Re: How secure am I?
"Patrick Kirk" <patrick@kirks.net> writes:
> 1. Running woody so is there a Woody specific line to add to sources'list
> for security updates?
If I understand it correctly
Potato will get timely security updates if you use
deb http://security.debian.org stable/updates main contrib non-free
Sid (unstable) will always get timely security updates, because every
package, including security fixes, goes into sid immediately.
Woody (testing) will not get timely security updates, because new
packages in sid only get moved to woody after a shakeout period.
This may have changed recently, but I seem to recall that is how it used
to work.
> Port State Protocol Service
> 9 open tcp discard
This port just discards all data it receives. It is not a security risk,
other than giving out information that your system is on the net.
> 13 open tcp daytime
This port returns the time of day as a string, then closes the
port. Again, not a security risk.
> 21 open tcp ftp
You should remove ftpd or whatever package is providing ftp.
> 22 open tcp ssh
If you want to be able to ssh to your box, then this is ok. Otherwise,
reconfigure ssh not to run sshd: dpkg-reconfigure ssh.
> 25 open tcp smtp
If you want to receive mail on your box, you need this. Otherwise,
reconfigure your mail transport agent to not listen but only send. This
varies according to the package (sendmail, exim, postfix, etc.).
> 37 open tcp time
I believe that this is similar to daytime, but returns a 4-byte word
containing a time_t.
> 53 open tcp domain
Unless you need a DNS server, just remove the bind package (or whatever
package is providing dns).
> 79 open tcp finger
Remove the fingerd package.
> 80 open tcp http
Remove apache (or whatever is providing your web service)
> 111 open tcp sunrpc
I don't know what package opens up this port.
> 113 open tcp auth
Remove identd (or pidentd or bidentd). Note that you may want ident if
you do irc stuff.
> 139 open tcp netbios-ssn
Remvoe samba.
> 515 open tcp printer
Remove lpr, or lprng, or whatever contains the lpd that is listening on
that port.
> 901 open tcp unknown
> 1024 open tcp unknown
lsof -i | grep 901
lsof -i | grep 1024
Figure out what programs are opening those ports so you can decide your
course of action. I think that 901 may be swat (part of samba) and
definitely something you don't want exposed.
--
Dave Carrigan (dave@rudedog.org) | Yow! I pretend I'm living in a
UNIX-Apache-Perl-Linux-Firewalls-LDAP-C-DNS | styrofoam packing crate, high in
Seattle, WA, USA | th' SWISS ALPS, still unable to
http://www.rudedog.org/ | accept th' idea of TOUCH-TONE
| DIALING!!
Reply to: