Dakota Posted June 15, 2005 Report Share Posted June 15, 2005 (edited) While trying to disable services during startup I noticed there is no inetd.conf or xinetd.conf. Where are these files or are we using a different configuration file for inetd? Dakota Edited June 15, 2005 by Dakota Quote Link to comment Share on other sites More sharing options...
aioshin Posted June 15, 2005 Report Share Posted June 15, 2005 (edited) In my box, there's no xinetd.conf , but there is a folder /etc/xinetd.d/ and those services that has been controlled by xinetd can be found under that folder, there, you can edit that particular file, like for example in my box fam is enable and the /etc/xinetd.d/fam file looks like # default: on # description: FAM is a file monitoring daemon. It can # be used to get reports when files change. service sgi_fam { disable = no type = RPC UNLISTED rpc_version = 2 rpc_number = 391002 socket_type = stream protocol = tcp wait = yes user = root group = nogroup server = /usr/sbin/famd bind = 127.0.0.1 flags = NOLIBWRAP } to disalbe it here, just set disable = yes Edited June 15, 2005 by aioshin Quote Link to comment Share on other sites More sharing options...
Dakota Posted June 15, 2005 Author Report Share Posted June 15, 2005 Well, really need to disable some services. I would like to close every port that was detected by nmap as long as its not needed. Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-06-14 23:02 EDT Initiating SYN Stealth Scan against localhost (127.0.0.1) [65535 ports] at 23:02 Discovered open port 25/tcp on 127.0.0.1 Discovered open port 887/tcp on 127.0.0.1 Discovered open port 10026/tcp on 127.0.0.1 Discovered open port 1025/tcp on 127.0.0.1 Discovered open port 631/tcp on 127.0.0.1 Discovered open port 5335/tcp on 127.0.0.1 Discovered open port 6000/tcp on 127.0.0.1 Discovered open port 111/tcp on 127.0.0.1 Discovered open port 1024/tcp on 127.0.0.1 The SYN Stealth Scan took 11.59s to scan 65535 total ports. Initiating UDP Scan against localhost (127.0.0.1) [65535 ports] at 23:02 Discovered open port 62118/udp on 127.0.0.1 The UDP Scan took 14.70s to scan 65535 total ports. For OSScan assuming port 25 is open, 1 is closed, and neither are firewalled Host localhost (127.0.0.1) appears to be up ... good. Interesting ports on localhost (127.0.0.1): (The 131054 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 25/tcp open smtp 68/udp open|filtered dhcpclient 111/tcp open rpcbind 111/udp open|filtered rpcbind 631/tcp open ipp 631/udp open|filtered unknown 881/udp open|filtered unknown 884/udp open|filtered unknown 887/tcp open unknown 1024/tcp open kdm 1025/tcp open NFS-or-IIS 5335/tcp open unknown 5353/udp open|filtered unknown 6000/tcp open X11 10026/tcp open unknown 62118/udp open unknown Device type: general purpose Running: Linux 2.4.X|2.5.X|2.6.X OS details: Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux 2.4.19 rc1-rc7) OS Fingerprint: TSeq(Class=RI%gcd=1%SI=40887A%IPID=Z%TS=1000HZ) T1(Resp=Y%DF=Y%W=7FFF%ACK=S++%Flags=AS%Ops=MNNTNW) T2(Resp=N) T3(Resp=Y%DF=Y%W=7FFF%ACK=S++%Flags=AS%Ops=MNNTNW) T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Uptime 0.080 days (since Tue Jun 14 21:07:25 2005) TCP Sequence Prediction: Class=random positive increments Difficulty=4229242 (Good luck!) In later Linux releases I would use inetd.config or xinetd.config How do I go about disabling these services on Mandriva 2005LE? Quote Link to comment Share on other sites More sharing options...
aioshin Posted June 15, 2005 Report Share Posted June 15, 2005 if you are running x, try to open MCC - Systems - services, here you can uncheck those services u dont need to run and stop it. If you prefered CLI, use the chkconfig utility... #chkconfig --list listdown running services on different init level...just man chkconfig for more commands available or just type #chkconfig ..it will show you the usage Quote Link to comment Share on other sites More sharing options...
Dakota Posted June 15, 2005 Author Report Share Posted June 15, 2005 if you are running x, try to open MCC - Systems - services, here you can uncheck those services u dont need to run and stop it. If you prefered CLI, use the chkconfig utility... #chkconfig --list listdown running services on different init level...just man chkconfig for more commands available or just type #chkconfig ..it will show you the usage <{POST_SNAPBACK}> Thanks, I was not aware of the services tab in MCC. I used that and chkconfig to close many services I do not need, However the ports below still need to be closed. (The 131063 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 68/udp open|filtered dhcpclient 1024/tcp open kdm 1025/tcp open NFS-or-IIS 5335/tcp open unknown 5353/udp open|filtered unknown 6000/tcp open X11 38529/udp open unknown Device type: general purpose Running: Linux 2.4.X|2.5.X|2.6.X OS details: Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux 2.4.19 rc1-rc7), Linux 2.6.3 - 2.6.8 Is there anywhere else I should look at trying to close these ports? Quote Link to comment Share on other sites More sharing options...
aioshin Posted June 15, 2005 Report Share Posted June 15, 2005 try to #netstat -lp | grep tcp -it will list the ports and services listening on it, but if you have a firewall or netfilter running on that box, you wouldnt have to worry...... atleast, the hacker would find your OS hard to guess, though you are running linux, but he wont be able to find what distro you are using... I guess you're running mandrake and nmap guess it as gentoo.. :P Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted June 15, 2005 Report Share Posted June 15, 2005 You'd be better enabling the Shorewall firewall, within MCC and Security. By default, if no boxes are checked, then nothing will be allowed incoming to the machine, meaning it will be blocked, and all the ports you've listed above will be safe. Removing some of the ports you've listed could cause you problems, such as not being able to get a DHCP IP address, and therefore, having to set a static one. Minor, but an issue nonetheless. With regards to disabling the others, I've no idea what effect it would have on your system, and whether it would be good or bad. Best to leave, and use the firewall :P Quote Link to comment Share on other sites More sharing options...
Dakota Posted June 15, 2005 Author Report Share Posted June 15, 2005 Being behind a NAT router with SPI and running Shorewall one would have to say it's pretty safe. Although I really dislike KDM and X11 listening to TCP. I have no idea which service is listening to the high UDP port, the port number changes quite often. Dakota Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.