Since Slackware claims to be the most secure Linux distro "out of the box" i nmapped myself and got the following results.
Port State Service
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
37/tcp open time
79/tcp open finger
111/tcp open sunrpc
113/tcp open auth
139/tcp open netbios-ssn
513/tcp open login
514/tcp open shell
515/tcp open printer
6000/tcp open X11
Now i need ssh/telnet open, but shell, and login are worrying me since i dont know what they are. Is this set of open ports safe enough? Should i block some, and which ones. I dont think ftp should be running either unless it is used to download files from ftp sites as well. Please give me some advice on which ports should i block and how? IPtables?
Thanks in advance
-NSKL

NSKL,

To the best of my knowledge, you can close all of those ports - except, of course, the ones you mentioned that you needed. 21 can be closed if you're just going to download files to or upload files from your box. Time and finger can safely be closed (both are in /etc/inetd.conf.) The sunrpc is kicked off by the portmapper in /etc/rc.d/rc.inet2. The open 6000 port is from your X session. You can close it by kicking off X with startx -- -nolisten tcp. Port 113 is for identd (also kicked off in /etc/inetd.conf). You can close it and probably won't have any issues except with some IRC servers (i.e. most DAL Net servers) that will reject you when they don't receive an ident response.

I'm not sure what the 5xx ports are.

Here's one of my favorite security "quickie" howtos:

http://www.tldp.org/HOWTO/Security-Q...WTO/index.html

j.

513 rsh, 514 rexec and 515 is lpd, spose you search your rc(.M) file and disable 'em.

I can't find the init script that starts rsh and rlogin.. I looked through rc.M but didnt find it. Any ideas where these services are started?

Thanks in advance

-NSKL
EDIT: Nevermind, the services were started by inetd, i edited inetd.conf and stopped them. Now when i scan my self with Nmap i get the following:
Port State Service
22/tcp open ssh
111/tcp open sunrpc
113/tcp open auth
515/tcp open printer
6000/tcp open X11
I need ssh open, i beleive sunrpc is used by a number of programs so i left it running, auth is needed for many IRC servers to get authentication response so i left it running, i (will be) sharing a printer on a LAN so printer is running (I beleive i need to firewall it later so only users on the lan can use the printer) and X11 is obviously running since im in X (X11 needs to be firewalled tho if im not wrong, so only local LAN users can use it?)
Is this range of open ports safe enough. Keep in mind that some of these services like printer and X11 might be firewalled already but i can not verify it since im scaning myself and firewall is bypassed AFAIK.
Any suggestions welcome,
Thanks in advance
-NSKL

NSKL,

If you firewall the lpd service, that should be ok. Same with X, or you can do the -- -nolisten tcp option when you start X.

For port 113, I would do one of two things:

1. Get a replacement identd program off of freshmeat which is more secure.

-or-

2. Modify the call in inetd.conf to use some of identd's flags. Here is my entry:

auth stream tcp wait nobody /usr/sbin/in.identd in.identd -o -n -P/dev/null

-P Sends the file containing the PID, which is created by default, to /dev/null

-o Directs identd to return OTHER instead of UNIX as the operating system.

-n Returns user numbers instead of usernames.

j.

On my machine at home I decided that I wanted to make it as secure as possible. I found that not running inetd at all was the best idea: how much do you actually need any of the ports that it runs for you? Also the same with sunrpc: unless you want to do stuff with NFS or whatever there is little reason to run it. identd is also not required for some efnet irc servers such as irc.concentric.net or efnet.demon.co.uk amongst others. Basically it is not really neccesary to have any ports open at all on a home machine: I keep ssh open in case I need to login remotely but that it all.
spook
.

Just a note, it's best to close off all services you need. If you don't, plz note firewalling alone ain't enough; add access restrictions (tcp wrappers, or alike in case of lpd) as well, because if your fw script somehow fsck's up that would have been your last line of defense (vewwy wwonk).

Ok now i have only printer, ssh, auth and X open. I will tweak auth like jpweston suggested (Thanks!), then only X and printer reamain that i will firewall and use tcp wrappers to secure.
This is a home machine, dynamic IP (PPP) so i think the chance that someone will attempt anything are very small...
Thanks for all the help, i will do as suggested!
-NSKL

Also, as jpweston suggested, start your X windows session with the following command:

startx -- -nolisten tcp

This will stop X from listening on port 6000.

create an alias in your .bashrc (or similar)

alias startx='startx -- -nolisten tcp'