LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 12-29-2003, 10:11 PM   #1
datadriven
Member
 
Registered: Jun 2003
Location: Holly Hill, Florida
Distribution: Slackware 10.1
Posts: 317

Rep: Reputation: 30
Help Securing My Box


Below is the result of running nmap on the box I want to secure

Starting nmap 3.45 ( http://www.insecure.org/nmap/ ) at 2003-12-29 21:55 EST
Interesting ports on 192.168.1.102:
(The 1649 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
587/tcp open submission
3306/tcp open mysql
6000/tcp open X11

I am a web developer and intend to use the box for previewing sites for customers before I put them on my dedicated server elsewhere. I know I need the first 4 ports but am not sure about the last 4. The box is running slack 9.1. Does mysql need a port open in order to function in my PHP websites? Do i need the other 3?
 
Old 12-29-2003, 11:14 PM   #2
Netizen
Member
 
Registered: Sep 2003
Location: Texas
Distribution: Slackware and Ubuntu
Posts: 355

Rep: Reputation: 30
587 is used by Sendmail
6000 is used by X. If you close 6000 you wont be able to open X Apps when in X, I think

Netizen
 
Old 12-29-2003, 11:25 PM   #3
h3pc4t
Member
 
Registered: Nov 2003
Location: Ithaca, NY
Distribution: Mac OS X, FreeBSD, Slackware
Posts: 52

Rep: Reputation: 15
MySQL always runs on port 3306. Just set it up so that all accounts are @localhost only, and you'll be safe.

rpcbind can probably be disabled by stopping and disabling one of the scripts in /etc/rc.d

Also, you might consider using SFTP (which uses SSH) - FTP is totally unencrypted!
 
Old 12-30-2003, 12:15 AM   #4
datadriven
Member
 
Registered: Jun 2003
Location: Holly Hill, Florida
Distribution: Slackware 10.1
Posts: 317

Original Poster
Rep: Reputation: 30
Right now I have my linksys router handling dyndns and the box in the DMZ. Would I be better off just to forward the necessary ports to the box instead of using the DMZ?

Got a url for SFTP?
 
Old 12-30-2003, 04:39 AM   #5
h3pc4t
Member
 
Registered: Nov 2003
Location: Ithaca, NY
Distribution: Mac OS X, FreeBSD, Slackware
Posts: 52

Rep: Reputation: 15
It would probably be safer to forward only the needed ports from the router. I don't bother, but it is the absolute safest way.

sftp is part of ssh. If ssh is enabled, you can connect to your machine with sftp. scp is also useful....
 
Old 12-30-2003, 08:12 AM   #6
datadriven
Member
 
Registered: Jun 2003
Location: Holly Hill, Florida
Distribution: Slackware 10.1
Posts: 317

Original Poster
Rep: Reputation: 30
Is there another secure ftp client. I MUST HAVE BOOKMARKS. I have many sites to maintain and typing both a username & password every time I connect is simply not an option. I was using ncftp because I had some problems with gftp corrupting some of my files.
 
Old 12-30-2003, 08:47 AM   #7
littleking
Member
 
Registered: Jun 2003
Location: New Albany, OH
Posts: 190

Rep: Reputation: 30
why not just use iptables
 
Old 12-30-2003, 10:28 AM   #8
php
Member
 
Registered: Jun 2001
Location: USA
Distribution: Slackware
Posts: 825

Rep: Reputation: 30
You definitely won't need that X one open.

For now on startx with 'startx -- -nolisten tcp' This will keep that 6000 port closed.

The 111 you won't need either. You can disable this in /etc/rc.inet2
 
Old 12-30-2003, 11:13 AM   #9
datadriven
Member
 
Registered: Jun 2003
Location: Holly Hill, Florida
Distribution: Slackware 10.1
Posts: 317

Original Poster
Rep: Reputation: 30
I downloaded the guarddog package from linuxpackages.net

Starting nmap 3.45 ( http://www.insecure.org/nmap/ ) at 2003-12-30 11:08 EST
Interesting ports on 192.168.1.102:
(The 1649 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
80/tcp open http
443/tcp closed https
8000/tcp closed http-alt
8080/tcp closed http-proxy
8888/tcp closed sun-answerbook

Nmap run completed -- 1 IP address (1 host up) scanned in 71.428 seconds

Doe that look better?
 
Old 12-30-2003, 01:41 PM   #10
CyberSp00k
LQ Newbie
 
Registered: Dec 2003
Location: The Other Plane
Distribution: Slackware 10.0
Posts: 6

Rep: Reputation: 0
Why the lockdown?

Quote:
Originally posted by datadriven
Interesting ports on 192.168.1.102:
(The 1649 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
80/tcp open http
443/tcp closed https
8000/tcp closed http-alt
8080/tcp closed http-proxy
8888/tcp closed sun-answerbook
Pardon my ignorance, but did I understand (from your initial posting) that you're using this system to demonstrate ("preview") to your clients websites you're building prior to deployment? Wouldn't you want to emulate the port assignments of the deployment environment? I assume that some will be using SQL servers or will want to support secure http. How can you demonstrate those capabilities with the ports shut?

For that matter, why the urge to lock down this machine at all? It's on your local network with an unroutable address, so presumably you've got some sort of NAT between you and the big, bad Internet. If you've got a robust, bi-directional firewall between your local net and the Internet, you really don't need to lock this system down that tightly, aside from general good network hygiene (practice safe hex!). If it's just a demo machine, and not your only development machine, you should really consider it a sacrificial lamb - a candidate for low-level format and reload - at all times.

Just my
 
Old 12-30-2003, 04:15 PM   #11
subekk0
Member
 
Registered: Sep 2003
Location: Dallas, TX.
Distribution: Slacking since '94
Posts: 153

Rep: Reputation: 32
preconfigured firewalls

There are also numerous preconfigured firewalls "rc.firewall" out there that would work with minimal tweaking. Check out http://firewall.lutel.pl/firewall this is the one that I use with some signature tweaking that routes to honeypots, etc. but maybe you don't need anything that solid?? If you do play around with it don't forget the popular "flush-iptable" script.
 
Old 12-30-2003, 07:16 PM   #12
datadriven
Member
 
Registered: Jun 2003
Location: Holly Hill, Florida
Distribution: Slackware 10.1
Posts: 317

Original Poster
Rep: Reputation: 30
Cyberspook, if you connect to MySQL on localhost it seems to work fine with the ports blocked, I used guarddog to set up iptables and it was pretty easy.

The machine is in the DMZ, which is outside my firewall, with a dyndns domain pointing at it. Which is why i wanted to lock it down. I scanned it via the local ip so I wouldn't post my url in a public forum.
 
Old 12-30-2003, 08:12 PM   #13
CyberSp00k
LQ Newbie
 
Registered: Dec 2003
Location: The Other Plane
Distribution: Slackware 10.0
Posts: 6

Rep: Reputation: 0
Fair enough, Datadriven. That was the missing piece of information that makes your concerns clear. Thanks for passing it along. Best wishes to you in the New Year.
 
Old 12-30-2003, 08:16 PM   #14
datadriven
Member
 
Registered: Jun 2003
Location: Holly Hill, Florida
Distribution: Slackware 10.1
Posts: 317

Original Poster
Rep: Reputation: 30
Thanks to everyone for their assistance.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
XP Box won't connect to internet thru RH9 Box (firewall/dhcpd), it can only ping fire Rhapsodic Linux - Networking 4 07-10-2004 04:02 PM
securing a linux box...how 2 trace the hacking culprit fhameed Linux - Security 15 01-22-2004 07:47 PM
Securing a Linux Box KingofBLASH Linux - Security 2 12-26-2003 03:25 PM
securing your linux box yourself, or using a specialty distro? Colossis Linux - Distributions 4 12-06-2003 06:06 PM
securing my Mandrake 8.1 box. Chypmunk Linux - Security 3 03-31-2002 12:23 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 12:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration