Re: How secure am I?

To: "Patrick Kirk" <patrick@kirks.net>
Cc: "Debian User List" <debian-user@lists.debian.org>
Subject: Re: How secure am I?
From: Dave Carrigan <dave@rudedog.org>
Date: 03 Aug 2001 08:43:02 -0700
Message-id: <[🔎] 87r8utdu9l.fsf@cbgb.rudedog.org>
In-reply-to: <[🔎] 000901c11bfd$bb71ae70$0100a8c0@pod>
References: <[🔎] 000901c11bfd$bb71ae70$0100a8c0@pod>

"Patrick Kirk" <patrick@kirks.net> writes:

> 1. Running woody so is there a Woody specific line to add to sources'list
> for security updates?

If I understand it correctly

Potato will get timely security updates if you use

  deb http://security.debian.org stable/updates main contrib non-free

Sid (unstable) will always get timely security updates, because every
package, including security fixes, goes into sid immediately.

Woody (testing) will not get timely security updates, because new
packages in sid only get moved to woody after a shakeout period.

This may have changed recently, but I seem to recall that is how it used
to work.

> Port    State       Protocol  Service
> 9       open        tcp        discard

This port just discards all data it receives. It is not a security risk,
other than giving out information that your system is on the net.

> 13      open        tcp        daytime

This port returns the time of day as a string, then closes the
port. Again, not a security risk.

> 21      open        tcp        ftp

You should remove ftpd or whatever package is providing ftp.

> 22      open        tcp        ssh

If you want to be able to ssh to your box, then this is ok. Otherwise,
reconfigure ssh not to run sshd: dpkg-reconfigure ssh.

> 25      open        tcp        smtp

If you want to receive mail on your box, you need this. Otherwise,
reconfigure your mail transport agent to not listen but only send. This
varies according to the package (sendmail, exim, postfix, etc.).

> 37      open        tcp        time

I believe that this is similar to daytime, but returns a 4-byte word
containing a time_t.

> 53      open        tcp        domain

Unless you need a DNS server, just remove the bind package (or whatever
package is providing dns).

> 79      open        tcp        finger

Remove the fingerd package.

> 80      open        tcp        http

Remove apache (or whatever is providing your web service)

> 111     open        tcp        sunrpc

I don't know what package opens up this port.

> 113     open        tcp        auth

Remove identd (or pidentd or bidentd). Note that you may want ident if
you do irc stuff.

> 139     open        tcp        netbios-ssn

Remvoe samba.

> 515     open        tcp        printer

Remove lpr, or lprng, or whatever contains the lpd that is listening on
that port.

> 901     open        tcp        unknown
> 1024    open        tcp        unknown

lsof -i | grep 901
lsof -i | grep 1024

Figure out what programs are opening those ports so you can decide your
course of action. I think that 901 may be swat (part of samba) and
definitely something you don't want exposed.

-- 
Dave Carrigan (dave@rudedog.org)            | Yow! I pretend I'm living in a
UNIX-Apache-Perl-Linux-Firewalls-LDAP-C-DNS | styrofoam packing crate, high in
Seattle, WA, USA                            | th' SWISS ALPS, still unable to
http://www.rudedog.org/                     | accept th' idea of TOUCH-TONE
                                            | DIALING!!

Reply to:

Follow-Ups:
- Re: How secure am I?
  - From: "Patrick Kirk" <patrick@kirks.net>

References:
- How secure am I?
  - From: "Patrick Kirk" <patrick@kirks.net>

Prev by Date: Unidentified subject!
Next by Date: Re: mail headers
Previous by thread: Re: How secure am I?
Next by thread: Re: How secure am I?
Index(es):
- Date
- Thread