* twowitchesinthelight@btinternet.com wrote on Fri, Jun 29, 2001 at 18:44 +0000:
Another newbie question. I edited my inetd.conf and commented out ftp, telnet, shell, login, pop3, finger and swat and rebooted. Everything seems to work ok.
Reboot isn't really necessary. killall -HUP inetd oder rcinetd reload / rcinited restart would be enough.
nmap -sT -v my ip shows these 22 ssh 37 time
Do you use it? If not, disable.
111 sunrpc
Needed? If not, disable. If yes, block by firewall for "outside".
515 printer
Block for non-locals too
1024 kdm
Has a port? Block it by firewall...
6000 X11
block it by firewall, use SSH X-Forwarding (port 22) instead, this is automatic and more secure :)
nmap -sU my ip shows these 37 time 111 sunrpc 517 talk 518 ntalk
block if not needed.
Questions are these. First, is what I commented out ok?
As long as you have SSH you can always change it back if desired :)
secondly, is it safe to comment out talk, ntalk, and time in inetd.conf as well?
Usually yes. On productive servers I turn them off. There are chats which are more comfortable than talk :) I use xntpd for syncing time.
Secondly...how about ssh,sunrpc,printer and X11? Is it safe and where do I shut them down at?
printer is printer of course :) But if you will not print from or via that machine, turn lpd off (in rc.config, and rclpd stop). SSH is secure shell, I would let it active, but if you use that hosts only from local console you may turn it off, too. X11? Well, at least I would block it, but important machines shoudn't run X usually. X is nice for workstations. So it depends.
to make any mistakes configuring or to take an unsecured machine out on the net.
:) The just turn off as long as you can work (if you have console access). If sometime stops working, read about the just terminated think (man page and so on). oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.