[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How do I disable (close) ports?

On Tue, Dec 04, 2001 at 09:18:09PM +0100, J. Paul Bruns-Bielkowicz wrote:
> Hi,
> I disabled all but a few ports in /etc/services, but I have
> tcp        0      0 pa237.olsztyn.sdi.t:111

Well, you're not actually DIABLING anythingin /etc/services. That file is
just a list of known port-numbers. However, some services will be configured
to use the names instead of the port-numbers whendeciding which port to
use. As it can't find it in /etc/services, it can't start. But, it's the
wrong way to do it.

> when I netstat my machine. What exactly does this mean? I just want
> 25/tcp     open        smtp
> 37/tcp     open        time
> 66/tcp     open        sql*net
> 80/tcp     open        http
> 110/tcp    open        pop-3
> 443/tcp    open        https
> 3306/tcp   open        mysql
> open. How can I close ports 111 and 859? They are not enabled in
> /etc/services
> Thanks,
> J. Paul Bruns-Bielkowicz
> http://www.america.prv.pl

Look in /etc/inetd.conf. It's there that you have to close a bunch of
services. inetd is sort of a supoer-daemon that listens on a lot of ports
and starts a program that gets the connection after it's established.

Then, look in /etc/inittab. There, you will have a line that looks like this:


This line says what RUNLEVEL your machine will start in. If your machine
has a 2 there, go to /etc/rc2.d and list the catalog. The process "init",
which is the mother of ALL other processes, will use the symbolic links
there to say which services to start and which to stop in that runlevel.

Take note: Not everything *are* services, some things are programs that
should be run on boottime, and some are simply local daemons. syslog, for
example, you do not want to stop.

The symbolic links that start with an S will be run with a "start" argument,
those with a K will be run with a "stop" argument. Thus, to keep a services
from starting in that runlevel, remove the S-scriptfrom the catalog. You
only remove the symbolic link, the real script lays in /etc/init.d - thus
if you want to add it again, just reinstate the symbolic link. Just note
the way the files are made up. Another, less drastic way to remove services,
is to just mv the files, that is rename them. It's enough to change S to s
and K to k, then it will not be run.

But as I said, you should not just go ahead and remove things there without
knowing what they are. They could even be vital for the functionality of
the machine. So, just look at the scripts and try to understand what service
they start. And if they start no service, leave it there if unsure.

What I'm trying to say, is that some learning and understanding is definitely
needed here. Study the files I've mentioned, and if you learn it, you will
have learnt something extremely important.

- Vegard Engen, member of the first RFC1149 implementation team.

Reply to: