Re: securing the system, stopping unnecessary services and closing open ports.

To: debian-user@lists.debian.org
Subject: Re: securing the system, stopping unnecessary services and closing open ports.
From: Scott Ferguson <prettyfly.productions@gmail.com>
Date: Sun, 28 Aug 2011 13:12:58 +1000
Message-id: <[🔎] 4E59B23A.8010303@gmail.com>
In-reply-to: <[🔎] CACo--mvkBVFgTdrMzH1KBJ6mOd41gzmMVno_bP_6Jn0hLaxoWA@mail.gmail.com>
References: <[🔎] CACo--mvqoi4DRk66R8CGdfCJdzd0fM8ZTw+GuaYZpt14iyaQ2A@mail.gmail.com> <[🔎] CAMpSvvycO+1muqpUHpriqOfmQSXn64skrtO6Nw-WCGQ4aHmMhw@mail.gmail.com> <[🔎] CACo--mvkBVFgTdrMzH1KBJ6mOd41gzmMVno_bP_6Jn0hLaxoWA@mail.gmail.com>

On 28/08/11 11:39, yudi v wrote:

Just to clarify my post.
This is a new install and I was a bit careless while installing. It has
no data on it. I was more concerned with LUKS+LVM working at install. I
did not realize I selected to install SSH, I do not use Samba or NFS not
sure how those got installed.

With KDE by default you get libnfsidmap and nfs-common. Samba (server)is not installed by default - though something else may have pulled itin. One boxen that don't use them - I just remove and purge nfs andsamba (likewise ssh).

Again it might have been an oversight.

On my other system I have SSH setup with fail2ban, and only using pub
keys. I was going to setup same config on this system but got sidetracked.

I use postpaid mobile broadband and my IP is both the system address and
the gateway. There is no NAT with postpaid service, it's only available
with prepaid in Australia. Not sure why.

Not sure what you mean there.... I suspect you mean only postpaid allowa static IP address (for some accounts). I use both prepaid andpostpaids USB UMTS modems with different ISPs - they all use the same,weird, setup where the remote address is "defaulted to" (different dogs,same leg action) - perhaps that's the NAT you're referring to??


ie. Could not determine remote IP address: defaulting to 10.64.64.64[*1]

eg. ppp0 inet address and p-t-p are different, and the ip I use forremote access is different again (the one shown in http://myip.dk)

The only things I need are CUPS and SMTP for Zimbra.

I will disable the rest. I guess I have to use update.rc-d.


you could just remove them
eg:-
# apt-get --purge remove libnfsidmap2 nfs-common samba

if you don't use samba at all (cifs-utils samba samba-commonsamba-common-bin smbfs) then change "samba" to "samba*"

I'd suggest using -s instead of --purge first - just in case samba wasoriginally pulled in by another package which you want to keep.


There's lot of info here I haven't heard about before. I will go through
it and post back.

--
Kind regards,
Yudi

NOTE: just because a port is "open" doesn't necessarily mean it'saccepting connections.


Cheers

[*1] PRIVATE-ADDRESS-ABLK-RFC1918-IANA-RESERVED

--

"You ever noticed how people who believe in Creationism look reallyunevolved? You ever noticed that? Eyes real close together, eyebrowridges, big furry hands and feet. "I believe God created me in one day"Yeah, looks liked He rushed it."

— Bill Hicks

Reply to:

Follow-Ups:
- Re: securing the system, stopping unnecessary services and closing open ports.
  - From: yudi v <yudi.tux@gmail.com>
- Re: securing the system, stopping unnecessary services and closing open ports.
  - From: yudi v <yudi.tux@gmail.com>

References:
- securing the system, stopping unnecessary services and closing open ports.
  - From: yudi v <yudi.tux@gmail.com>
- Re: securing the system, stopping unnecessary services and closing open ports.
  - From: Aniruddha <mailingdotlist@gmail.com>
- Re: securing the system, stopping unnecessary services and closing open ports.
  - From: yudi v <yudi.tux@gmail.com>

Prev by Date: Error; Skreener stop installing
Next by Date: Re: Error; Skreener stop installing
Previous by thread: Re: securing the system, stopping unnecessary services and closing open ports.
Next by thread: Re: securing the system, stopping unnecessary services and closing open ports.
Index(es):
- Date
- Thread