tmp/mcop-root/EcCeNTrIc-070e-414b7907
unix  3      [ ]         STREAM     CONNECTED     1449
unix  3      [ ]         STREAM     CONNECTED     1414   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1413
unix  3      [ ]         STREAM     CONNECTED     1412   /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1411
unix  3      [ ]         STREAM     CONNECTED     1370   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1369
unix  3      [ ]         STREAM     CONNECTED     1366   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1365
unix  3      [ ]         STREAM     CONNECTED     1351   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1350
unix  3      [ ]         STREAM     CONNECTED     1347   /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1346
unix  3      [ ]         STREAM     CONNECTED     1335   /tmp/.ICE-unix/dcop1792-1095465212
unix  3      [ ]         STREAM     CONNECTED     1334
unix  3      [ ]         STREAM     CONNECTED     1330
unix  3      [ ]         STREAM     CONNECTED     1329
unix  3      [ ]         STREAM     CONNECTED     1291   /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     1285
unix  2      [ ]         DGRAM                    1251
unix  2      [ ]         DGRAM                    1244
unix  2      [ ]         DGRAM                    1240
unix  2      [ ]         DGRAM                    261
unix  2      [ ]         DGRAM                    48

Code:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:6000            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN
udp        0      0 0.0.0.0:68              0.0.0.0:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     1405   /tmp/mcop-root/EcCeNTrIc-070e-414b7907
unix  2      [ ACC ]     STREAM     LISTENING     1317   /tmp/.ICE-unix/dcop1792-1095465212
unix  2      [ ACC ]     STREAM     LISTENING     1469   /tmp/.ICE-unix/1814
unix  2      [ ACC ]     STREAM     LISTENING     1125388 /tmp/orbit-root/linc-ab7-0-18851e52a5cde
unix  2      [ ACC ]     STREAM     LISTENING     1252   /dev/gpmctl
unix  2      [ ACC ]     STREAM     LISTENING     1125394 /tmp/orbit-root/linc-ab2-0-58c851da7b22
unix  2      [ ACC ]     STREAM     LISTENING     1309   /tmp/ksocket-root/kdeinit__0
unix  2      [ ACC ]     STREAM     LISTENING     1311   /tmp/ksocket-root/kdeinit-:0
unix  2      [ ACC ]     STREAM     LISTENING     1339   /tmp/ksocket-root/klauncher3M6g6b.slave-socket
unix  2      [ ACC ]     STREAM     LISTENING     1283   /tmp/.X11-unix/X0

Can these be security risks in any way? And if so how can i secure them? I been looking around /etc/inetd.conf and /etc/rc.d and i havent seen anything so i am not sure what to think right now.

bathory · 09-29-2004, 04:54 AM

Quote:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
udp 0 0 0.0.0.0:68 0.0.0.0:*

Ports 25 and 587 are used from sendmail (mail server)
Port 6000 is the X-server
As for port 68 according to /etc/services is used by bootpc.
If you don't use sendmail and bootpc you should disable them, or use a firewall to block respective ports.
sendmail is started from /etc/rc.d/rc.M but I don't know about bootpc.
Try:

Code:

fuser -v -n tcp 68

to see if it tells you how bootpc is started (from inetd or standalone)

chort · 09-29-2004, 03:06 PM

And you should set your X to start with nolisten -tcp. If you only use X locally, there's no reason to allow TCP/IP connections to it.

The UNIX domain sockets are all local to your machine and are not available across the network.

BajaNick · 09-30-2004, 01:52 AM

Quote:

Originally posted by chort
And you should set your X to start with nolisten -tcp. If you only use X locally, there's no reason to allow TCP/IP connections to it.

The UNIX domain sockets are all local to your machine and are not available across the network.

Thats if you dont connect remotely to your own machine, right? Where do you put nolisten -tcp?

N|k0N · 09-30-2004, 03:22 AM

And how could i set my X to start with nolisten -tcp? I have no idea how to do this

Krugger · 10-01-2004, 05:52 PM

It is a good idea to close the services you don't need. Have a look through the /etc/rc.d directory and inetd.conf.

To close the XServer tcp listen you put it in the startx script.

which startx - this gives you the location of the script

Then add the flag so the script uses it when you launch the XServer.

BajaNick · 10-02-2004, 03:55 PM

Quote:

Originally posted by Krugger
It is a good idea to close the services you don't need. Have a look through the /etc/rc.d directory and inetd.conf.

To close the XServer tcp listen you put it in the startx script.

which startx - this gives you the location of the script

Then add the flag so the script uses it when you launch the XServer.

How do we add -tcp nolisten " to the startx script? at the top or does it go somewhere in the code? Thanks

chort · 10-02-2004, 04:52 PM

Here's a good post describing what files to modify. If I recall correctly, it get's added to the "serverargs" string.