Re: Need help blocking all ports except a few
On Thu, Dec 25, 2003 at 04:17:09PM +0100, Sommarnatt wrote:
>
> I checked my ports with netstat -tulp but how do I stop those services?
> In inetd.conf there's only smtp and identd externally. I commented out smtp (it
> didnt relay anyway but it's not needed).
>
> This is my output from netstat -tulp:
> Proto Recv-Q Send-Q Local Address Foreign Address State
> PID/Program name
> tcp 0 0 *:ssh *:* LISTEN
> 200/sshd
> tcp 0 0 *:printer *:* LISTEN
> 191/lpd
> tcp 0 0 *:auth *:* LISTEN
> 187/inetd
> tcp 0 0 *:smtp *:* LISTEN
> 187/inetd
> tcp 0 0 *:time *:* LISTEN
> 187/inetd
> tcp 0 0 *:daytime *:* LISTEN
> 187/inetd
> tcp 0 0 *:discard *:* LISTEN
> 187/inetd
> tcp 0 0 *:1024 *:* LISTEN
> 179/rpc.statd
> tcp 0 0 *:111 *:* LISTEN
> 111/portmap
> udp 0 0 *:discard *:*
> 187/inetd
> udp 0 0 *:1024 *:*
> 179/rpc.statd
> udp 0 0 *:moira_ureg *:*
> 179/rpc.statd
> udp 0 0 *:111 *:*
> 111/portmap
> udp 0 0 *:bootpc *:*
> 107/dhclient-2.2.x
This looks fairly clean to me (but please someone correct me, I was
caught out recently!).
You can stop inetd altogether, and lpd, portmap and dhclient - in fact
most of these things by experimentally removing links from /etc/rc2.d/
and possibly also from /etc/rcS.d/
I'm going to suggest that you look up the debian reference
(http://www.debian.org/doc/manuals/reference/index.html) to find out
about the debian startup sequence, to save me giving you a second rate
explanation here ;-) but just to say that the links are to scripts in
/etc/init.d/ and that the links in /etc/rcS.d are run first, then
rc2.d (unless /etc/inittab specifies another default runlevel).
Just remove the links, or rename them with a small "s" at the beginning
instead of a big one (this is a bit dodgy but it means you can move
them back easily without changing the number).
Alternatively you can uninstall packages that supply the services you
would like to stop.
Patrick
Reply to: