This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Subject: Re: Open ports From: Jasper Jans <jjans@bio.vu.nl> Date: Sat, 19 Aug 2000 10:05:39 +0200 (MEST) On Sat, 19 Aug 2000, Zlatko wrote: > Can someone please tell me how to close open ports/services on LInux > RH 6.2: > I wan to know how can I prevent services like ftp, telnet, finger, cmd, > ASR to start automaticly every time the system boots up? > Which is the configuration file. I had intrusion recently. All these services are spawned from 1 daemon - inetd. If you dont want any of them (this means you cant get on your computer from the internet but you can still get on the internet from your machine) you can disable inetd completely. /etc/rc.d/ holds directorys for all runlevels - inetd is started from here. Simples way to disable inetd would be: chkconfig --del inetd If you do want to use certain services (ftp but not telnet for instance) you have to edit the inetd configuration file and disable the services you dont want one by one. vi /etc/inetd.conf and then comment out all services you dont want. After that you have to send a kill -HUP to the inetd daemon. ps aux | grep inet -> look at the process id.. kill -HUP <pid> === Subject: Re: Open ports From: noel.timario@ramcargroup.com Date: Sat, 19 Aug 2000 16:12:21 +0800 To check what services are running/on... chkconfig --list you would see the services, system levels and if it is on or off. To turn off, say portmap at system level 3... chkconfig --level 3 portmap off For more info, type this... chkconfig === Subject: Re: Open ports From: rpjday <rpjday@mindspring.com> Date: Sat, 19 Aug 2000 05:51:08 -0400 (EDT) but using chkconfig will only disable services that run standalone, not services like telnet and ftp that are supervised thru the "inetd" daemon. for those. edit /etc/inetd.conf and comment out all services you don't want. (as a starting point, comment out darn near everything and slowly turn them back on as you find you need them.) rday === Subject: Re: Open ports From: "Michael J. Maravillo" <mike.maravillo@q-linux.com> Date: Sat, 19 Aug 2000 17:48:18 +0800 On Sat, Aug 19, 2000 at 05:53:26PM +1000, Zlatko wrote: > Can someone please tell me how to close open ports/services on LInux > RH 6.2: > I wan to know how can I prevent services like ftp, telnet, finger, cmd, > ASR to start automaticly every time the system boots up? These services usually run off inetd. To disable, comment the corresponding entries in /etc/inetd.conf then run: # killall -HUP syslogd If you want to totally disable inetd, run: # chkconfig --del inetd You can also view a list of programs that are run at startup with: # chkconfig --list BTW, the numbers 0-6 from the output of chkconfig are runlevels and simply says which programs are run for that particular runlevel. To know your current runlevel, run: # runlevel # current one is on the right To know which ports you have open: # netstat -tln # TCP # netstat -uln # UDP To know which particular program listens on a port: # lsof -i :23 # who listens on telnet port? > Which is the configuration file. I had intrusion recently. There's a possibility that the intruder has installed some trojan on your system which could e.g., allow him remote access again in the future, wipe your system at some future date, etc. In a security standpoint, you can't trust your system anymore after an intrusion. Hopefully, you can maybe run "rpm -Va" to check the integrity of your files against the rpm database. Though I doubt if you can also trust the rpm database anymore. === Subject: Re: Open ports From: Robert Soros <robert@soros.ath.cx> Date: 19 Aug 2000 16:01:25 +0500 On Sat, Aug 19, 2000 at 05:53:26PM +1000, Zlatko wrote: > > Can someone please tell me how to close open ports/services on LInux > > RH 6.2: > > I wan to know how can I prevent services like ftp, telnet, finger, cmd, > > ASR to start automaticly every time the system boots up? > > These services usually run off inetd. To disable, comment the > corresponding entries in /etc/inetd.conf then run: > > # killall -HUP syslogd > syslog? this will do nothing regarding inetd , maybe you meant inetd ? I actually prefer doing this one the hard way, like this kill -HUP `cat /var/run/inetd.pid` :) === Subject: Re: Open ports From: "Michael J. Maravillo" <mike.maravillo@q-linux.com> Date: Sat, 19 Aug 2000 21:07:16 +0800 Oops! :) Thanks for pointing that out Robert. Hmmm, shouldn't be answering e-mails when I'm half-awake... === Subject: Re: Open ports From: Bret Hughes <bhughes@elevating.com> Date: Sat, 19 Aug 2000 10:06:13 -0500 Robert Soros wrote: > > On Sat, Aug 19, 2000 at 05:53:26PM +1000, Zlatko wrote: > > > Can someone please tell me how to close open ports/services on LInux > > > RH 6.2: > > > I wan to know how can I prevent services like ftp, telnet, finger, cmd, > > > ASR to start automaticly every time the system boots up? > > > > These services usually run off inetd. To disable, comment the > > corresponding entries in /etc/inetd.conf then run: > > > > # killall -HUP syslogd > > > > syslog? this will do nothing regarding inetd , maybe you meant inetd ? > I actually prefer doing this one the hard way, like this > > kill -HUP `cat /var/run/inetd.pid` > > I like the easy way (fewer characters): kill -HUP `pidof inetd` === Subject: Re: Open ports From: Rick Warner <rwarner@Resonate.com> Date: Sat, 19 Aug 2000 08:23:44 -0700 (Pacific Daylight Time) The suggestions so far will stop the running instance of inetd and disable all services provided through the inetd daemon. But it will not stop them from restarting at boot, which was part of the original question. Three approaches, one gentle, one a hammer: 1) edit /etc/inetd.conf, comment out (put a '#' character at the beginning of the line for the service) the services that are not wanted, then do a SIGHUP on inetd. That will stop them now and on future reboots. 2) Remove the servers for all services that are not wanted. RH6.2 does separate user applications from the servers for most inetd services, so just remove those packages. 3) Do a SIGTERM on the inetd process to kill the running instance. Use 'chkconfig --level 35 inet off' to disable the startup scripts so it does not restart. === Subject: Re: Open ports From: John Aldrich <john@chattanooga.net> Date: Sat, 19 Aug 2000 19:55:56 -0400 On Sat, 19 Aug 2000, you wrote: > To know which ports you have open: > > # netstat -tln # TCP > # netstat -uln # UDP > > To know which particular program listens on a port: > > # lsof -i :23 # who listens on telnet port? Ahh...very interesting. Thanks. I've been running linux for over a year now, and this is the first time I"ve seen the detailed instructions to see what's running and find out what services are actually listening on the "open" ports. :-) I guess I'm pretty secure.... I have a whopping 4 ports "open." One is identd (which I might as well turn off 'cause it doesn't appear to be working! *sigh*) one is Junkbuster, one is X and the last is SSH! :-) I just wish my ISDN router would allow ident requests through. I've got port 113 configured to pass through to my linux box, but last time I tried using IRC, I never saw any ident requests in my logs, even though they were showing up as failed in my IRC window! :-( Maybe my ISP is trapping that port??? I don't *think* so (I work for my ISP <G>) but I"ll have to double-check I guess! John === Subject: Re: Open ports From: John Aldrich <john@chattanooga.net> Date: Sat, 19 Aug 2000 20:03:12 -0400 On Sat, 19 Aug 2000, you wrote: > The suggestions so far will stop the running instance of inetd and disable > all services provided through the inetd daemon. But it will not stop them > from restarting at boot, which was part of the original question. Three > approaches, one gentle, one a hammer: > > 1) edit /etc/inetd.conf, comment out (put a '#' character at the > beginning of the line for the service) the services that are not > wanted, then do a SIGHUP on inetd. That will stop them now and > on future reboots. > > 2) Remove the servers for all services that are not wanted. RH6.2 does > separate user applications from the servers for most inetd services, > so just remove those packages. > > 3) Do a SIGTERM on the inetd process to kill the running instance. Use > 'chkconfig --level 35 inet off' to disable the startup scripts so it > does not restart. > Umm...I could've sworn that someone said to edit /etc/inetd.conf and disable any services you don't want / need... THEN run "killall -HUP inetd" :-) BTW, why would you completely disable inetd? Just because there's nothing YOU want in there, doesn't mean you don't want to include things like sshd and run it there! :-) === Subject: Re: Open ports From: Jasper Jans <jjans@bio.vu.nl> Date: Sun, 20 Aug 2000 02:39:36 +0200 (MEST) Umm...I could've sworn that someone said to edit > /etc/inetd.conf and disable any services you don't want / > need... THEN run "killall -HUP inetd" :-) BTW, why would > you completely disable inetd? Just because there's nothing > YOU want in there, doesn't mean you don't want to include > things like sshd and run it there! :-) You dont want to run ssh from identd.. simple reason being that everytime you connect itwill take a few to generate a new key.. ssh is one of those daemons to run on its own. The only reason you could think of running ssh through inetd for is tcpwrappers.. but thats not a valid arguement. Ssh is tcpwrappers aware (option you turn on during compilation). === Subject: Re: Open ports From: John Aldrich <john@chattanooga.net> Date: Sat, 19 Aug 2000 20:42:43 -0400 On Sat, 19 Aug 2000, you wrote: > > Umm...I could've sworn that someone said to edit > > /etc/inetd.conf and disable any services you don't want / > > need... THEN run "killall -HUP inetd" :-) BTW, why would > > you completely disable inetd? Just because there's nothing > > YOU want in there, doesn't mean you don't want to include > > things like sshd and run it there! :-) > > You dont want to run ssh from identd.. simple reason being > that everytime you connect itwill take a few to generate a > new key.. ssh is one of those daemons to run on its own. > The only reason you could think of running ssh through > inetd for is tcpwrappers.. but thats not a valid arguement. > Ssh is tcpwrappers aware (option you turn on during > compilation). > Hmm.... you're right. I was thinking I'd seen that in the inetd.conf. I was wrong. I looked at it again and realized you were correct. Now, I *do* have one question. Something called "swat" was added to my inetd.conf awhile back (shortly after installing RedHat) but I have, of course, commented it out. Any idea what that is? If it's something I need, I'll re-enable it. However, after running RH6.2 for awhile now, I haven't seen anything complaining about not getting "swat." :-) === Subject: Re: Open ports From: Rick Warner <rwarner@Resonate.com> Date: Sat, 19 Aug 2000 18:07:55 -0700 (Pacific Daylight Time) On Sat, 19 Aug 2000, John Aldrich wrote: > On Sat, 19 Aug 2000, you wrote: > Umm...I could've sworn that someone said to edit > /etc/inetd.conf and disable any services you don't want / > need... THEN run "killall -HUP inetd" :-) BTW, why would > you completely disable inetd? Just because there's nothing > YOU want in there, doesn't mean you don't want to include > things like sshd and run it there! :-) That is why I said one option was 'a hammer'. I would not kill inetd, but the suggestion to which I replied was to kill the running instance of inetd. I would keep inetd, just select which services it ran. === Subject: Re: Open ports From: Duncan Hill <dhill@bajan.org> Date: Sat, 19 Aug 2000 21:06:51 -0400 (EDT) On Sat, 19 Aug 2000, John Aldrich wrote: > Now, I *do* have one question. Something called "swat" was added > to my inetd.conf awhile back (shortly after Samba Web something I think.. web based tool to config samba. Not critical. === Subject: Re: Open ports From: Rick Warner <rwarner@Resonate.com> Date: Sat, 19 Aug 2000 18:10:54 -0700 (Pacific Daylight Time) Now, I *do* have one question. Something called "swat" was > added to my inetd.conf awhile back (shortly after > installing RedHat) but I have, of course, commented it out. > Any idea what that is? If it's something I need, I'll > re-enable it. However, after running RH6.2 for awhile now, > I haven't seen anything complaining about not getting > "swat." :-) > John swat is the GUI for Samba configuration. Being an old-timer, I disable swat and just edit the smb.conf directly. === Subject: RE: Open ports From: "Juha Saarinen" <juha_saarinen@email.msn.com> Date: Sun, 20 Aug 2000 13:40:53 +1200 %-> Now, I *do* have one question. Something called "swat" was %-> added to my inetd.conf awhile back (shortly after %-> installing RedHat) but I have, of course, commented it out. %-> Any idea what that is? If it's something I need, I'll %-> re-enable it. However, after running RH6.2 for awhile now, %-> I haven't seen anything complaining about not getting %-> "swat." :-) SWAT is the Samba Admin interface -- listens on TCP port 901. # cat /etc/services | grep 901 swat 901/tcp # Samba Web Administration Tool === Subject: Re: Open ports From: Robert Soros <robert@soros.ath.cx> Date: 20 Aug 2000 06:07:10 +0500 Robert Soros wrote: > > > > On Sat, Aug 19, 2000 at 05:53:26PM +1000, Zlatko wrote: > > > > Can someone please tell me how to close open ports/services on LInux > > > > RH 6.2: > > > > I wan to know how can I prevent services like ftp, telnet, finger, cmd, > > > > ASR to start automaticly every time the system boots up? > > > > > > These services usually run off inetd. To disable, comment the > > > corresponding entries in /etc/inetd.conf then run: > > > > > > # killall -HUP syslogd > > > > > > > syslog? this will do nothing regarding inetd , maybe you meant inetd ? > > I actually prefer doing this one the hard way, like this > > > > kill -HUP `cat /var/run/inetd.pid` > > > > > > I like the easy way (fewer characters): > > kill -HUP `pidof inetd` Well the idea behind (kill -HUP `cat /var/run/process.pid`) is that it makes it easy to integrate into scripts.. the /var/run/inetd.pid simply contains the current process id of inetd... you'll find others located in /var/run such as httpd/gdm/crond/sendmail/syslog/etc.... need a quick way to HUP a system daemon in your script ? This is the way, a much better alternative to grepping through ps listing and finding the process. === Subject: Re: Open ports From: Robert Soros <robert@soros.ath.cx> Date: 20 Aug 2000 07:15:26 +0500 On Sat, 19 Aug 2000, John Aldrich wrote: > > > On Sat, 19 Aug 2000, you wrote: > > > Umm...I could've sworn that someone said to edit > > /etc/inetd.conf and disable any services you don't want / > > need... THEN run "killall -HUP inetd" :-) BTW, why would > > you completely disable inetd? Just because there's nothing > > YOU want in there, doesn't mean you don't want to include > > things like sshd and run it there! :-) > > That is why I said one option was 'a hammer'. I would not kill inetd, but > the suggestion to which I replied was to kill the running instance of > inetd. I would keep inetd, just select which services it ran. > You have to do this , either you 'kill -HUP' it, reboot your machine, switch run levels or kill it then restart it manually .. if you just edit /etc/inetd.conf, it will not automagically "realise" you've made these changes. kill -HUP `cat /var/run/inetd.pid` is your friend. === Subject: Re: Open ports From: John Aldrich <john@chattanooga.net> Date: Sat, 19 Aug 2000 22:17:20 -0400 On Sat, 19 Aug 2000, you wrote: > On Sat, 19 Aug 2000, John Aldrich wrote: > > > On Sat, 19 Aug 2000, you wrote: > > > Umm...I could've sworn that someone said to edit > > /etc/inetd.conf and disable any services you don't want / > > need... THEN run "killall -HUP inetd" :-) BTW, why would > > you completely disable inetd? Just because there's nothing > > YOU want in there, doesn't mean you don't want to include > > things like sshd and run it there! :-) > > That is why I said one option was 'a hammer'. I would not kill inetd, but > the suggestion to which I replied was to kill the running instance of > inetd. I would keep inetd, just select which services it ran. > Right, but it's easier to shut down and restart inetd than it is to shutdown all the various services individually, or am I misunderstanding you? :-) John === Subject: Re: Open ports From: Rick Warner <rwarner@Resonate.com> Date: Sat, 19 Aug 2000 20:01:45 -0700 (Pacific Daylight Time) On Sat, 19 Aug 2000, John Aldrich wrote: > On Sat, 19 Aug 2000, you wrote: > > On Sat, 19 Aug 2000, John Aldrich wrote: > > > > > On Sat, 19 Aug 2000, you wrote: > > > > > Umm...I could've sworn that someone said to edit > > > /etc/inetd.conf and disable any services you don't want / > > > need... THEN run "killall -HUP inetd" :-) BTW, why would > > > you completely disable inetd? Just because there's nothing > > > YOU want in there, doesn't mean you don't want to include > > > things like sshd and run it there! :-) > > > > That is why I said one option was 'a hammer'. I would not kill inetd, but > > the suggestion to which I replied was to kill the running instance of > > inetd. I would keep inetd, just select which services it ran. > > > Right, but it's easier to shut down and restart inetd than > it is to shutdown all the various services individually, or > am I misunderstanding you? :-) > John You must be misunderstanding me. I usually edit inetd.conf once, then do a SIGHUP to limit what's available at the moment. I am actually quite brutal; I do not comment out inetd.conf entries, I delete them. Most of my servers have only 2 or 3 lines in inet.conf, and those left running are wrapped with tcpd and strict rules applied. === Subject: Re: Open ports From: John Aldrich <john@chattanooga.net> Date: Sat, 19 Aug 2000 23:34:26 -0400 On Sat, 19 Aug 2000, you wrote: > > Right, but it's easier to shut down and restart inetd than > > it is to shutdown all the various services individually, or > > am I misunderstanding you? :-) > > John > > You must be misunderstanding me. I usually edit inetd.conf once, then do > a SIGHUP to limit what's available at the moment. I am actually quite > brutal; I do not comment out inetd.conf entries, I delete them. Most of > my servers have only 2 or 3 lines in inet.conf, and those left running are > wrapped with tcpd and strict rules applied. > Ahh. Ok. :-) I didn't see where you were using SIGHUP to restart inetd. :-) As for all the entries in inetd.conf, well, who knows when you're going to want to enable rlogin or some strange protocol... :-) Plus, it's less work to put a "#" in front of the line than to delete it (IMNSHO, that is! <G>) ===