Open Ports

[trickster]

When I do an Nmapfe (from X) I get the following results :



Starting nmap V. 2.54BETA33 ( www.insecure.org/nmap/ )
Interesting ports on localhost (127.0.0.1):
(The 1542 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
37/tcp open time
79/tcp open finger
80/tcp open http
111/tcp open sunrpc
113/tcp open auth
515/tcp open printer
587/tcp open submission
6000/tcp open X11
6008/tcp open X11:8

Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds

I know some of these ports should be closed, or the service stopped. Which should I stop? and how should I go about to do that?
Thnaks.

[Ashcrow]

Stop the following if you can ....

ftp
smtp
finger (!!!)
sunrpc (!!!)
submission (?)

It depends on distro. Usually you can find a nice chunk of them in inetd.conf.

[trickster]

I'll try it when I get home today. Thanks.
I found this on Google. regarding port 587:

"It's the default port for Message Submission protocol, RFC 2476.
Like as not, it's your mail daemon that has the port open. If you
are using Sendmail 8.10.x, you have to explicitly disable it if
you don't want it (FEATURE(`no_default_msa')). "

Actually In redhat 7.x its xinetd.conf. Or you could use a firewall to block those ports.

[Feztaa]

Which should I stop?

You should disable every single one of them, unless you know for sure that you want to be running it (if you're not sure about a service, you don't need it).

and how should I go about to do that?

There are various ways, depends on the service. I'd start by getting a distro that doesn't enable all that crap in the first place, but that's just me. Whatever distro you are using probably has some kind of GUI tool to disable them all, try using that. Then look into setting up a firewall.

[trickster]

I'm using Slackware. I don't think it has a GUI for these services. I don't think it has a GUI for a lot of thinks, really.
Problem with getting a distro that is tone down on all the services is that it will probably be a minimalistic distro. The problem with this is that I am not comfortable enough with Linux yet as to know how to install all the stuff I may/may not need.

[cloverm]

Just use Webmin. It makes it very-very simple to start/stop/enable/disable any service from you web browser.

[gmoreno]

It's pretty easy if you don't have a gui tool..
As root open up /etc/initd.conf and comment in (place a #) the ports you want to close. *Some might not close completely what you need to do is to make sure that app that activates that port just dosen't start. *You might have to get into you /etc/init.d to do that.

[trickster]

I downloaded Webmin but I haven't installed it yet. I rem'd out everything on the inetd.conf file, except the time. This is the output I get with nmap now:
Port State Service Owner
22/tcp open ssh
37/tcp open time
80/tcp open http
111/tcp open sunrpc
515/tcp open printer
1024/tcp open kdm
3457/tcp open vat-control
6000/tcp open X11
I don't know how to close the sunrpc service... Is there anything else I should stop?

[trickster]

ok, I found how to. it is on /etc/rc.d/inetd2.config (I think that is what it was called. However, I went crazy editing all these files and I couldn't connect to the net afterwards. ???
Time for a reinstall...