Re: inetd questions

To: Stewart James <stewart.james@vu.edu.au>
Cc: Nate Bargmann <n0nb@networksplus.net>, debian-security@lists.debian.org
Subject: Re: inetd questions
From: Alvin Oga <aoga@Maggie.Linux-Consulting.com>
Date: Mon, 30 Jul 2001 20:38:43 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1010730203010.6070A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] Pine.LNX.4.33.0107311326520.7516-100000@cerberus.its.vu.edu.au>

hi ya nate...

to find out what is using your applications...
	# fuser -muv  /proc
	where foo (/proc) is something that shows as running in df etc...

	# lsof  :port
	where :port is from netstat -nr

	there shouldnt be anything running that you dont know about

to tighten your sever....
	- comment out all entries in inetd.conf...
	or xinet.d/* should have "disable=yes"

more importantly...
	download and apply all patches for your distro

	http://www.Linux-Sec.net/Patches

backup your system/server/binaries BEFORE you go live...
( so that you can easily compare your original binary
( against any suspected replaced/trojan'd binaries

install all kinds of ids and logging and detectors to occupy
the rest of your free time... :-)

have fun
alvin
http://www.Linux-Sec.net -- hardening howtoz ---

On Tue, 31 Jul 2001, Stewart James wrote:

> 
> Simple rule for tightening a machine, if you don't know what it does,
> disable..as for all the things you mentioned, you will be able to disable
> them without a problem.
> 
> The command lsof can help with finding out what process is accessing what
> ports. Also running ps -ef and looking at all the process' running on your
> machine, if you are unsure about a process find out what it does...do you
> really need it?  If you look and see things you don't know a man "process
> name" ususally helps.
> 
> Cheers,
> 
> Stewart James
> 
> On Mon, 30 Jul 2001, Nate Bargmann wrote:
> 
> > Date: Mon, 30 Jul 2001 22:20:13 -0500
> > From: Nate Bargmann <n0nb@networksplus.net>
> > To: debian-security@lists.debian.org
> > Subject: inetd questions
> > Resent-Date: Tue, 31 Jul 2001 13:22:42 +1000 (EST)
> > Resent-From: debian-security@lists.debian.org
> >
> > Hi All.
> >
> > Recently some members of my LUG were cracked on their dial-up machines.
> > With that in mind, I've taken it upon myself to tighten things up and
> > understand what the system is doing.  A recuring mystery to me is some
> > of the services enabled/disabled in /etc/inetd.conf.  In particular, how
> > critical are the internal services of echo, chargen, discard, daytime,
> > and time.  Which of these are security risks and which are necessary for
> > a smooth running network?
> >
> > Many texts say something like, "disable unneeded services in inetd.conf"
> > which is great advice, until one is unsure what is needed.  Most of the
> > other services are self explanatory.
> >
> > A second question.  I have performed some nmap scans on my machines and
> > noted a couple ports listed as unkown services.  How can I indetify
> > these mysteries either by cross referencing them to a PID or by some
> > other means.
> >
> > Thanks,
> >
> > - Nate >>
> >
> >
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

References:
- Re: inetd questions
  - From: Stewart James <stewart.james@vu.edu.au>

Prev by Date: Re: inetd questions
Next by Date: Re: inetd questions
Previous by thread: Re: inetd questions
Next by thread: Re: inetd questions
Index(es):
- Date
- Thread