Re: inetd questions
hi ya nate...
to find out what is using your applications...
# fuser -muv /proc
where foo (/proc) is something that shows as running in df etc...
# lsof :port
where :port is from netstat -nr
there shouldnt be anything running that you dont know about
to tighten your sever....
- comment out all entries in inetd.conf...
or xinet.d/* should have "disable=yes"
download and apply all patches for your distro
backup your system/server/binaries BEFORE you go live...
( so that you can easily compare your original binary
( against any suspected replaced/trojan'd binaries
install all kinds of ids and logging and detectors to occupy
the rest of your free time... :-)
http://www.Linux-Sec.net -- hardening howtoz ---
On Tue, 31 Jul 2001, Stewart James wrote:
> Simple rule for tightening a machine, if you don't know what it does,
> disable..as for all the things you mentioned, you will be able to disable
> them without a problem.
> The command lsof can help with finding out what process is accessing what
> ports. Also running ps -ef and looking at all the process' running on your
> machine, if you are unsure about a process find out what it does...do you
> really need it? If you look and see things you don't know a man "process
> name" ususally helps.
> Stewart James
> On Mon, 30 Jul 2001, Nate Bargmann wrote:
> > Date: Mon, 30 Jul 2001 22:20:13 -0500
> > From: Nate Bargmann <email@example.com>
> > To: firstname.lastname@example.org
> > Subject: inetd questions
> > Resent-Date: Tue, 31 Jul 2001 13:22:42 +1000 (EST)
> > Resent-From: email@example.com
> > Hi All.
> > Recently some members of my LUG were cracked on their dial-up machines.
> > With that in mind, I've taken it upon myself to tighten things up and
> > understand what the system is doing. A recuring mystery to me is some
> > of the services enabled/disabled in /etc/inetd.conf. In particular, how
> > critical are the internal services of echo, chargen, discard, daytime,
> > and time. Which of these are security risks and which are necessary for
> > a smooth running network?
> > Many texts say something like, "disable unneeded services in inetd.conf"
> > which is great advice, until one is unsure what is needed. Most of the
> > other services are self explanatory.
> > A second question. I have performed some nmap scans on my machines and
> > noted a couple ports listed as unkown services. How can I indetify
> > these mysteries either by cross referencing them to a PID or by some
> > other means.
> > Thanks,
> > - Nate >>
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com