Re: A question of Security

Mario Rafael (mrafael@arrakis.es)
Sat, 18 Dec 1999 01:59:42 +0100


Hi Jose Luis :)

>I looked at /etc/services and.. oh, my God! Witch services can I turn off?
>I just want www, pop-3 and sendmail services, but I am afraid of turning
>off some services and compromise something I do not know...
/etc/services is just a file that maps names like pop-3 to a port (110) and
a transport protocol (tcp), that dosent mean that every line that appears
in /etc/services is an open port on you machine. ;). I suggest you to look
at /etc/inetd.conf for services that rely on the inetd "internet super -
server", and for the rest of daemons first look if there exists an System V
init script (/etc/rc.d/init.d) like in linuxconf :). And then deactivate
the service in the proper runlevel directory (/etc/rc.d/rc3.d) substituting
the Sxxlinuxconf (S equals Spawn in the current runlevel directory) by an
Kxxlinuxconf (K equals Kill). RedHat has a utility that will help you in
this. "ntsysv"

>Do you have some sites or white papers talking specifically about that?
Take a look at www.technotronic.com and packetstorm.securify.com.

>By the way, are all (important) logs in /var/log ?
Messages IMHO is one of the most important log files but that really
depends on how you configure your syslog daemon to log messages. Another
interesting file you should check out is xferlog and secure. But again..
this files rely on program configutation.

Mario.

e-Mail : mrafael@arrakis.es
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu