At 09:39 AM 22/05/2001, you wrote:
Hello,
I am reviewing the security on my home desktop and have a question which I hope is simple to answer. I should say that I am on a 56k dial up PPP connection and offer no services to anyone. I am the only user and root. Simple. In fact, I think my security measures are probably over-the-top, but still it sems like good practice and makes interesting learning.
I have hardened the system using Marc's hardening script and have set up Firewall2. Now, when I scan my ports with nmap, I have 'canna', 'smtp' and 'squid' showing open. Canna is my Japanese language server and I have squid running to cache pages for web browsing. I also opened up the smtp/sendmail service so I can use fetchmail to fetch my mail.
My questions are:
1. Can I close the canna port and still use canna?
You should be able to bind it to localhost or some such thing
I see no reason why it should be sitting open to external connections when I am the only person that needs to use it. How do I close it?
Unfortunately I have no idea as I have not used cana.
2. Is it necessary for squid to be sitting open, when I do not serve any web pages. Can I close the port and still have squid cache pages for my browsing?
No.. It is not. http://squid.visolve.com/squid24s1/network.htm#http_port Chance: http_port 3128 to: http_port 127.0.0.1:3128 Then make sure you have your proxy set to 127.0.0.1:3128 :-) You may also want to set udp_incoming_address 127.0.0.1 or disable it completely.
3. I fetch mail with fetchmail which requires sendmail to send the mail to my account. Must I have sendmail running as a daemon or can I invoke sendmail when fetchmail needs it. If I shut down sendmail/smtp, I can sendmail, with sendmail -q but fetchmail fails. Basically, how do I close the smtp port but still use fetchmail?
Sendmail will still send local mail without listening on a network socket. I'm not exactly sure what you are trying to do with fetchmail, but you can change in /etc/rc.config.d/sendmail.rc.config: SENDMAIL_ARGS="-bd -q10m -om" to SENDMAIL_ARGS="-q10m -om"
I'd be grateful for any help. And if I appear to be barking up the wrong tree, then please do let me know! :-)
Hope this helps you Viel Spaß Nix - nix@susesecurity.com http://www.susesecurity.com