December 13th, 2002, 11:37 AM
Closing ports on Linux box?
I did an nmap on my RedHat 7.3 box last night and found a few ports to be open
Im at work at the minute so not sure of the port numbers but heres some of the services i have running on those ports:
Im still a newbie on Linux so im not sure what ports to close and how to do this manually!
Im still in the process of fixing my kernel, so im unable to install a firewall, either by compiling or installing the rpm, so any help would be great!
Any other info yous may need, that ive forgotten to add, to help me just ask
December 13th, 2002, 11:42 AM
create a bash script that shuts the open ports with IPtables when you run it (eg)
./iptables -A INPUT -p tcp --dport 111 -j REJECT
and ad lines like that to all the ports that are open then chmod 700 firewall
you should also run a UDP scan on your box to,to see whats listening for UDP packets and just close those ports the same way exept replace TCP with UDP i will give you a file i used to create my iptables script if i see you in IRC or msn tonight
EDIT you should be in the /sbin directory because thats where the iptables command is if it isnt in your default path
By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
The 20th century pharoes have the slaves demanding work
December 13th, 2002, 11:56 AM
Good man prodikal!
December 13th, 2002, 01:11 PM
Find the process that's listening on a port using netstat -pant
Then you can either shut down the appropriate service (assuming you don't need it) or reconfigure it to not listen on tcp any more.
X11 and kdm can both be configured not to listen on tcp ports (their usage locally will still work) and the others may be able to be shut down.
My guess is that you don't need portmap running (unless you use nfs, in which case you should be behind a firewall anyway, right?) and probably don't need your smtp server running.
You can disable services using whatever gui your distro uses for disabling services, or /sbin/chkconfig <servicename> off
/sbin/chkconfig sendmail off
might disable sendmail. see what services are installed using /sbin/chkconfig --list
You might have a different mail server installed, in which case you'll have to disable it by whatever name it goes by.
Note that chkconfig sendmail off does not shut the service down, just prevents it from starting up again on reboot. To shut it down use /etc/init.d/sendmail stop
December 13th, 2002, 01:28 PM
Thanks slarty, the help is appreciated.
At work right now and going on a bender this weekend, so wont be able to try what prodikal and yourself suggested until Sunday at the earliest, so ill give it a go then!
December 27th, 2002, 02:25 AM
Some of the ports are opened (and listened to) by the inetd deamon. (for example: smtp, ftp, telnet, finger, ...)
You can configure this deamon with /etc/inetd.conf
Please note that you must restart the deamon, in order to activate the changes: 'killall -HUP inetd'