02-22-2011
Quote:
Originally Posted by
ross.mather
[...]that you need to disable a large number of ports in the /etc/services file[...]
I'm not sure if you, ross, meant it that way, but i would like to point out the following for clarification: the file /etc/services is just a translation device for port names to port numbers, similar to the /etc/hosts file, which translates host names to IP addresses. Its content is mostly derived from RFC1700.
Removing an entry there will in no way close or disable a certain port, just like removing an entry from /etc/hosts will not prevent communiaction with the mentioned host.
To disable communication via a certain port one will have to resort to some layer-4 filtering, i.e. firewalling: IPSec, iptables or something such.
I hope this helps.
bakunin
9 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi,
Is it possible to remove/disconnect a socket connection having
a status of LISTEN, from command prompt..??
Thanks in Advance.. (1 Reply)
Discussion started by: shibz
1 Replies
2. UNIX for Dummies Questions & Answers
hello all,
in order for me to close ports and remove services that could be a danger to my system i have edited the /etc/initd.conf file, /etc/system file, and renamed some of the r commands. However i wanted to know if anyone knows how to turn off all services and close ALL known ports, so i... (3 Replies)
Discussion started by: Holistic
3 Replies
3. UNIX for Dummies Questions & Answers
I have an application service running on an AIX server
Client application is able to connect to the server machine.
Strange thing is
when i do "netstat -a | grep servicename" I get no output
but
when i do "ps -ef | grep service name", I am able to see the service running
I... (1 Reply)
Discussion started by: bryan
1 Replies
4. HP-UX
Hi,
We are running HP-UX 11.11 in trusted mode. We have a audit scheduled next week and I have been given the resp. to check all the network servies and other user maintenance things.
Is there any HP document which states which services can be easily disabled and how. Like ftp, finger etc.... (1 Reply)
Discussion started by: isingh786
1 Replies
5. Windows & DOS: Issues & Discussions
I just installed Services for Unix on a Windows 2003 DC. I have a Debian box with Samba shares for our storage drive. I'm trying to test a Linux client.
She is unable to read or write from the Samba shares. Her login is being mapped to the same name from NIS to AD. She can login from a windows... (0 Replies)
Discussion started by: dawningtech
0 Replies
6. UNIX for Dummies Questions & Answers
hi,
what is the command for checking the particular services and how can we find whether that service is up or down. Consider http service. how to check whether its up or down
Edit: Question continued here. (0 Replies)
Discussion started by: satheeshkr_cse
0 Replies
7. Solaris
Need help from the unix admins out there. I am trying to telnet from a windoze machine to a sun machine. It won't let me connect. I looked at etc/services and I found the port that telnet was listening on. But, how can I tell if its actually up and available? is there a unix command I can issue?... (15 Replies)
Discussion started by: Harleyrci
15 Replies
8. Red Hat
I had a doubt if any services need to be restarted if port no in /etc/services in an RHEL setup is changed. For eg, the port no of 443 for SSL may need to be changed.
I hope my query is clear whether any services need to be restarted if port no in /etc/services is changed.
Please revert with... (10 Replies)
Discussion started by: RHCE
10 Replies
9. Shell Programming and Scripting
Hi,
I just started working on a script. After my research, i found a command which can help me:
AIM: To build a script which starts the services (Services 1) on server 1 automatically whenever its down. And it has a dependency on other service (Service 2) on Server 2.
So my script has to... (4 Replies)
Discussion started by: draghun9
4 Replies
LEARN ABOUT CENTOS
portreserve
PORTRESERVE(1) TCP port reservation utility PORTRESERVE(1)
NAME
portreserve - reserve ports to prevent portmap mapping them
SYNOPSIS
portreserve
DESCRIPTION
The portreserve program aims to help services with well-known ports that lie in the bindresvport range. It prevents portmap (or other
programs using bindresvport) from occupying a real service's port by occupying it itself, until the real service tells it to release the
port (generally in its init script).
It is intended that portreserve runs from an initscript of its own, and services wishing to interact with it should use portrelease.
When the portreserve daemon is started, it examines the /etc/portreserve/ directory. Each file not containing "." or "~" in its name is
considered to be a service configuration file, and must contain a service name (as listed in /etc/services) or a port number. UDP services
may be specified by appending "/udp" to the service name, and TCP services by "/tcp". Several services may be specified, one per line.
For example, /etc/portreserve/cups might contain the string "ipp" or, equivalently, "ipp/tcp" and "ipp/udp" on separate lines.
For each service configuration file, a socket is created and bound to the appropriate port. A service wishing to bind to its port must
first run portrelease, which instructs portreserve to release the port associated with the service.
Once all the reserved ports have been released, the daemon exits.
FILES
/etc/portreserve/*
Service configuration files
/var/run/portreserve/socket
communication socket for portrelease
SEE ALSO
portrelease(1)
AUTHOR
Tim Waugh <twaugh@redhat.com>
Author.
portreserve 1 July 2008 PORTRESERVE(1)