On Thu, Oct 19, 2000 at 12:01:50AM -0700, Aaron Brashears wrote: > I'm making some efforts to tighten up security on my home server. I've > been closing some services that I don't need, and after thinking I'd > cleared everything out, I did an nmap scan of the box. Everything was as > it should be except for sunrpc on port 111 and domain on port 53. I > couldn't find any packages with dpkg -l which contained any part of that > string. Plus, there is no whatis or man information. > > What are those services? What packages are they kept in? apt-get --purge remove bind (if you really are not using bind, --purge blows away config files!) as for portmap its in netbase which you cannot remove, so you can do several things: rm /etc/rcS.d/S41portmap chmod -x /etc/init.d/portmap (Permission denied error will be spewed to the console at bootup) edit /etc/init.d/portmap to add an exit 0 early on to prevent it from starting. dpkg-divert /sbin/portmap so the initscript will think its not really installed. there are more but you get the idea... fortunatly woody fixes this obnoxious defect and portmap is its own package which can be purged like any other. as for what they are, domain is DNS, and debian badly runs bind as root by default, bind has been responsible for many many root compromises in the past. don't run it unless you need to, and if you need to the only responsible way to run it (IMO) is in a chroot jail as a non-root uid. (such as named.named) portmap is used for RPC services, such as NFS, NIS, etc. if you don't need NFS or NIS you probably don't need portmap. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpl0s1ZsRN9C.pgp
Description: PGP signature