SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
skalkoto@darkstar:~$ nmap localhost
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2005-02-28 13:18 EET
Interesting ports on localhost (127.0.0.1):
(The 1655 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
37/tcp open time
113/tcp open auth
631/tcp open ipp
6000/tcp open X11
Nmap run completed -- 1 IP address (1 host up) scanned in 0.382 seconds
well ipp is CUPS web server X11 is the X-window server, but what are the other 2 ports. Do I need them open? how do I close them?. I haven't configured iptables, so not having unneeded ports open is important for me. Can you suggest a really easy to use firewall or an easy guide for iptables?
I don't have time to learn those stuff right now.
Last edited by perfect_circle; 02-28-2005 at 05:26 AM.
thank you both.
Although after commenting time and auth I had no inetd listening port, i killed it completely.
I also added the nolisten tcp and there is no open port waiting for X11 connections.
Right now Only 631 is open and will refuse any connection outside 127.0.0.1
AM I secure? DO I need a firewall?
A port scan will show to someone that 631 is open, he may also do a OS detection and find out I'm using linux with the 2.4 kernel series. Is there a way to crack my system?
Also, what's the use of time and auth?
If i want my sisters pc to use mine as a gateway to connect to the internet, (I'm thinking of buying ethernet cards), do i need to relaunch inetd?
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2005-02-28 14:42 EST
Interesting ports on localhost (127.0.0.1):
(The 1654 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
587/tcp open submission
631/tcp open ipp
6000/tcp open X11
Nmap run completed -- 1 IP address (1 host up) scanned in 0.431 seconds
bash-2.05b$
I'm using guarddog. Can someone tell me how to close the unneeded ports?
That should leave you with 631 (CUPS) and 6000 (X, see my previous post about how to close that one)
Guarddog won't close the ports for you, but it can restrict access to them.
perfect_circle:
As to whether a firewall is necessary on top, I would say better safe than sorry. Since I run no services, my firewall rules will not forward packets, and drop any incoming packets that are coming to ports that I have *not* opened (but leaving 127.0.0.1, the local loopback, unaffected). It's easier than coding half a dozen different rules in different programs. Let the firewall/iptables do the hard work first!
You can write your own firewall script, and drop it in as /etc/rc.d/rc.firewall and chmod +x it, or use something like guarddog to build one for you.
Edit:
For a gateway, you don't need inetd, you just need to configure iptables using a firewall script. You need to forward requests from your sisters PC to the net, and vice versa. I'm not that knowledgeable on this, so try searching the board or use Google to see if you can find more.
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2005-02-28 14:42 EST
Interesting ports on localhost (127.0.0.1):
(The 1654 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
587/tcp open submission
631/tcp open ipp
6000/tcp open X11
Nmap run completed -- 1 IP address (1 host up) scanned in 0.431 seconds
bash-2.05b$
I'm using guarddog. Can someone tell me how to close the unneeded ports?
the startup services are in /etc/rc.d/
If you don't want something remove the execute permission.
e.x. ssh is secure shel deamon. If you don't want to be able to remotelly connect to this pc so:
Code:
/etc/rc.d/rc.sshd stop
to stop the service
and then
Code:
chmod -x /etc/rc.d/rc.sshd
To make sure that ssh is not loaded at startup.
smtp is the mail server. If you don't need to run a mail server do the same as above for rc.sendmail
I don't have a clue what 587 port is for..
Last edited by perfect_circle; 02-28-2005 at 03:01 PM.
It worked for sendmail port, but there seems to be no rc.ssh in my system.
bash-2.05b# /etc/rc.d/rc.sshd stop
bash-2.05b# chmod -x /etc/rc.d/rc.ssh
chmod: cannot access `/etc/rc.d/rc.ssh': No such file or directory
bash-2.05b# find / -name *rc.ssh
/usr/share/a2ps/sheets/a2psrc.ssh
/home/usr/share/a2ps/sheets/a2psrc.ssh
bash-2.05b#
After having no choice but to use buttons that are labelled "submit", I've acquired an attitude toward that word. Would love to be rid of that port too.
Originally posted by WilliamS It worked for sendmail port, but there seems to be no rc.ssh in my system.
bash-2.05b# /etc/rc.d/rc.sshd stop
bash-2.05b# chmod -x /etc/rc.d/rc.ssh
chmod: cannot access `/etc/rc.d/rc.ssh': No such file or directory
bash-2.05b# find / -name *rc.ssh
/usr/share/a2ps/sheets/a2psrc.ssh
/home/usr/share/a2ps/sheets/a2psrc.ssh
bash-2.05b#
After having no choice but to use buttons that are labelled "submit", I've acquired an attitude toward that word. Would love to be rid of that port too.
sorry... its chmod -x /etc/rc.d/rc.sshd
The same script you stoped, it was just a spelling mistake, I've corrected it
sshd= secure shell deamon
Last edited by perfect_circle; 02-28-2005 at 03:02 PM.
Originally posted by perfect_circle Can you suggest a really easy to use firewall or an easy guide for iptables?
Take a look at webmin.org, I use webmin to configure IPTables and it works great for me. My iptables is rather simple, I block all incoming and forwarding connections and allow loopback full access and then eth0 (respective interface) to accept incoming and forwarded connections if they are established and related. However this is just a simple security wall for me since I am also behind a NAT router with a firewall of its own.
Hope this helps you
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.