The ports are indeed already opened by ircd. However, if you have a firewall blocking it then ircd won't be able to send or receive anything from that port from outside your machine although ircd can bind to the port. That's why I asked you whether you have a firewall and would like to enable a port. We don't know if you have a firewall. You do.
Hi,
I have read some forum theads about the open and close ports. some points are clear and it is not working on my machine or something am i missing?
I have commented out a port /etc/services, one application uses
then when i use the telnet <hostname> <port_blocked> it shows connected..... (1 Reply)
just a quick question:
a. whats the simplest command to check open port and the corresponding services?
example:
bash-2.05# netstat -an | grep LISTEN
*.199 *.* 0 0 49152 0 LISTEN
*.8989 *.* 0 0 49152 ... (1 Reply)
hi guys,
may i know the exact steps to open a port in solaris.i have some rough idea - which is adding the port number in /etc/services.
but i am not sure the correct conventions, steps or any other steps.
kindly advise.thanks guys ! (1 Reply)
Hello,
I have a number of Solaris 8 Sun servers that have open ports that I cannot identify. I see some with 1013-1023 (which are reserved ports according to the IANA. Lsof does not identify these. I rebooted the server and they went off, but this morning I saw they were all back on again. Any... (1 Reply)
Hello,
I have a number of Solaris 8 Sun servers that have open ports that I cannot identify. I see some with 1012-1020 (which are reserved ports according to the IANA. Lsof does not identify these. One server has all these on and one server just has 1017.
*.1023 ... (3 Replies)
Hello, i need a script (bash type maybe?..), which would check open ports on 127.0.0.1 and then compare open ports with "registered/allowed" port list and try to kill the program who uses unregistered ports. It would be great that script would be started lets say every 5 or 10 minutes.
You see i... (2 Replies)
hi all
1) how to determine available ports in a box (solaris)
do i have to go for a netstat on all the ports?
2) how to block a particular port for a particular type of connection.
Any help would be greatly appreciated
Thanks (7 Replies)
/* Linux Slackware */
Nmap shows the following ports open on the gateway.
21/tcp ftp
22/tcp ssh
23/tcp telnet
25/tcp smtp
37/tcp time
80/tcp http
113/tcp auth
515/tcp printer
587/tcp submission
1024/tcp kdm
6000/tcp x11
-------------------------------
i would like to close as... (10 Replies)
AA_CHANGE_HAT(2) AppArmor AA_CHANGE_HAT(2)NAME
aa_change_hat - change to or from a "hat" within a AppArmor profile
SYNOPSIS
#include <sys/apparmor.h>
int aa_change_hat (char *subprofile, unsigned long magic_token);
Link with -lapparmor when compiling.
DESCRIPTION
An AppArmor profile applies to an executable program; if a portion of the program needs different access permissions than other portions,
the program can "change hats" to a different role, also known as a subprofile. To change into a new hat, it calls the aa_change_hat()
function to do so. It passes in a pointer to the subprofile which it wants to change into, and a 64bit magic_token. The magic_token is
used to return out of the subprofile at a later time.
If a program wants to return out of the current subprofile to the original profile, it calls aa_change_hat() with a pointer to NULL as the
subprofile, and the original magic_token value. If the magic_token does not match the original magic_token passed into the kernel when the
program entered the subprofile, the change back to the original profile will not happen, and the current task will be killed. If the
magic_token matches the original token, then the process will change back to the original profile.
If the program wants to change to a subprofile that it can never change back out of, the application should call aa_change_hat() with a
magic_token of 0.
As both read(2) and write(2) are mediated, a file must be listed in a subprofile definition if the file is to be accessed while the process
is in a "hat".
RETURN VALUE
On success zero is returned. On error, -1 is returned, and errno(3) is set appropriately.
ERRORS
EINVAL
The apparmor kernel module is not loaded or the communication via the /proc/*/attr/current file did not conform to protocol.
ENOMEM
Insufficient kernel memory was available.
EPERM
The calling application is not confined by apparmor.
ECHILD
The application's profile has no hats defined for it.
EACCES
The specified subprofile does not exist in this profile or the process tried to change another process's domain.
EXAMPLE
The following code examples shows simple, if contrived, uses of aa_change_hat(); a typical use of aa_change_hat() will separate privileged
portions of a process from unprivileged portions of a process, such as keeping unauthenticated network traffic handling separate from
authenticated network traffic handling in OpenSSH or executing user-supplied CGI scripts in apache.
The use of random(3) is simply illustrative. Use of /dev/urandom is recommended.
First, a simple high-level overview of aa_change_hat() use:
void foo (void) {
unsigned long magic_token;
/* get a random magic token value
from our huge entropy pool */
magic_token = random_function();
/* change into the subprofile while
* we do stuff we don't trust */
aa_change_hat("stuff_we_dont_trust", magic_token);
/* Go do stuff we don't trust -- this is all
* done in *this* process space, no separate
* fork()/exec()'s are done. */
interpret_perl_stuff(stuff_from_user);
/* now change back to our original profile */
aa_change_hat(NULL, magic_token);
}
Second, an example to show that files not listed in a subprofile ("hat") aren't accessible after an aa_change_hat() call:
#include <stdlib.h>
#include <string.h>
#include <sys/apparmor.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
int main(int argc, char *argv[]) {
int fd;
unsigned long tok;
char buf[10];
/* random() is a poor choice */
tok = random();
/* open /etc/passwd outside of any hat */
if ((fd=open("/etc/passwd", O_RDONLY)) < 0)
perror("Failure opening /etc/passwd");
/* confirm for ourselves that we can really read /etc/passwd */
memset(&buf, 0, 10);
if (read(fd, &buf, 10) == -1) {
perror("Failure reading /etc/passwd pre-hat");
_exit(1);
}
buf[9] = '