Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Scaricare il pdf (Pagina 11)

*:telnet *:* LISTEN 988/inetd

*:finger *:* LISTEN 988/inetd

*:sunrpc *:* LISTEN 1290/portmap

*:ftp *:* LISTEN 988/inetd

*:smtp *:* LISTEN 1738/sendmail: accepting connections

*:1694 *:* LISTEN 1319/rpc.mountd

*:netbios−ssn *:* LISTEN 422/smbd

Red Hat 7.x and Mandrake 8.x and later users will have xinetd in place of inetd. Note the first three

columns are cropped above for readability. If your list is as long as the example, you have some work ahead

of you! It is highly unlikely that you really need anywhere near this number of servers running.

Please be aware that the example above is just one of many, many possible system configurations. Yours

probably does look very different.

You don't understand what any of this is telling you? Hopefully then, you've read the netstat tutorial in the

Appendix, and understand how it works. Understanding exactly what each server is in the above example,

and what it does, is beyond the scope of this document. You will have to check your system's documentation

(e.g. Installation Guide, man pages, etc) if that service is important to you. For example, does "exec", "login",

and "shell" sound important? Yes, but these are not what they may sound like. They are actually rexec,

rlogin, and rsh, the "r" (for remote) commands. These are antiquated, unnecessary, and in fact, are very

dangerous if exposed to the Internet.

Let's make a few quick assumptions about what is necessary and unnecessary, and therefore what goes and

what stays on bigcat. Since we are running a desktop on bigcat, X11 of course needs to stay. If bigcat were a

dedicated server of some kind, then X11 would be unnecessary. If there is a printer physically attached, the

printer (lp) daemon should stay. Otherwise, it goes. Print servers may sound harmless, but are potential

targets too since they can hold ports open. If we plan on logging in to bigcat from other hosts, sshd (Secure

SHell Daemon) would be necessary. If we have Microsoft hosts on our LAN, we probably want Samba, so

smbd should stay. Otherwise, it is completely unnecessary. Everything else in this example is optional and

not required for a normally functioning system, and should probably go. See anything that you don't

recognize? Not sure about? It goes!

To sum up: since bigcat is a desktop with a printer attached, we will need "x11", "printer". bigcat is on a LAN

with MS hosts, and shares files and printing with them, so "netbios−ssn" (smbd) is desired. We will also need

"ssh" so we can login from other machines. Everything else is unnecessary for this particular case.

Nervous about this? If you want, you can make notes of any changes you make or save the list of servers you

got from netstat, with this command: netstat −tap |grep LISTEN > ~/services.lst. That

will save it your home directory with the name of "services.lst" for future reference.

This is to not say that the ones we have decided to keep are inherently safe. Just that we probably need these.

So we will have to deal with these via firewalling or other means (addressed below).

It is worth noting that the telnet and ftp daemons in the above example are servers, aka "listeners". These

accept incoming connections to you. You do not need, or want, these just to use ftp or telnet clients. For

instance, you can download files from an FTP site with just an ftp client. Running an ftp server on your end

is not required at all, and has serious security implications.

Security Quick−Start HOWTO for Red Hat Linux

3. Step 1: Which services do we really need? 8

1 2 ... 6 7 8 9 10 11 12 13 14 15 16 ... 81 82

Nessun commento

Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 11