27 Jan
2004
27 Jan
'04
7:39 p.m.
Hi Serge,
On Tue, 27 Jan 2004, Serge Marelli wrote:
OK, so I'm paranoid...
Are you paranoid enough?
I checked my own computer with nmap and got the
following result:
Interesting ports on $MYHOST ($MYIPADDRESS):
(The 1641 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
111/tcp open sunrpc
6000/tcp open X11
Nmap run completed -- 1 IP address (1 host up) scanned in 0.612 seconds
Rather classical...
Now some more details; I was running nmap in user
mode, not as root, I
know the result would be different, for the time being I'll work with
this, I'll check more later.
It isn't that different, unless you use special options.
About the results :
I'm a bit surprised that ssh is opened, I don't remember setting up any
sshd daemon, however, I remember Brent doing something on my machine
during the Linuxdays, so it's not entirely impossible, I will disable it
for the time being.
Just drop it from /etc/rc3.d/ or /etc/rc5.d/ (whatever your default
runlevel is -> grep default /etc/inittab)
I'm a bot more worried about the other two. I
don't see what I might be
doing with Sun's RPC and wish to disable this (any hint welcome).
RPC -> portmap
Since my Gentoo runs fine without this service, I guess you won't
need it, unless you need NFS or somesuch.
The same is true about X11; could anyone tell me why
X11 is opening a
port on my machine, I don't intend to have anyone connect via X11 to my
host.
Normally, X shouldn't allow connections from outside, unless you
explicitly authorize this via xhost + remote_host, or via xauth.
I expect I may have to toy with inetd and other
startup scripts in order
to disable the nasty services/daemons. I hope I won't screw up my
system too much or too fast.
There's a runlevel editor in SuSE, IIRC.
About ssh, is there a way how I can set up some
identification so that
only specific remote users or users from specific hosts may connect to
my system through ssh? Would "anyone" be able to connect (assuming s/he
knows a username & password on my system)?
Should be possible. You can certainly disable access through
/etc/host.allow or /etc/host.deny, in the sshd config you can
disable root login... there should also be other possibilities.
Greets & hth, Eric