[wplug] Security

[mdanish at andrew.cmu.edu]

On Wed, Nov 14, 2001 at 04:45:53PM -0500, Michael P. O'Connor wrote:
> I have a question on open ports for linux, I just did a nmap scan of my
> computer and the open ports are as follows 22/tcp (ssh) 515/tcp
> (printer) 6000/tcp (X11) what security holes exist on these ports and
> how do I block these ports with ipchains (I do realy want to block ssh's
> port, just the printer and the X11 port, since I don't think I need to
> accept anything incomeing on those)

For X, you can add '-nolisten tcp' to one of the following files, depending
on whether you use kdm, gdm, xdm, or xinit (startx):

kdm: /etc/kde2/kdm/Xservers (last line or so)
gdm: /etc/X11/gdm/gdm.conf (near the end, you'll see a command= line)
xdm: /etc/X11/xdm/Xservers (or something similar, can't remember)
xinit: /etc/X11/xinit/xserverrc (the one exec line)

File locations may vary per distribution but filenames should be about the 
same.

You can use ipchains (though it is better to disable the offending service
instead) to block a port like so:

/sbin/ipchains -A input -p tcp --dport <port> -s ! 127.0.0.1 -j REJECT

That should block all non-localhost access to the port.  Note that attempts
to access your-ip:port even from your computer will be rejected as well.
Only 127.0.0.1:port is left open.

And as T. Quine suggested, you should make sure your software is up to date.

-- 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Matthew Danish                         email: mdanish at andrew.cmu.edu ;;
;; OpenPGP public key available from:        'finger mrd at db.debian.org' ;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;