Re: System security question
I don't like sunrpc hanging out at all exposed to the world. I get probed
regularly on it. Block it out with /etc/hosts.deny the following way:
PORTMAP : ALL
I usually install ipchains on my box and then block out the ports I don't want
exposed with:
ipchains -F #remove all the rules, the default is alot of things that allow you
to still operate the box from afar
ipchains -A input -p TCP -s 0.0.0.0/0 -d 0.0.0.0/0 $portnumber -j REJECT
#portnumber for sunrpc is 111, printer is 515. Use nmap to see what ports are
open.
Unfortunately, most security is just knowing what stuff does, so there's no
substitute for being a good sysad. Look around. I usually check something I
don't know what it is with a web search for "exploit linux processname" to see
what's been reported on it.
Martin Bishop wrote:
> Hi,
>
> Netstat shows the following services on my home machine:
>
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address State
> tcp 0 0 *:printer *:* LISTEN
> tcp 0 0 *:dict *:* LISTEN
> tcp 0 0 *:sunrpc *:* LISTEN
> tcp 0 0 *:auth *:* LISTEN
> tcp 0 0 *:smtp *:* LISTEN
--
Organizing Linux users is like herding cats,
only harder.
Reply to: