(?) The Answer Gang (!)

By James T. Dennis, tag@lists.linuxgazette.net
LinuxCare, http://www.linuxcare.com/

(?) Linux security questions - Answer Gang

From Joseph Wilkicki on Wed, 13 Sep 2000

Answered by: Heather Stern


I have a question for the Linux Gazette Answer gang, but didn't see an address for submission, so I'll direct it to you.

I'm trying to harden my machine and to that end, I ran Bastille-Linux on my machine when installed, added ssh, and disabled as many services as I can.

When I ran saint and nmap, however I saw I have a few ports open which I don't recognize. They are

(!) sounds like a verb, not the name of a service

(?) miroconnect,

(!) A brief Google! search implies this may be something to do with a sound card.

(?) and an unknown service running on port 1024.

(!) 1024 is in the user-available range ... it is probably the second connection of some other protocol you have running. Try running
netstat -a
on the system's console to see what connections are currently up, and look at what is connecting to it.

(?) Saint didn't seem to think they were a problem, but I didn't explicitly turn them on, so I'm concerned they are a risk.

What are these services, and should I (and how do I) turn them off?

(!) This can't be readily determined until you know what they are; once you do, you can look for the offending service(s) in either your inetd.conf or among your init scripts. lsof (list open files) might also be useful for determining the culprits.

(?) Also, can I secure lpd? I need to print to a local printer, but I don't need to print to network printers.

(!) It's possible albeit unusual to run lpd from inetd - in there, you could protect it with tcpwrappers.

(?) Thanks!
Joseph Wilkicki

(!) You're welcome!

Copyright © 2000, James T. Dennis
Published in the Linux Gazette Issue 58 October 2000
HTML transformation by Heather Stern of Tuxtops, Inc., http://www.tuxtops.com/

[ Answer Guy Current Index ] greetings   1   2   3   4   5   6   7 [ Index of Past Answers ]