This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Subject: Re: Open ports
From: Jasper Jans <jjans@bio.vu.nl>
Date: Sat, 19 Aug 2000 10:05:39 +0200 (MEST)
On Sat, 19 Aug 2000, Zlatko wrote:
> Can someone please tell me how to close open ports/services on LInux
> RH 6.2:
> I wan to know how can I prevent services like ftp, telnet, finger, cmd,
> ASR to start automaticly every time the system boots up?
> Which is the configuration file. I had intrusion recently.
All these services are spawned from 1 daemon - inetd.
If you dont want any of them (this means you cant get
on your computer from the internet but you can still
get on the internet from your machine) you can disable
inetd completely.
/etc/rc.d/ holds directorys for all runlevels - inetd
is started from here. Simples way to disable inetd
would be:
chkconfig --del inetd
If you do want to use certain services (ftp but not
telnet for instance) you have to edit the inetd
configuration file and disable the services you dont
want one by one.
vi /etc/inetd.conf
and then comment out all services you dont want.
After that you have to send a kill -HUP to the inetd
daemon.
ps aux | grep inet -> look at the process id..
kill -HUP <pid>
===
Subject: Re: Open ports
From: noel.timario@ramcargroup.com
Date: Sat, 19 Aug 2000 16:12:21 +0800
To check what services are running/on...
chkconfig --list
you would see the services, system levels and if it is
on or off.
To turn off, say portmap at system level 3...
chkconfig --level 3 portmap off
For more info, type this...
chkconfig
===
Subject: Re: Open ports
From: rpjday <rpjday@mindspring.com>
Date: Sat, 19 Aug 2000 05:51:08 -0400 (EDT)
but using chkconfig will only disable services that run standalone,
not services like telnet and ftp that are supervised thru the
"inetd" daemon.
for those. edit /etc/inetd.conf and comment out all services
you don't want. (as a starting point, comment out darn near
everything and slowly turn them back on as you find you need
them.)
rday
===
Subject: Re: Open ports
From: "Michael J. Maravillo" <mike.maravillo@q-linux.com>
Date: Sat, 19 Aug 2000 17:48:18 +0800
On Sat, Aug 19, 2000 at 05:53:26PM +1000, Zlatko wrote:
> Can someone please tell me how to close open ports/services on LInux
> RH 6.2:
> I wan to know how can I prevent services like ftp, telnet, finger, cmd,
> ASR to start automaticly every time the system boots up?
These services usually run off inetd. To disable, comment the
corresponding entries in /etc/inetd.conf then run:
# killall -HUP syslogd
If you want to totally disable inetd, run:
# chkconfig --del inetd
You can also view a list of programs that are run at startup
with:
# chkconfig --list
BTW, the numbers 0-6 from the output of chkconfig are runlevels
and simply says which programs are run for that particular
runlevel. To know your current runlevel, run:
# runlevel # current one is on the right
To know which ports you have open:
# netstat -tln # TCP
# netstat -uln # UDP
To know which particular program listens on a port:
# lsof -i :23 # who listens on telnet port?
> Which is the configuration file. I had intrusion recently.
There's a possibility that the intruder has installed some trojan
on your system which could e.g., allow him remote access again in
the future, wipe your system at some future date, etc. In a
security standpoint, you can't trust your system anymore after an
intrusion.
Hopefully, you can maybe run "rpm -Va" to check the integrity of
your files against the rpm database. Though I doubt if you can
also trust the rpm database anymore.
===
Subject: Re: Open ports
From: Robert Soros <robert@soros.ath.cx>
Date: 19 Aug 2000 16:01:25 +0500
On Sat, Aug 19, 2000 at 05:53:26PM +1000, Zlatko wrote:
> > Can someone please tell me how to close open ports/services on LInux
> > RH 6.2:
> > I wan to know how can I prevent services like ftp, telnet, finger, cmd,
> > ASR to start automaticly every time the system boots up?
>
> These services usually run off inetd. To disable, comment the
> corresponding entries in /etc/inetd.conf then run:
>
> # killall -HUP syslogd
>
syslog? this will do nothing regarding inetd , maybe you meant inetd ?
I actually prefer doing this one the hard way, like this
kill -HUP `cat /var/run/inetd.pid`
:)
===
Subject: Re: Open ports
From: "Michael J. Maravillo" <mike.maravillo@q-linux.com>
Date: Sat, 19 Aug 2000 21:07:16 +0800
Oops! :) Thanks for pointing that out Robert. Hmmm, shouldn't
be answering e-mails when I'm half-awake...
===
Subject: Re: Open ports
From: Bret Hughes <bhughes@elevating.com>
Date: Sat, 19 Aug 2000 10:06:13 -0500
Robert Soros wrote:
> > On Sat, Aug 19, 2000 at 05:53:26PM +1000, Zlatko wrote:
> > > Can someone please tell me how to close open ports/services on LInux
> > > RH 6.2:
> > > I wan to know how can I prevent services like ftp, telnet, finger, cmd,
> > > ASR to start automaticly every time the system boots up?
> >
> > These services usually run off inetd. To disable, comment the
> > corresponding entries in /etc/inetd.conf then run:
> >
> > # killall -HUP syslogd
> >
>
> syslog? this will do nothing regarding inetd , maybe you meant inetd ?
> I actually prefer doing this one the hard way, like this
>
> kill -HUP `cat /var/run/inetd.pid`
>
>
I like the easy way (fewer characters):
kill -HUP `pidof inetd`
===
Subject: Re: Open ports
From: Rick Warner <rwarner@Resonate.com>
Date: Sat, 19 Aug 2000 08:23:44 -0700 (Pacific Daylight Time)
The suggestions so far will stop the running instance of inetd and disable
all services provided through the inetd daemon. But it will not stop them
from restarting at boot, which was part of the original question. Three
approaches, one gentle, one a hammer:
1) edit /etc/inetd.conf, comment out (put a '#' character at the
beginning of the line for the service) the services that are not
wanted, then do a SIGHUP on inetd. That will stop them now and
on future reboots.
2) Remove the servers for all services that are not wanted. RH6.2 does
separate user applications from the servers for most inetd services,
so just remove those packages.
3) Do a SIGTERM on the inetd process to kill the running instance. Use
'chkconfig --level 35 inet off' to disable the startup scripts so it
does not restart.
===
Subject: Re: Open ports
From: John Aldrich <john@chattanooga.net>
Date: Sat, 19 Aug 2000 19:55:56 -0400
On Sat, 19 Aug 2000, you wrote:
> To know which ports you have open:
>
> # netstat -tln # TCP
> # netstat -uln # UDP
>
> To know which particular program listens on a port:
>
> # lsof -i :23 # who listens on telnet port?
Ahh...very interesting. Thanks. I've been running linux for
over a year now, and this is the first time I"ve seen the
detailed instructions to see what's running and find out
what services are actually listening on the "open" ports.
:-) I guess I'm pretty secure.... I have a whopping 4 ports
"open." One is identd (which I might as well turn off
'cause it doesn't appear to be working! *sigh*) one is
Junkbuster, one is X and the last is SSH! :-)
I just wish my ISDN router would allow ident requests
through. I've got port 113 configured to pass through to my
linux box, but last time I tried using IRC, I never saw any
ident requests in my logs, even though they were showing up
as failed in my IRC window! :-( Maybe my ISP is trapping
that port??? I don't *think* so (I work for my ISP <G>) but
I"ll have to double-check I guess!
John
===
Subject: Re: Open ports
From: John Aldrich <john@chattanooga.net>
Date: Sat, 19 Aug 2000 20:03:12 -0400
On Sat, 19 Aug 2000, you wrote:
> The suggestions so far will stop the running instance of inetd and disable
> all services provided through the inetd daemon. But it will not stop them
> from restarting at boot, which was part of the original question. Three
> approaches, one gentle, one a hammer:
>
> 1) edit /etc/inetd.conf, comment out (put a '#' character at the
> beginning of the line for the service) the services that are not
> wanted, then do a SIGHUP on inetd. That will stop them now and
> on future reboots.
>
> 2) Remove the servers for all services that are not wanted. RH6.2 does
> separate user applications from the servers for most inetd services,
> so just remove those packages.
>
> 3) Do a SIGTERM on the inetd process to kill the running instance. Use
> 'chkconfig --level 35 inet off' to disable the startup scripts so it
> does not restart.
>
Umm...I could've sworn that someone said to edit
/etc/inetd.conf and disable any services you don't want /
need... THEN run "killall -HUP inetd" :-) BTW, why would
you completely disable inetd? Just because there's nothing
YOU want in there, doesn't mean you don't want to include
things like sshd and run it there! :-)
===
Subject: Re: Open ports
From: Jasper Jans <jjans@bio.vu.nl>
Date: Sun, 20 Aug 2000 02:39:36 +0200 (MEST)
Umm...I could've sworn that someone said to edit
> /etc/inetd.conf and disable any services you don't want /
> need... THEN run "killall -HUP inetd" :-) BTW, why would
> you completely disable inetd? Just because there's nothing
> YOU want in there, doesn't mean you don't want to include
> things like sshd and run it there! :-)
You dont want to run ssh from identd.. simple reason being
that everytime you connect itwill take a few to generate a
new key.. ssh is one of those daemons to run on its own.
The only reason you could think of running ssh through
inetd for is tcpwrappers.. but thats not a valid arguement.
Ssh is tcpwrappers aware (option you turn on during
compilation).
===
Subject: Re: Open ports
From: John Aldrich <john@chattanooga.net>
Date: Sat, 19 Aug 2000 20:42:43 -0400
On Sat, 19 Aug 2000, you wrote:
> > Umm...I could've sworn that someone said to edit
> > /etc/inetd.conf and disable any services you don't want /
> > need... THEN run "killall -HUP inetd" :-) BTW, why would
> > you completely disable inetd? Just because there's nothing
> > YOU want in there, doesn't mean you don't want to include
> > things like sshd and run it there! :-)
>
> You dont want to run ssh from identd.. simple reason being
> that everytime you connect itwill take a few to generate a
> new key.. ssh is one of those daemons to run on its own.
> The only reason you could think of running ssh through
> inetd for is tcpwrappers.. but thats not a valid arguement.
> Ssh is tcpwrappers aware (option you turn on during
> compilation).
>
Hmm.... you're right. I was thinking I'd seen that in the
inetd.conf. I was wrong. I looked at it again and realized
you were correct.
Now, I *do* have one question. Something called "swat" was
added to my inetd.conf awhile back (shortly after
installing RedHat) but I have, of course, commented it out.
Any idea what that is? If it's something I need, I'll
re-enable it. However, after running RH6.2 for awhile now,
I haven't seen anything complaining about not getting
"swat." :-)
===
Subject: Re: Open ports
From: Rick Warner <rwarner@Resonate.com>
Date: Sat, 19 Aug 2000 18:07:55 -0700 (Pacific Daylight Time)
On Sat, 19 Aug 2000, John Aldrich wrote:
> On Sat, 19 Aug 2000, you wrote:
> Umm...I could've sworn that someone said to edit
> /etc/inetd.conf and disable any services you don't want /
> need... THEN run "killall -HUP inetd" :-) BTW, why would
> you completely disable inetd? Just because there's nothing
> YOU want in there, doesn't mean you don't want to include
> things like sshd and run it there! :-)
That is why I said one option was 'a hammer'. I would not kill inetd, but
the suggestion to which I replied was to kill the running instance of
inetd. I would keep inetd, just select which services it ran.
===
Subject: Re: Open ports
From: Duncan Hill <dhill@bajan.org>
Date: Sat, 19 Aug 2000 21:06:51 -0400 (EDT)
On Sat, 19 Aug 2000, John Aldrich wrote:
> Now, I *do* have one question. Something called "swat" was added
> to my inetd.conf awhile back (shortly after
Samba Web something I think.. web based tool to config samba. Not
critical.
===
Subject: Re: Open ports
From: Rick Warner <rwarner@Resonate.com>
Date: Sat, 19 Aug 2000 18:10:54 -0700 (Pacific Daylight Time)
Now, I *do* have one question. Something called "swat" was
> added to my inetd.conf awhile back (shortly after
> installing RedHat) but I have, of course, commented it out.
> Any idea what that is? If it's something I need, I'll
> re-enable it. However, after running RH6.2 for awhile now,
> I haven't seen anything complaining about not getting
> "swat." :-)
> John
swat is the GUI for Samba configuration. Being an old-timer, I disable
swat and just edit the smb.conf directly.
===
Subject: RE: Open ports
From: "Juha Saarinen" <juha_saarinen@email.msn.com>
Date: Sun, 20 Aug 2000 13:40:53 +1200
%-> Now, I *do* have one question. Something called "swat" was
%-> added to my inetd.conf awhile back (shortly after
%-> installing RedHat) but I have, of course, commented it out.
%-> Any idea what that is? If it's something I need, I'll
%-> re-enable it. However, after running RH6.2 for awhile now,
%-> I haven't seen anything complaining about not getting
%-> "swat." :-)
SWAT is the Samba Admin interface -- listens on TCP port 901.
# cat /etc/services | grep 901
swat 901/tcp # Samba Web Administration
Tool
===
Subject: Re: Open ports
From: Robert Soros <robert@soros.ath.cx>
Date: 20 Aug 2000 06:07:10 +0500
Robert Soros wrote:
>
> > > On Sat, Aug 19, 2000 at 05:53:26PM +1000, Zlatko wrote:
> > > > Can someone please tell me how to close open ports/services on LInux
> > > > RH 6.2:
> > > > I wan to know how can I prevent services like ftp, telnet, finger, cmd,
> > > > ASR to start automaticly every time the system boots up?
> > >
> > > These services usually run off inetd. To disable, comment the
> > > corresponding entries in /etc/inetd.conf then run:
> > >
> > > # killall -HUP syslogd
> > >
> >
> > syslog? this will do nothing regarding inetd , maybe you meant inetd ?
> > I actually prefer doing this one the hard way, like this
> >
> > kill -HUP `cat /var/run/inetd.pid`
> >
> >
>
> I like the easy way (fewer characters):
>
> kill -HUP `pidof inetd`
Well the idea behind (kill -HUP `cat /var/run/process.pid`) is that it
makes it easy
to integrate into scripts.. the /var/run/inetd.pid simply contains
the current process id of
inetd... you'll find others located in /var/run such as
httpd/gdm/crond/sendmail/syslog/etc....
need a quick way to HUP a system daemon in your script ? This is the
way, a much better alternative to grepping through ps listing and
finding the process.
===
Subject: Re: Open ports
From: Robert Soros <robert@soros.ath.cx>
Date: 20 Aug 2000 07:15:26 +0500
On Sat, 19 Aug 2000, John Aldrich wrote:
>
> > On Sat, 19 Aug 2000, you wrote:
>
> > Umm...I could've sworn that someone said to edit
> > /etc/inetd.conf and disable any services you don't want /
> > need... THEN run "killall -HUP inetd" :-) BTW, why would
> > you completely disable inetd? Just because there's nothing
> > YOU want in there, doesn't mean you don't want to include
> > things like sshd and run it there! :-)
>
> That is why I said one option was 'a hammer'. I would not kill inetd, but
> the suggestion to which I replied was to kill the running instance of
> inetd. I would keep inetd, just select which services it ran.
>
You have to do this , either you 'kill -HUP' it, reboot your machine,
switch run levels or kill it then restart it manually ..
if you just edit /etc/inetd.conf, it will not automagically "realise"
you've made these changes.
kill -HUP `cat /var/run/inetd.pid`
is your friend.
===
Subject: Re: Open ports
From: John Aldrich <john@chattanooga.net>
Date: Sat, 19 Aug 2000 22:17:20 -0400
On Sat, 19 Aug 2000, you wrote:
> On Sat, 19 Aug 2000, John Aldrich wrote:
>
> > On Sat, 19 Aug 2000, you wrote:
>
> > Umm...I could've sworn that someone said to edit
> > /etc/inetd.conf and disable any services you don't want /
> > need... THEN run "killall -HUP inetd" :-) BTW, why would
> > you completely disable inetd? Just because there's nothing
> > YOU want in there, doesn't mean you don't want to include
> > things like sshd and run it there! :-)
>
> That is why I said one option was 'a hammer'. I would not kill inetd, but
> the suggestion to which I replied was to kill the running instance of
> inetd. I would keep inetd, just select which services it ran.
>
Right, but it's easier to shut down and restart inetd than
it is to shutdown all the various services individually, or
am I misunderstanding you? :-)
John
===
Subject: Re: Open ports
From: Rick Warner <rwarner@Resonate.com>
Date: Sat, 19 Aug 2000 20:01:45 -0700 (Pacific Daylight Time)
On Sat, 19 Aug 2000, John Aldrich wrote:
> On Sat, 19 Aug 2000, you wrote:
> > On Sat, 19 Aug 2000, John Aldrich wrote:
> >
> > > On Sat, 19 Aug 2000, you wrote:
> >
> > > Umm...I could've sworn that someone said to edit
> > > /etc/inetd.conf and disable any services you don't want /
> > > need... THEN run "killall -HUP inetd" :-) BTW, why would
> > > you completely disable inetd? Just because there's nothing
> > > YOU want in there, doesn't mean you don't want to include
> > > things like sshd and run it there! :-)
> >
> > That is why I said one option was 'a hammer'. I would not kill inetd, but
> > the suggestion to which I replied was to kill the running instance of
> > inetd. I would keep inetd, just select which services it ran.
> >
> Right, but it's easier to shut down and restart inetd than
> it is to shutdown all the various services individually, or
> am I misunderstanding you? :-)
> John
You must be misunderstanding me. I usually edit inetd.conf once, then do
a SIGHUP to limit what's available at the moment. I am actually quite
brutal; I do not comment out inetd.conf entries, I delete them. Most of
my servers have only 2 or 3 lines in inet.conf, and those left running are
wrapped with tcpd and strict rules applied.
===
Subject: Re: Open ports
From: John Aldrich <john@chattanooga.net>
Date: Sat, 19 Aug 2000 23:34:26 -0400
On Sat, 19 Aug 2000, you wrote:
> > Right, but it's easier to shut down and restart inetd than
> > it is to shutdown all the various services individually, or
> > am I misunderstanding you? :-)
> > John
>
> You must be misunderstanding me. I usually edit inetd.conf once, then do
> a SIGHUP to limit what's available at the moment. I am actually quite
> brutal; I do not comment out inetd.conf entries, I delete them. Most of
> my servers have only 2 or 3 lines in inet.conf, and those left running are
> wrapped with tcpd and strict rules applied.
>
Ahh. Ok. :-) I didn't see where you were using SIGHUP to
restart inetd. :-) As for all the entries in inetd.conf,
well, who knows when you're going to want to enable rlogin
or some strange protocol... :-) Plus, it's less work to put
a "#" in front of the line than to delete it (IMNSHO, that
is! <G>)
===