Cybersecurity

/* Linux Slackware */

Nmap shows the following ports open on the gateway.

21/tcp ftp
22/tcp ssh
23/tcp telnet
25/tcp smtp
37/tcp time
80/tcp http
113/tcp auth
515/tcp printer
587/tcp submission
1024/tcp kdm
6000/tcp x11

-------------------------------

i would like to close as many ports as possible, at the very least ftp and telnet.. Are there any other ports on this list that i should or should not close?? This is our gateway and its sole purpose is to provide internet connectivity for the office.

any advise is appriciated..

e0---

I would also keep ssh open to allow for
remote monitoring and administration.
You may also wish to use ssh to "tunnel"
through to an internal system. It really
comes in handy when you get a call in the middle
of the night

If configured only for routing:


21/tcp ftp (COMMENT OUT IN INETD.CONF)
22/tcp ssh (KEEP THIS FOR REMOTE MGT)
23/tcp telnet (COMMENT OUT IN INETD.CONF)
25/tcp smtp (COMMENT OUT IN START UP SCRIPTS)
37/tcp time (YOU MAY WANT THIS FOR REMOTE MGT)
80/tcp http (YOU MAY WANT THIS FOR REMOTE MGT, OTHERWISE COMMENT OUT)
113/tcp auth (KEEP FOR OTHER DAEMONS TO USE)
515/tcp printer (COMMENT OUT IN STARTUP SCRIPTS)
587/tcp submission (COMMENT OUT IN STARTUP SCRIPTS)
1024/tcp kdm (COMMENT OUT IN STARTUP SCRIPTS)
6000/tcp x11 (COMMENT OUT IN START UP SCRIPTS)


Don't forget to enable route filtering and use FW (packet filtering) tools.

where can i find the inetd.conf file..


find / inetd.conf doesnt do it..


thanks

e0-

normally inetd.conf is located in /etc


The find command should find it...

find / -name inetd.conf -print

thanks, i got it..

Once I have made the changes, how do I apply them without restarting the machine???

e0--

Here it is-

So far everything is good, you just wanna re-start inetd...

In Linux, you could use the service comand, but normally, all you need to do is "ps -ef | grep inet", now get the PID of the inetd proc, take that and send it a "kill -SIGUSR1" (see your kill manpage for a better idea of what signal to send), this will force the inetd process to re-scan it's conf file.


As I said, READ the kill man page BEFORE doing this, make sure you get the right signal, otherwise, you may kill inetd completely, and not be able to telnet (or anything) in to restart it. Another good idea is to be at the console if you are re-configging network stuff, just for safety's sake.



Later,


loadc