Services (not) needed/secure?/ How to disable?
Hi, the following services are running on my machine: 111/tcp => portmap (user: bin) 111/udp => portmap (user: bin) 113/tcp => in.identd (user: nobody) 515/tcp => lpd (user: root+) 6000/tcp => X (user: root) Now my questions: Is any of them insecure? Are they required for the system or can I disable them? If X is not required, where have I to change sth that it will no longer listen on port 6000? Whats the general task of portmap and identd? thx Markus
On Thursday 10 April 2003 19:05, Markus wrote:
If X is not required,
That depends on what you are using the computer for.
where have I to change sth that it will no longer listen on port 6000?
You have to add "-nolisten tcp" at the end of the command that starts your X-server at /etc/X11/xdm/Xservers. My Xservers file looks like that, for example: :0 local /usr/X11R6/bin/X -nolisten tcp :0 vt07 If you use KDM as display manager, you have to change /etc/opt/kde3/share/config/kdm/Xservers in the same way. Arno
Markus wrote:
Hi,
the following services are running on my machine: 111/tcp => portmap (user: bin) 111/udp => portmap (user: bin)
If you're not using nfs or nis, then you should disable portmap. It is highly insecure. You can run `rpcinfo -p $hostname` against your system to see what additional services it is providing.
113/tcp => in.identd (user: nobody)
This is also not too secure and you should disable it. It is mainly used for irc servers to grab information about you, so if you don't go to irc then it's unnecessary. If you do frequent irc servers then I recommend you replace identd with fakeidentd (http://hangout.de/fakeidentd/). I have done this and it works pretty well.
515/tcp => lpd (user: root+)
Do you have the need to spool your print jobs locally or can you just send them off to your printer? For that matter, do you even have a printer? If you're not using it then disable it as it does have vulnerabilities every so often. Otherwise, if you need it then you could set it up so it listens only to localhost and not to external requests.
6000/tcp => X (user: root)
I believe someone already said something about appending "-nolisten tcp" to the Xserver startup. -- David M. Fetter - http://www.fetterconsulting.com/ "The world is full of power and energy and a person can go far by just skimming off a tiny bit of it." Neal Stephenson - Snow Crash
David M. Fetter wrote:
113/tcp => in.identd (user: nobody)
This is also not too secure and you should disable it. It is mainly used for irc servers to grab information about you, so if you don't go to irc then it's unnecessary.
Take care, some MTA's also take notice about your ident or at least check if you've some identd running. I noticed that some MTA's just ignore it, others hang around for a while (even if you don't block the port...) and others refused mail (which is imho braindead...) just my 2 ct ;) night, Sven
participants (4)
-
Arno Luppold -
David M. Fetter -
Markus -
Sven 'Darkman' Michels