Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 10
- Pagina / 82
- Indice
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
3. Step 1: Which services do we really need?
In this section we will see which services are running on our freshly installed system, decide which we really
need, and do away with the rest. If you are not familiar with how servers and TCP connections work, you
may want to read the section on servers and ports in the Appendix first. If not familiar with the netstat utility,
you may want to read a quick overview of it beforehand. There is also a section in the Appendix on ports, and
corresponding services. You may want to look that over too.
Our goal is to turn off as many services as possible. If we can turn them all off, or at least off to outside
connections, so much the better. Some rules of thumb we will use to guide us:
It is perfectly possible to have a fully functional Internet connection with no servers running that are
accessible to outside connections. Not only possible, but desirable in many cases. The principle here
is that you will never be successfully broken into via a port that is not opened because no server is
listening on it. No server == no port open == not vulnerable. At least to outside connections.
•
If you don't recognize a particular service, chances are good you don't really need it. We will assume
that and so we'll turn it off. This may sound dangerous, but is a good rule of thumb to go by.
•
Some services are just not intended to be run over the Internet −− even if you decide it is something
you really do need. We'll flag these as dangerous, and address these in later sections, should you
decide you do really need them, and there is no good alternative.
•
3.1. System Audit
So what is really running on our system anyway? Let's not take anything for granted about what "should" be
running, or what we "think" is running.
Which services get installed and started will vary greatly depending on which version of Red Hat, and which
installation options were chosen. Earlier releases were very much prone to start many services and then let
the user figure out which ones were needed, and which ones weren't. Recent versions are much more
cautious. But this makes providing a ready made list of likely services impossible. Not to worry, as we
shouldn't trust what is supposed to be running anyway. What we need to do is list for ourselves all running
services.
Now open an xterm, and su to root. You'll need to widen the window wide so the lines do not wrap. Use this
command: netstat −tap |grep LISTEN. This will give us a list of all currently running servers as
indicated by the keyword LISTEN, along with the "PID" and "Program Name" that started each particular
service.
# netstat −tap |grep LISTEN
*:exec *:* LISTEN 988/inetd
*:login *:* LISTEN 988/inetd
*:shell *:* LISTEN 988/inetd
*:printer *:* LISTEN 988/inetd
*:time *:* LISTEN 988/inetd
*:x11 *:* LISTEN 1462/X
*:http *:* LISTEN 1078/httpd
bigcat:domain *:* LISTEN 956/named
bigcat:domain *:* LISTEN 956/named
*:ssh *:* LISTEN 972/sshd
*:auth *:* LISTEN 388/in.identd
3. Step 1: Which services do we really need? 7
- Hal Burgiss 1
- Table of Contents 2
- 1. Introduction 4
- 1.2. Notes 5
- 1.3. Copyright 5
- 1.4. Credits 6
- 1.5. Disclaimer 6
- 1.7. Feedback 7
- 2. Foreword 8
- 2.2. Before We Start 9
- 3.1. System Audit 10
- 3.3. Stopping Services 12
- 3.3.1. Stopping Init Services 13
- 3.3.2. Inetd 14
- 3.3.2. Inetd 12 15
- 3.3.3. Xinetd 16
- 3.3.4. When All Else Fails 17
- 3.4. Exceptions 18
- 4. Step 2: Updating 20
- 4. Step 2: Updating 18 21
- 5.1. Strategy 22
- 5.2.1. ipchains 23
- 5.2.1. ipchains 21 24
- 5.2.2. iptables 26
- 5.2.2. iptables 24 27
- 5.3. Tcpwrappers (libwrap) 29
- 5.3.1. xinetd 31
- 5.4. PortSentry 32
- 5.5. Proxies 32
- 5.6. Individual Applications 33
- 5.7. Verifying 35
- 5.8. Logging 36
- 5.9. Where to Start 37
- 6. Intrusion Detection 39
- # chattr +i /bin/ps 40
- −−−i−−−−−−−−−− /bin/ps 40
- # chattr −i /bin/ps 40
- 7. General Tips 43
- # must exist 44
- root: hal@bigcat 44
- 8. Appendix 46
- 8.2. Common Ports 48
- 8.3. Netstat Tutorial 51
- 8.4. Attacks and Threats 59
- 8.4.2. Rootkits 60
- 8.4.3. Worms and Zombies 60
- 8.4.4. Script Kiddies 61
- 8.4.5. Spoofed IPs 61
- 8.4.6. Targeted Attacks 61
- 8.4.8. Brute Force 62
- 8.5. Links 63
- 8.6. Editing Text Files 65
- 8.7. nmap 68
- 8.8. Sysctl Options 71
- 8.8. Sysctl Options 69 72
- 8.9. Secure Alternatives 73
- 8.9. Secure Alternatives 71 74
- 8.9. Secure Alternatives 72 75
- 8.9. Secure Alternatives 73 76
- 8.10.2. iptables II 77
- 8.10.2. iptables II 75 78
- 8.10.2. iptables II 76 79
- 8.10.2. iptables II 77 80
- 8.10.3. Summary 81
- 8.10.4. iptables mini−me 82
© 2020, manymanuals.it. Tutti i diritti riservati | 0.032 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commenti su questo manuale