SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Location: Rome, Italy ; Novi Sad, Srbija; Brisbane, Australia
Distribution: Ubuntu / ITOS2008
Posts: 1,207
Rep:
Open Ports
Since Slackware claims to be the most secure Linux distro "out of the box" i nmapped myself and got the following results.
Port State Service
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
37/tcp open time
79/tcp open finger
111/tcp open sunrpc
113/tcp open auth
139/tcp open netbios-ssn
513/tcp open login
514/tcp open shell
515/tcp open printer
6000/tcp open X11
Now i need ssh/telnet open, but shell, and login are worrying me since i dont know what they are. Is this set of open ports safe enough? Should i block some, and which ones. I dont think ftp should be running either unless it is used to download files from ftp sites as well. Please give me some advice on which ports should i block and how? IPtables?
Thanks in advance
-NSKL
To the best of my knowledge, you can close all of those ports - except, of course, the ones you mentioned that you needed. 21 can be closed if you're just going to download files to or upload files from your box. Time and finger can safely be closed (both are in /etc/inetd.conf.) The sunrpc is kicked off by the portmapper in /etc/rc.d/rc.inet2. The open 6000 port is from your X session. You can close it by kicking off X with startx -- -nolisten tcp. Port 113 is for identd (also kicked off in /etc/inetd.conf). You can close it and probably won't have any issues except with some IRC servers (i.e. most DAL Net servers) that will reject you when they don't receive an ident response.
I'm not sure what the 5xx ports are.
Here's one of my favorite security "quickie" howtos:
Location: Rome, Italy ; Novi Sad, Srbija; Brisbane, Australia
Distribution: Ubuntu / ITOS2008
Posts: 1,207
Original Poster
Rep:
I can't find the init script that starts rsh and rlogin.. I looked through rc.M but didnt find it. Any ideas where these services are started?
Thanks in advance
-NSKL
EDIT: Nevermind, the services were started by inetd, i edited inetd.conf and stopped them. Now when i scan my self with Nmap i get the following:
Port State Service
22/tcp open ssh
111/tcp open sunrpc
113/tcp open auth
515/tcp open printer
6000/tcp open X11
I need ssh open, i beleive sunrpc is used by a number of programs so i left it running, auth is needed for many IRC servers to get authentication response so i left it running, i (will be) sharing a printer on a LAN so printer is running (I beleive i need to firewall it later so only users on the lan can use the printer) and X11 is obviously running since im in X (X11 needs to be firewalled tho if im not wrong, so only local LAN users can use it?)
Is this range of open ports safe enough. Keep in mind that some of these services like printer and X11 might be firewalled already but i can not verify it since im scaning myself and firewall is bypassed AFAIK.
Any suggestions welcome,
Thanks in advance
-NSKL
On my machine at home I decided that I wanted to make it as secure as possible. I found that not running inetd at all was the best idea: how much do you actually need any of the ports that it runs for you? Also the same with sunrpc: unless you want to do stuff with NFS or whatever there is little reason to run it. identd is also not required for some efnet irc servers such as irc.concentric.net or efnet.demon.co.uk amongst others. Basically it is not really neccesary to have any ports open at all on a home machine: I keep ssh open in case I need to login remotely but that it all.
spook
.
Just a note, it's best to close off all services you need. If you don't, plz note firewalling alone ain't enough; add access restrictions (tcp wrappers, or alike in case of lpd) as well, because if your fw script somehow fsck's up that would have been your last line of defense (vewwy wwonk).
Location: Rome, Italy ; Novi Sad, Srbija; Brisbane, Australia
Distribution: Ubuntu / ITOS2008
Posts: 1,207
Original Poster
Rep:
Ok now i have only printer, ssh, auth and X open. I will tweak auth like jpweston suggested (Thanks!), then only X and printer reamain that i will firewall and use tcp wrappers to secure.
This is a home machine, dynamic IP (PPP) so i think the chance that someone will attempt anything are very small...
Thanks for all the help, i will do as suggested!
-NSKL
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.