hello all how do I make them more secure this is a results from nmap Port State Service 22/tcp open ssh 37/tcp open time 110/tcp open pop-3 111/tcp open sunrpc 513/tcp open login 514/tcp open shell 515/tcp open printer 901/tcp open samba-swat 1024/tcp open kdm 6000/tcp open X11 ===== ,. \\|// - ? (o o) /======================oOOO=(_)OOo=====================\ email : ephlodur@rocketmail.com What we need is Awarness we can't get carlless. __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/
Quoting MindBender
hello all how do I make them more secure this is a results from nmap Port State Service 22/tcp open ssh
This is generally safe to run. To not start on boot, in /etc/rc.config set, START_SSHD="no"
37/tcp open time
In /etc/inetd.conf, add a # before the lines that start with "time 37/".
110/tcp open pop-3
Uninstall any POP server.
111/tcp open sunrpc
in /etc/rc.config set, START_PORTMAP="no"
513/tcp open login 514/tcp open shell
Same as above.
515/tcp open printer
Uninstall any printer server, LPRold, LPRng, CUPS, etc.
901/tcp open samba-swat
Uninstall SWAT.
1024/tcp open kdm
Uninstall KDE
6000/tcp open X11
Don't run X11. Alternatively, start with "startx -- -nolisten tcp" A better solution is to use SUSEfirewall and have it reject connect requests from the Internet on all but SSH. HTH, Jeffrey -- I don't do Windows and I don't come to work before nine. -- Johnny Paycheck
On Tue, Apr 10, 2001 at 10:36:04PM -0500, Jeffrey Taylor wrote:
Quoting MindBender
: Port State Service 22/tcp open ssh
This is generally safe to run. To not start on boot, in /etc/rc.config set, START_SSHD="no"
Yes and no. It's probably safe from eavesdropping, but vulnerabilities are sporadically uncovered. If you don't need it, disable it. In general, if you don't need it, don't run it.
1024/tcp open kdm
Uninstall KDE
Actually, I asked about this a month or so ago and someone mentioned how to disable this. I disabled it with no ill effects AFAIK. (Then I upgraded, and stopped worrying about it.)
6000/tcp open X11
Don't run X11. Alternatively, start with "startx -- -nolisten tcp"
Better yet, look at the suse-security faq (google it) and you will
find out how to configure X never to listen on 6000.
Corvin
--
Corvin Russell
I should be clearer. Disable all programs using these ports and you
will have a safer and largely unusable system (no printer, no X
WIndows, possibly no e-mail, etc.). Setup the firewall and then
educate yourself about the programs that use them. POP is Post Office
Protocol, a server for incoming e-mail. sunrpc, login, and shell
should be disabled. These are for NFS and remote login and command
execution. They are full of security holes. SSH is a good substitute
for the latter 2. There is no secure shared file system yet widely
available. If you must use one, have a good, tested firewall. This
really the solution, use a firewall. RTFM, configure it tight, and
test it. You have a good start, a way to run nmap against your system
from the Internet side.
Jeffrey
Quoting IEEE alias
Quoting MindBender
: hello all how do I make them more secure this is a results from nmap Port State Service 22/tcp open ssh
This is generally safe to run. To not start on boot, in /etc/rc.config set, START_SSHD="no"
37/tcp open time
In /etc/inetd.conf, add a # before the lines that start with "time 37/".
110/tcp open pop-3
Uninstall any POP server.
111/tcp open sunrpc
in /etc/rc.config set, START_PORTMAP="no"
513/tcp open login 514/tcp open shell
Same as above.
515/tcp open printer
Uninstall any printer server, LPRold, LPRng, CUPS, etc.
901/tcp open samba-swat
Uninstall SWAT.
1024/tcp open kdm
Uninstall KDE
6000/tcp open X11
Don't run X11. Alternatively, start with "startx -- -nolisten tcp"
A better solution is to use SUSEfirewall and have it reject connect requests from the Internet on all but SSH.
HTH, Jeffrey
-- I don't do Windows and I don't come to work before nine. -- Johnny Paycheck
participants (3)
-
Corvin Russell
-
Jeffrey Taylor
-
MindBender