close all my ports

pixelV · 02-23-2003, 07:33 AM

my open ports on Slack 8.1:

Port State Service
25/tcp open smtp
111/tcp open sunrpc
587/tcp open submission
6000/tcp open X11

How can i close all ports ?

acid_kewpie · 02-23-2003, 07:41 AM

use a firewall

Excalibur · 02-23-2003, 07:43 AM

Well, I do not know about the last two, but the first two are porgrams that are started from /etc/rc.d/rc.inet2. If you edit the file and remark out sendmail and the sun rpc server stuff it will prevent them starting up when you boot. You can just terminate the processes by killing the process ID. You can use "gtop" to list all the processes and then right click the desired task and send the SIGKILL message.

The X11 port may be for X11 forwarding. But you should also check your /etc/inetd.conf file. I normally remark out everything except the two items that start with "time" very near the top of the file.

Perhaps someone else knows about 587 and 6000 ports.

Proud · 02-23-2003, 08:07 AM

Maybe someone should say that: if you dont need services like SMTP for emailing, then you can turn them off; but if you want to use them, you'll need to allow them to access the internet via their ports.

A firewall will close ports.

trickykid · 02-23-2003, 08:10 AM

For the last one if you startx from a command you would want to do this:

startx -- -nolisten tcp

If you X starts up at bootup do this:

assuming you use GDM:
Edit file: /etc/X11/gdm/gdm.conf
Make following changes:
.....
StandardXServer=/usr/X11R6/bin/X -nolisten tcp

[server-Standard]
.......
command=/usr/X11R6/bin/X -nolisten tcp

If using KDM or any other, I'm sure its similiar to that above.

The open port 587 could be anything. Like if you use Instant Messaging or whatever, but that isn't a standard port for a particular app. Most likely some app you have requires that port open. But I would take acid's advice, use a firewall of some sort.

fskmh · 02-23-2003, 08:13 AM

You can disable tcp connections to X (6000), but this tends to break things, especially if you set up a home network later on. Judging from the presence of the rpc service, It appears that you have that planned. Sort out your /etc/hosts.deny and /etc/hosts.allow if you intend to do NFS with it. Then get yourself a firewall script from http://www.linuxguruz.org/iptables and you'll be off to a good start. The "Firewall by Jim" package is quite comprehensive (no, I'm not Jim ;-p). http://www.jg555.com/projects/firewall/download.php
http://www.insecure.org is a useful resource of information, and there are also other projects worth looking into, like Nessus and snort.

pixelV · 02-23-2003, 08:21 AM

OK, but i still have those ports open:

25/tcp open smtp
587/tcp open submission

I have a question ---> If i will close 25 port, could i than send email ?

markus1982 · 02-23-2003, 09:38 AM

Which MTA (mail transport agent) are you using?

Exim
Postfix
Sendmail

Well I wouldn't recommend completely disabling the mail server since this would break things. Rather just make it listen on 127.0.0.1

pixelV · 02-23-2003, 01:47 PM

i'm using sendmail

where i can config my MTA ?

Excalibur · 02-23-2003, 02:28 PM

Try the /etc/rc.d/rc.sendmail file. At the very beginning is the start function. If you only want to use sendmail for outbound and NOT inbound then remark the first instance. Leave the queue runner module running. At least I think it will produce the desired results. It should close the port 25 for inbound mail but still allow outbound mail to be sent out on port 25.

Astro · 02-23-2003, 03:40 PM

Try editing /etc/inetd.conf to which services you want to allow to run by inetd.

pixelV · 02-24-2003, 05:53 AM

i have already comment all in inetd.conf

i think it would be better if i start using firewall ?

what firewall you recomend ?

please write two typs of firewall:
1. easy to config
2. good secure

And it will be better if you help me find easy and secure firewall.

Thanks a lot !

wass29 · 02-24-2003, 03:24 PM

I also am looking for easy and secure firewall so if anyone has any ideas I am listening.

I saw a bunch of them at Tucows but did not want to try something I'd never heard of.

Texicle · 02-24-2003, 05:48 PM

This quick iptables will pretty much drop everyone trying to connect to your TCP ports. Run it as root.

/sbin/iptables -A INPUT -p tcp --syn -j DROP

I've got this one running at home, though I'm sure there's many other ways to secure your box but this one is a good start until you get other scripts to try. Hope this helps.

EDIT: I got it from this website called 10 minutes to an iptables-based Linux firewall. I think you'll find lots of good stuff there. Good luck!

Sn1PeR · 03-23-2004, 09:22 PM

Quote:

Originally posted by Excalibur
Try the /etc/rc.d/rc.sendmail file. At the very beginning is the start function. If you only want to use sendmail for outbound and NOT inbound then remark the first instance. Leave the queue runner module running. At least I think it will produce the desired results. It should close the port 25 for inbound mail but still allow outbound mail to be sent out on port 25.

What would you comment out?

#!/bin/sh
# Start/stop/restart sendmail.

# Start sendmail:
sendmail_start() {
if [ -x /usr/sbin/sendmail ]; then
echo "Starting sendmail MTA daemon: /usr/sbin/sendmail -L sm-mta -bd -q25m"
/usr/sbin/sendmail -L sm-mta -bd -q25m
echo "Starting sendmail MSP queue runner: /usr/sbin/sendmail -L sm-msp-queue -Ac -q25m"
/usr/sbin/sendmail -L sm-msp-queue -Ac -q25m
fi
}

# Stop sendmail:
sendmail_stop() {
killall sendmail
}

# Restart sendmail:
sendmail_restart() {
sendmail_stop
sleep 1
sendmail_start
}

case "$1" in
'start')
sendmail_start
;;
'stop')
sendmail_stop
;;
'restart')
sendmail_restart
;;
*)
echo "usage $0 start|stop|restart"
esac

I've got mine down to

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on localhost (127.0.0.1):
(The 1598 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
25/tcp open smtp
587/tcp open submission

the submission is the one that no one knows about.