[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: network ports



This is not a simple question.  There are several methods for handling
this sort of thing in Red Hat Linux.  One is the use of ipchains/iptables
rules to block the port from receiving any packets.  This will allow the
services to run, but will block external connections, or whatever
connections you choose (there is quite a bit of flexibility here).

Two is to use tcpwrappers for the services that it supports.  The
configuration files are /etc/hosts.allow and /etc/hosts.deny.  The syntax
is pretty straightforward, and will corral in any inetd/xinetd services
that are running.

Third is to disable or remove the services that are running, which will
close the port permanently.  Inetd services can be disabled in
/etc/inetd.conf by removing the line pertaining to their configuration;
xinetd services can be disabled by adding the line:

disable=yes

To their config file in /etc/xinetd.d.  You can also use the Red Hat
shortcut for this sort of thing, the chkconfig command:

chkconfig telnet off

Which will accomplish the same thing.  For non-xinetd services, chkconfig
is the way to go:

chkconfig httpd off

or chkconfig --level 345 httpd off

will disable the service (httpd in this case) on boot, while the command:

service httpd stop

or

/etc/rc.d/init.d/httpd stop

will stop it right now.  This is all accomplished in the /etc/rc.d
directories, and you can dig around a bit and see how things work in
there.  Alternatively, you can chuck all of our stuff and run your own
scripts to start and stop the various daemons.  The netstat command will
give you an idea of what is running (check /etc/services to find out what
the ports are, or add the -n option to see the port numbers) so that you
can look for it and disable it.


Fourth, some services (sendmail, for example) have their own configuration
options which allow for blocking of various incoming connections.
Sendmail was configured this way by default in Red Hat Linux 7.1; you must
alter the sendmail configuration file to accept incoming external SMTP
mail.  Examine the services you wish to run and see if you want to control
things there, or with ipchains/iptables (or both, for the paranoid).  The
general rule of thumb is that if you don't need it, don't install it --
that way, you'll never have to worry about it.

Matt


On Mon, 2 Jul 2001 JackBalauag aceraip com ph wrote:

>
>
> hi thanks tman,  but how can i dissable some the open or listening
> ports...to prevent from
> entering these ports...
>
> jack
>
>
>
>
>
> TMAN <tman76in yahoo com> on 06/27/2001 08:20:57 PM
>
> Please respond to redhat-install-list redhat com
>
>
>
>
>
>
>
>
>  To:      redhat-install-list redhat com
>
>
>  cc:      (bcc: Jack Balauag/AIP/ACER)
>
>
>
>
>  Subject: Re: network ports
>
>
>
>
>
>
>
>
>
> Hi ,
>
> use netstat -an |grep LISTEN to see the ports.
>
> Bye
> TMAN
>
>
> --- JackBalauag aceraip com ph wrote:
> >
> >
> > hi!  does anyone have any idea how to dissable ports
> > for security safety.
> > how can i view all the open ports for the default
> > setup.
> >
> > thanks,
> > jack
> >
> >
> >
> >
> > _______________________________________________
> > Redhat-install-list mailing list
> > Redhat-install-list redhat com
> >
> https://listman.redhat.com/mailman/listinfo/redhat-install-list
>
>
> __________________________________________________
> Do You Yahoo!?
> Get personalized email addresses from Yahoo! Mail
> http://personal.mail.yahoo.com/
>
>
>
> _______________________________________________
> Redhat-install-list mailing list
> Redhat-install-list redhat com
> https://listman.redhat.com/mailman/listinfo/redhat-install-list
>
>
>
>
>
> _______________________________________________
> Redhat-install-list mailing list
> Redhat-install-list redhat com
> https://listman.redhat.com/mailman/listinfo/redhat-install-list
>

-- 
Matt Drew
Peer Review team lead
Red Hat Consumer Services





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]