Re: laptop protection in an office network
On Sat, August 29, 2015 3:56 pm, tomas@tuxteam.de wrote:
>> tcp 0 0 0.0.0.0:9999 0.0.0.0:* LIS 561/inetd
>
> As others noted: what's inetd doing on 9999? Do have a look at
> its config files (somewhere in /etc/inetd.conf).
As I noted previously, port 9999 is the approx server; there is a line for
it in /etc/inetd.conf:
#:OTHER: Other services
9999 stream tcp nowait approx /usr/sbin/approx /usr/sbin/approx
>> tcp 0 0 0.0.0.0:22 0.0.0.0:* LIS 568/sshd
>
> Common wisdom is to keep that (but to secure it properly, by disabling
> root logins and possibly passwrd logins). Perhaps you can ssh into your
> laptop should the UI become unresponsive for some reason (e.g. X botches
> the graphics card but you still have some running programs you'd want to
> finalize in an orderly mode).
On the desktop, I do use "screen" over ssh to access another desktop, but
I can do without ssh access to the laptop.
>> tcp 0 0 127.0.0.1:631 0.0.0.0:* LIS 1248/cupsd
>
> Are you using your laptop as a print server? If not, the cups-client
> package might be enough.
Then should I unistall the cups-daemon and cups-server-common packages?
>> tcp 0 0 127.0.0.1:5432 0.0.0.0:* LIS 675/postgres tcp
>> 0 0 127.0.0.1:25 0.0.0.0:* LIS 1063/exim4
>
> Database server, mail server. What are they doing? For postgres,
> you could configure it to just serve over an UNIX domain socket, if the
> only applications around connect locally. Your call. For exim4 (mail
> server)... depends on your mail setup.
I thought that I had left mail unconfigured, but perhaps not.
>> tcp 0 0 127.0.0.1:2628 0.0.0.0:* LIS 599/0
>
> Uh -- what is *this*? A process called "0"? Looks really strange
> to me.
2628 turns out to be the port for the dictionary server; I am using
localhost as the server.
>> udp 0 0 192.168.1.99:123 0.0.0.0:* 664/ntpd udp 0
>> 0 127.0.0.1:123 0.0.0.0:* 664/ntpd udp 0 0
>> 0.0.0.0:123 0.0.0.0:* 664/ntpd
>>
>
> Providing time services?
No. I simply was trying to make the laptop synchronize its clock whenever
it connects to the Internet. It appears that the package ntpdate is
adequate for a laptop, and that is the package I should have installed;
but I installed package ntp, which obviates the need for ntpdate.
> I'd disable/uninstall many of those. OTOH, you might need them in other
> settings, so firewalling them out might be the right choice (and a chance
> to learn iptables :-)
At this point, I think that I should make a fresh installation, keeping in
mind the comments which you and others have made.
RLH
Reply to: