LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 02-28-2005, 05:23 AM   #1
perfect_circle
Senior Member
 
Registered: Oct 2004
Location: Athens, Greece
Distribution: Slackware, arch
Posts: 1,783

Rep: Reputation: 53
slackware default open ports


nmap outputs this on my system:
Code:
skalkoto@darkstar:~$ nmap localhost

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2005-02-28 13:18 EET
Interesting ports on localhost (127.0.0.1):
(The 1655 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
37/tcp   open  time
113/tcp  open  auth
631/tcp  open  ipp
6000/tcp open  X11

Nmap run completed -- 1 IP address (1 host up) scanned in 0.382 seconds
well ipp is CUPS web server X11 is the X-window server, but what are the other 2 ports. Do I need them open? how do I close them?. I haven't configured iptables, so not having unneeded ports open is important for me. Can you suggest a really easy to use firewall or an easy guide for iptables?
I don't have time to learn those stuff right now.

Last edited by perfect_circle; 02-28-2005 at 05:26 AM.
 
Old 02-28-2005, 05:31 AM   #2
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,230

Rep: Reputation: 722Reputation: 722Reputation: 722Reputation: 722Reputation: 722Reputation: 722Reputation: 722
Edit /etc/inetd.conf and comment the line about time, auth services to disable them,
then restart inetd (killall -s HUP inetd)

Last edited by keefaz; 02-28-2005 at 05:32 AM.
 
Old 02-28-2005, 10:17 AM   #3
cathectic
Member
 
Registered: Sep 2004
Location: UK, Europe
Distribution: Slackware64
Posts: 761

Rep: Reputation: 35
If you don't need time and auth, and have no other services, just kill inetd.
Code:
/etc/rc.d/inet.d stop
chmod -x /etc/rc.d/rc.inetd
Also, if you don't need X listening for incoming connections, you can add this to /usr/X11R6/bin/startx
Code:
serverargs="-nolisten tcp"
(replacing the original serverargs="" already there)
 
Old 02-28-2005, 10:59 AM   #4
samac
Senior Member
 
Registered: Mar 2004
Location: Westray, Orkney
Distribution: Linux Mint 17.1
Posts: 1,424

Rep: Reputation: 138Reputation: 138
Hi

I used "chmod -x rc.inetd", and modified "startx", and I now only have 631 and 6000 open.

I thought that modifying startx would have closed 6000/tcp X11.

I take it 631 has to be open to print with cups
and 6000 open to use X

When checking from the internet grc.com both these ports are reported as stealth.

Can all ports be closed or am I just being stupid.

samac

Last edited by samac; 02-28-2005 at 11:00 AM.
 
Old 02-28-2005, 11:03 AM   #5
samac
Senior Member
 
Registered: Mar 2004
Location: Westray, Orkney
Distribution: Linux Mint 17.1
Posts: 1,424

Rep: Reputation: 138Reputation: 138
Quote:
Can you suggest a really easy to use firewall or an easy guide for iptables?
The easiest firewall I have come across, and it seems to be "hard as nails", is:
projectfiles.com/firewall/

Hope this helps

samac
 
Old 02-28-2005, 11:07 AM   #6
perfect_circle
Senior Member
 
Registered: Oct 2004
Location: Athens, Greece
Distribution: Slackware, arch
Posts: 1,783

Original Poster
Rep: Reputation: 53
thank you both.
Although after commenting time and auth I had no inetd listening port, i killed it completely.
I also added the nolisten tcp and there is no open port waiting for X11 connections.
Right now Only 631 is open and will refuse any connection outside 127.0.0.1
AM I secure? DO I need a firewall?
A port scan will show to someone that 631 is open, he may also do a OS detection and find out I'm using linux with the 2.4 kernel series. Is there a way to crack my system?
Also, what's the use of time and auth?
If i want my sisters pc to use mine as a gateway to connect to the internet, (I'm thinking of buying ethernet cards), do i need to relaunch inetd?
 
Old 02-28-2005, 11:14 AM   #7
perfect_circle
Senior Member
 
Registered: Oct 2004
Location: Athens, Greece
Distribution: Slackware, arch
Posts: 1,783

Original Poster
Rep: Reputation: 53
Quote:
Originally posted by samac
Hi

I used "chmod -x rc.inetd", and modified "startx", and I now only have 631 and 6000 open.

I thought that modifying startx would have closed 6000/tcp X11.

I take it 631 has to be open to print with cups
and 6000 open to use X

When checking from the internet grc.com both these ports are reported as stealth.

Can all ports be closed or am I just being stupid.

samac
did you restart X? You should not have 6000 open if you did it correct.

Also check etc/cups/cupsd.conf. By default you probably have something like:
Code:
## Restrict access to local domain
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
which means all connections outside your pc in 631 will be denied.
 
Old 02-28-2005, 11:23 AM   #8
samac
Senior Member
 
Registered: Mar 2004
Location: Westray, Orkney
Distribution: Linux Mint 17.1
Posts: 1,424

Rep: Reputation: 138Reputation: 138
Hi

port 6000 now closed

Yes cupsd.conf has those options.

Thanks

samac
 
Old 02-28-2005, 01:46 PM   #9
WilliamS
Member
 
Registered: Nov 2003
Location: 46N 76W
Distribution: Slackware 14.1
Posts: 380

Rep: Reputation: 31
I found these open:

bash-2.05b$ nmap localhost

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2005-02-28 14:42 EST
Interesting ports on localhost (127.0.0.1):
(The 1654 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
587/tcp open submission
631/tcp open ipp
6000/tcp open X11

Nmap run completed -- 1 IP address (1 host up) scanned in 0.431 seconds
bash-2.05b$

I'm using guarddog. Can someone tell me how to close the unneeded ports?
 
Old 02-28-2005, 02:01 PM   #10
cathectic
Member
 
Registered: Sep 2004
Location: UK, Europe
Distribution: Slackware64
Posts: 761

Rep: Reputation: 35
WilliamS:

You're running sshd (ssh) and sendmail (smtp)
Code:
/etc/rc.d/rc.sshd stop
/etc/rc.d/rc.sendmail stop
chmod -x /etc/rc.d/rc.sshd
chmod -x /etc/rc.d/rc.sendmail
That should leave you with 631 (CUPS) and 6000 (X, see my previous post about how to close that one)

Guarddog won't close the ports for you, but it can restrict access to them.

perfect_circle:

As to whether a firewall is necessary on top, I would say better safe than sorry. Since I run no services, my firewall rules will not forward packets, and drop any incoming packets that are coming to ports that I have *not* opened (but leaving 127.0.0.1, the local loopback, unaffected). It's easier than coding half a dozen different rules in different programs. Let the firewall/iptables do the hard work first!

You can write your own firewall script, and drop it in as /etc/rc.d/rc.firewall and chmod +x it, or use something like guarddog to build one for you.

Edit:

For a gateway, you don't need inetd, you just need to configure iptables using a firewall script. You need to forward requests from your sisters PC to the net, and vice versa. I'm not that knowledgeable on this, so try searching the board or use Google to see if you can find more.

Last edited by cathectic; 02-28-2005 at 02:04 PM.
 
Old 02-28-2005, 02:05 PM   #11
perfect_circle
Senior Member
 
Registered: Oct 2004
Location: Athens, Greece
Distribution: Slackware, arch
Posts: 1,783

Original Poster
Rep: Reputation: 53
Quote:
Originally posted by WilliamS
I found these open:

bash-2.05b$ nmap localhost

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2005-02-28 14:42 EST
Interesting ports on localhost (127.0.0.1):
(The 1654 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
587/tcp open submission
631/tcp open ipp
6000/tcp open X11

Nmap run completed -- 1 IP address (1 host up) scanned in 0.431 seconds
bash-2.05b$

I'm using guarddog. Can someone tell me how to close the unneeded ports?
the startup services are in /etc/rc.d/
If you don't want something remove the execute permission.
e.x. ssh is secure shel deamon. If you don't want to be able to remotelly connect to this pc so:
Code:
/etc/rc.d/rc.sshd stop
to stop the service
and then
Code:
chmod -x /etc/rc.d/rc.sshd
To make sure that ssh is not loaded at startup.
smtp is the mail server. If you don't need to run a mail server do the same as above for rc.sendmail
I don't have a clue what 587 port is for..

Last edited by perfect_circle; 02-28-2005 at 03:01 PM.
 
Old 02-28-2005, 02:33 PM   #12
WilliamS
Member
 
Registered: Nov 2003
Location: 46N 76W
Distribution: Slackware 14.1
Posts: 380

Rep: Reputation: 31
It worked for sendmail port, but there seems to be no rc.ssh in my system.
bash-2.05b# /etc/rc.d/rc.sshd stop
bash-2.05b# chmod -x /etc/rc.d/rc.ssh
chmod: cannot access `/etc/rc.d/rc.ssh': No such file or directory
bash-2.05b# find / -name *rc.ssh
/usr/share/a2ps/sheets/a2psrc.ssh
/home/usr/share/a2ps/sheets/a2psrc.ssh
bash-2.05b#

After having no choice but to use buttons that are labelled "submit", I've acquired an attitude toward that word. Would love to be rid of that port too.
 
Old 02-28-2005, 03:00 PM   #13
perfect_circle
Senior Member
 
Registered: Oct 2004
Location: Athens, Greece
Distribution: Slackware, arch
Posts: 1,783

Original Poster
Rep: Reputation: 53
Quote:
Originally posted by WilliamS
It worked for sendmail port, but there seems to be no rc.ssh in my system.
bash-2.05b# /etc/rc.d/rc.sshd stop
bash-2.05b# chmod -x /etc/rc.d/rc.ssh
chmod: cannot access `/etc/rc.d/rc.ssh': No such file or directory
bash-2.05b# find / -name *rc.ssh
/usr/share/a2ps/sheets/a2psrc.ssh
/home/usr/share/a2ps/sheets/a2psrc.ssh
bash-2.05b#

After having no choice but to use buttons that are labelled "submit", I've acquired an attitude toward that word. Would love to be rid of that port too.
sorry... its chmod -x /etc/rc.d/rc.sshd
The same script you stoped, it was just a spelling mistake, I've corrected it
sshd= secure shell deamon

Last edited by perfect_circle; 02-28-2005 at 03:02 PM.
 
Old 02-28-2005, 03:12 PM   #14
BrianW
Member
 
Registered: Jul 2003
Location: Montana
Distribution: Slackware
Posts: 265

Rep: Reputation: Disabled
Re: slackware default open ports

Quote:
Originally posted by perfect_circle
Can you suggest a really easy to use firewall or an easy guide for iptables?
Take a look at webmin.org, I use webmin to configure IPTables and it works great for me. My iptables is rather simple, I block all incoming and forwarding connections and allow loopback full access and then eth0 (respective interface) to accept incoming and forwarded connections if they are established and related. However this is just a simple security wall for me since I am also behind a NAT router with a firewall of its own.
Hope this helps you

Last edited by BrianW; 02-28-2005 at 03:14 PM.
 
Old 02-28-2005, 03:19 PM   #15
WilliamS
Member
 
Registered: Nov 2003
Location: 46N 76W
Distribution: Slackware 14.1
Posts: 380

Rep: Reputation: 31
Thanks, got sshd port closed, so now nmap shows
PORT STATE SERVICE
631/tcp open ipp
6000/tcp open X11

Nmap run completed

although /usr/X11R6/bin/startx has serverargs="-nolisten tcp"

I hope I've made no typos, I must be the world typo champion.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot Open Mail Server Ports 25, 110, and 220. Other Ports will open. Binxter Linux - Newbie 9 11-29-2007 02:03 AM
What ports are open by default in linux? M O L8ingN2dust Linux - Security 1 11-01-2005 04:51 PM
open ports on linksys, i have ssh open but thats it PlatinumRik Linux - Security 1 07-07-2005 10:38 AM
smb on non-default ports? possible? Apostasy Linux - Networking 2 01-01-2005 04:27 PM
Slackware n()()b and closing open ports/services osx Slackware 8 03-10-2003 12:51 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 12:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration