Closing ports

  • The open ports are related to the processes, which start either at the system startup or through inetd
    To disable a port at the startup, use update-rc.d, for example 
    
/usr/sbin/update-rc.d -f portmap remove

    To disable a port in inetd, modify /etc/inetd.conf file, commenting out the services, for example: 
    
# shell           stream  tcp     nowait  root    /usr/sbin/tcpd  /usr/sbin/in.rshd
# login           stream  tcp     nowait  root    /usr/sbin/tcpd  /usr/sbin/in.rlogind
# exec            stream  tcp     nowait  root    /usr/sbin/tcpd  /usr/sbin/in.rexecd
    Then make inetd daemon to re-read the configuration file: 
    
killall -HUP inetd


  • Vulnerable services:
    telnet, rsh, rcp, rexec, ftp, portmap, nfs, mountd, ypbind, ypserv.
    Disable them if your computer is on the open Internet. But if you need them, install a firewall and implement the tcp_wrappers.

  • Relatively secure services:
    Services protected with SSL libraries for encrypted connection such as SSH, LDAP, Apache; Kerberos.
    Previous Pageprevious First Pagetop Next Pagenext