222 lines
8.6 KiB
HTML
222 lines
8.6 KiB
HTML
<!--startcut ======================================================= -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<html>
|
|
<head>
|
|
<META NAME="generator" CONTENT="lgazmail v1.3B.f">
|
|
<TITLE>The Answer Guy 50: Closing Ports, Disabling Unwanted Services</TITLE>
|
|
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
|
|
LINK="#3366FF" VLINK="#A000A0">
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<H4>"The Linux Gazette...<I>making Linux just a little more fun!</I>"</H4>
|
|
<P> <hr> <P>
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<center>
|
|
<H1><A NAME="answer">
|
|
<img src="../../gx/dennis/qbubble.gif" alt="(?)"
|
|
border="0" align="middle">
|
|
<font color="#B03060">The Answer Guy</font>
|
|
<img src="../../gx/dennis/bbubble.gif" alt="(!)"
|
|
border="0" align="middle">
|
|
</A></H1>
|
|
<BR>
|
|
<H4>By James T. Dennis,
|
|
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a><BR>
|
|
LinuxCare,
|
|
<A HREF="http://www.linuxcare.com/">http://www.linuxcare.com/</A>
|
|
</H4>
|
|
</center>
|
|
|
|
<p><hr><p>
|
|
<!-- endcut ======================================================= -->
|
|
<!-- begin 41 -->
|
|
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
|
|
height="50" width="60" alt="(?) " border="0"
|
|
>Closing Ports, Disabling Unwanted Services</H3>
|
|
|
|
|
|
<p><strong>From Troy Miller on Tue, 18 Jan 2000
|
|
</strong></p>
|
|
<!-- ::
|
|
Closing Ports, Disabling Unwanted Services
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
:: -->
|
|
<P><STRONG>
|
|
I'm new to Linux and I'm trying to secure my PC. I have a DSL line and I
|
|
found out I have 4 open ports (FTP, Finger, Telnet and SMTP). I'm trying to
|
|
find a resource on how to close these ports. I do not plan to use them at
|
|
this time. I don't want to compromise my system.
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
Thanks,
|
|
<br>Troy
|
|
</STRONG></P>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
Bravo! You are doing the right thing.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Three of the services you mention are usually launched
|
|
dynamically by inetd. So you can disable them by
|
|
editing your <TT>/etc/inetd.conf</TT> file, find these services
|
|
by name, and commenting them out of the file (inserting
|
|
a "<tt>#</tt>" (hash/pound sign) at the beginning of those lines).
|
|
After that you can send a HUP signal to inetd to force it
|
|
to re-initialize itself. You can use the following command
|
|
to do that:
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE><BLOCKQUOTE><CODE>
|
|
kill -HUP $(cat <TT>/var/run/inetd.pid</TT>)
|
|
</CODE></BLOCKQUOTE></BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Of course, in this case you aren't running ANY other
|
|
inetd services so you can even just kill you inetd process
|
|
using a command like:
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE><BlockQuote><Code>
|
|
/etc/rc.d/init.d/inetd stop
|
|
</Code></BlockQuote></BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
... or something like that. (The exact path to your
|
|
<TT>/etc/.../init.d</TT> scripts might differ depending on
|
|
your distribution).
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
You can also find an remove the <tt>rcX.d</tt> scripts that
|
|
start inetd during boot if you like. Your system
|
|
might have a '<tt>chkconfig</tt>' command to manage those
|
|
SysV init symlinks for you, or you can use the
|
|
technique that I've described here before
|
|
(create <TT>/etc/.../rc*.d/disabled</TT> directories, and
|
|
move the S??... symlinks into those as appropriate).
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Search the back issues for "sysv init" to hear the
|
|
long-winded discussion of how all of that works.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
That leaves the SMTP service. That is probably being
|
|
provided by sendmail, which is probably being loaded
|
|
"standalone" (not dynamically through inetd). So you
|
|
also want to find the <TT>/etc/.../rcX.d/S*</TT> script that's
|
|
starting sendmail and disable that.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
After you've done that you'll have a machine that
|
|
doesn't provide any network services to anyone.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
You can double check that using a command like:
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE><BLOCKQUOTE><CODE>
|
|
netstat --inet -an
|
|
</CODE></BLOCKQUOTE></BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
... and looking for anything that's in the LISTEN
|
|
state. You can also check it using a port scanner
|
|
like nmap from another system. (I'm guessing that
|
|
you've already been playing with one of those,
|
|
to get the information on which you've based this
|
|
question).
|
|
</BLOCKQUOTE>
|
|
|
|
<!-- sig -->
|
|
<!-- end 41 -->
|
|
<!--startcut ======================================================= -->
|
|
<P> <hr> <P>
|
|
<H5 align="center"><a href="http://www.linuxgazette.com/copying.html"
|
|
>Copyright ©</a> 2000, James T. Dennis
|
|
<BR>Published in <I>The Linux Gazette</I> Issue 50 February 2000</H5>
|
|
<H6 ALIGN="center">HTML transformation by
|
|
<A HREF="mailto:star@starshine.org">Heather Stern</a> of
|
|
Starshine Technical Services,
|
|
<A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
|
|
</H6>
|
|
<P> <hr> <P>
|
|
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<TABLE WIDTH="95%"><TR VALIGN="center" ALIGN="center">
|
|
<TD colspan="2" rowspan="2"><A
|
|
HREF="../lg_answer50.html"
|
|
><IMG SRC="../../gx/dennis/answernew.gif"
|
|
ALT="[ Answer Guy Current Index ]"></A>
|
|
<TD colspan="2" rowspan="2"><A
|
|
HREF="../../tag/kb.html"
|
|
><IMG SRC="../../gx/dennis/answertoc.gif"
|
|
ALT="[ Index of Past Answers ]"></A></td>
|
|
<TD WIDTH="11%"><A HREF="../lg_answer50.html#greeting"><img
|
|
src="../../gx/dennis/smily.gif" alt="greetings" border="0"></A></TD>
|
|
<TD WIDTH="11%"><A HREF="1.html">1</A></TD>
|
|
<TD WIDTH="11%"><A HREF="2.html">2</A></TD>
|
|
<TD WIDTH="11%"><A HREF="3.html">3</A></TD>
|
|
<TD WIDTH="11%"><A HREF="4.html">5</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD WIDTH="11%"><A HREF="5.html">5</A></TD>
|
|
<TD WIDTH="11%"><A HREF="6.html">6</A></TD>
|
|
<TD WIDTH="11%"><A HREF="7.html">7</A></TD>
|
|
<TD WIDTH="11%"><A HREF="8.html">8</A></TD>
|
|
<TD WIDTH="11%"><A HREF="9.html">9</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD WIDTH="10%"><A HREF="10.html">10</A></TD>
|
|
<TD WIDTH="10%"><A HREF="11.html">11</A></TD>
|
|
<TD WIDTH="10%"> </TD>
|
|
<TD WIDTH="10%"><A HREF="13.html">13</A></TD>
|
|
<TD WIDTH="11%"><A HREF="14.html">14</A></TD>
|
|
<TD WIDTH="11%"><A HREF="15.html">15</A></TD>
|
|
<TD WIDTH="11%"><A HREF="16.html">16</A></TD>
|
|
<TD WIDTH="11%"><A HREF="17.html">17</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD WIDTH="10%"><A HREF="18.html">18</A></TD>
|
|
<TD WIDTH="10%"><A HREF="19.html">19</A></TD>
|
|
<TD WIDTH="10%"><A HREF="20.html">20</A></TD>
|
|
<TD WIDTH="10%"><A HREF="21.html">21</A></TD>
|
|
<TD WIDTH="11%"><A HREF="22.html">22</A></TD>
|
|
<TD WIDTH="11%"><A HREF="23.html">23</A></TD>
|
|
<TD WIDTH="11%"><A HREF="24.html">24</A></TD>
|
|
<TD WIDTH="11%"> </TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD WIDTH="10%"><A HREF="26.html">26</A></TD>
|
|
<TD WIDTH="10%"><A HREF="27.html">27</A></TD>
|
|
<TD WIDTH="10%"><A HREF="28.html">28</A></TD>
|
|
<TD WIDTH="10%"><A HREF="29.html">29</A></TD>
|
|
<TD WIDTH="11%"><A HREF="30.html">30</A></TD>
|
|
<TD WIDTH="11%"><A HREF="31.html">31</A></TD>
|
|
<TD WIDTH="11%"><A HREF="32.html">32</A></TD>
|
|
<TD WIDTH="11%"><A HREF="33.html">33</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD WIDTH="10%"><A HREF="34.html">34</A></TD>
|
|
<TD WIDTH="10%"> </TD>
|
|
<TD WIDTH="10%"><A HREF="36.html">36</A></TD>
|
|
<TD WIDTH="10%"><A HREF="37.html">37</A></TD>
|
|
<TD WIDTH="11%"><A HREF="38.html">38</A></TD>
|
|
<TD WIDTH="11%"><A HREF="39.html">39</A></TD>
|
|
<TD WIDTH="11%"><A HREF="40.html">42</A></TD>
|
|
<TD WIDTH="11%"><A HREF="41.html">41</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD WIDTH="10%"><A HREF="42.html">42</A></TD>
|
|
<TD WIDTH="10%"><A HREF="43.html">43</A></TD>
|
|
<TD WIDTH="10%"><A HREF="44.html">44</A></TD>
|
|
<TD WIDTH="10%"><A HREF="45.html">45</A></TD>
|
|
<TD WIDTH="11%"><A HREF="46.html">46</A></TD>
|
|
<TD WIDTH="11%"><A HREF="47.html">47</A></TD>
|
|
<TD WIDTH="11%"><A HREF="48.html">48</A></TD>
|
|
</TR></TABLE>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<P> <hr> <P>
|
|
<!-- begin lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<A HREF="../index.html"
|
|
><IMG SRC="../../gx/indexnew.gif" ALT="[ Table Of Contents ]"></A>
|
|
<A HREF="../../index.html"
|
|
><IMG SRC="../../gx/homenew.gif" ALT="[ Front Page ]"></A>
|
|
<A HREF="../lg_bytes50.html"
|
|
><IMG SRC="../../gx/back2.gif" ALT="[ Previous Section ]"></A>
|
|
<A HREF="../../faq/index.html"
|
|
><IMG SRC="../../gx/dennis/faq.gif"
|
|
ALT="[ Linux Gazette FAQ ]"></A>
|
|
<A HREF="../lg_tips50.html"
|
|
><IMG SRC="../../gx/fwd.gif" ALT="[ Next Section ]"></A>
|
|
<!-- end lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
</BODY></HTML>
|
|
<!--endcut ========================================================= -->
|