Solaris 10 Services - Audit and Closure


 
Thread Tools Search this Thread
Operating Systems Solaris Solaris 10 Services - Audit and Closure
# 1  
Old 01-20-2010
Solaris 10 Services - Audit and Closure

Hello

We have recently been through an audit of our solaris servers.
All our solaris servers are running version 10.
We have been told to close down all the services and we have closed what we could by using svcadm disable
We only wish to let ssh and the ftp service to run.

Below is a list of the services that are still running.

Code:
Starting Nmap 5.00 ( http://nmap.org ) at 2010-01-20 08:13 SAST
Interesting ports on pluto (168.X.X.X):
Not shown: 976 closed ports
PORT      STATE SERVICE
21/tcp    open  ftp
22/tcp    open  ssh
25/tcp    open  smtp
111/tcp   open  rpcbind
513/tcp   open  login
587/tcp   open  submission
3300/tcp  open  unknown
4045/tcp  open  lockd
5555/tcp  open  freeciv
6112/tcp  open  dtspc
6788/tcp  open  unknown
6789/tcp  open  ibm-db2-admin
7100/tcp  open  font-service
32771/tcp open  sometimes-rpc5
32772/tcp open  sometimes-rpc7
32775/tcp open  sometimes-rpc13
32776/tcp open  sometimes-rpc15
32777/tcp open  sometimes-rpc17
32778/tcp open  sometimes-rpc19
32779/tcp open  sometimes-rpc21
32780/tcp open  sometimes-rpc23
32781/tcp open  unknown
32782/tcp open  unknown
65000/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 27.28 seconds

.

Can someone please help and explain what these services are, and which ones should be closed?
Why so many rpc services are needed?
Is the login service needed?
I assume we can close the ibm-db2 service as there are no ibm products installed

Please help.
Thank you so much, much appreciated.
Solly

Last edited by pludi; 01-20-2010 at 04:07 AM.. Reason: code tags, please...
# 2  
Old 01-20-2010
All of the above can be closed, except ftp,ssh and login
# 3  
Old 01-20-2010
Hello

Thanks for that, I am a bit worried the execution of closing the rpc process down?.
Do i just run a svcs -a | grep rpc and then use svcadm disable rpc....

Thanks please confirm.
# 4  
Old 01-20-2010
Yes , you would do that. However, anyone one with admin priviledges can still turn them on using svcadm enable. If you do not wish that to happen, I suppose you check the /etc/services file and comment the relevant services that you don't need
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Audit not working on Solaris 10

hi, I enabled bsm modules (/etc/security/bsmconv) and rebooted Solaris 10. But service is going into maintenance state. I rebooted server and I see one error saying "sys/c2audit:audit_kssl() not defined properly". I am not sure, what it is indicating and how it should be fixed. Please suggest, how... (5 Replies)
Discussion started by: solaris_1977
5 Replies

2. Solaris

Audit useradd/userdel - Solaris 11

Linux audits in syslog, any time a user is deleted or added. However, I'm running a Solaris11 VM, and find no such entries. How can I enable auditing for useradd and userdel? Oracle's documentation on managing the auditing service, has been of no assistance. Thanks. Customizing What Is... (7 Replies)
Discussion started by: Nvizn
7 Replies

3. Solaris

Enabling Solaris Audit log: Solaris 9

Dear All, I have one of my Servers, running Solaris 9. I wanna enable the Audit log enabling, the way I did in Solaris 10 Servers. After running, the bsmconv script, giving the reboots, modifying all the audit files in /etc/security, the audit is enabled, but the audit file which shall be... (3 Replies)
Discussion started by: sumeet1806
3 Replies

4. Solaris

Solaris - remote server audit

Looking for some way of running a script on one machine, giving it a list of IP addresses and it goes away and gets info from them. Things such as server type, memory, processors etc. Does such a thing exist? (3 Replies)
Discussion started by: psychocandy
3 Replies

5. Shell Programming and Scripting

perl FileHandle Closure during after unlock

Hi we have one function which is used to append data the file in exclusive lock mode in aperl script. This script is executed by multiple threads at the same time. accessing the same file.this script runs throught the day. sometimes the file2.txt size is getting reduced. for eg from 10 M... (1 Reply)
Discussion started by: Shahul
1 Replies

6. Solaris

Audit in Solaris Servers.

Hi Friends I am a Solaries newbie and I am looking out for a software or command or config that can capture all commands run by all users on a server on a daily basis. I believe that this Audit is being done in almost all enterprises and would like to know how the same is done there. Any... (3 Replies)
Discussion started by: Hari_Ganesh
3 Replies

7. Solaris

audit in solaris 10

can you please share what you use to audit what files are deleted, when files are deleted and who deleted them? thx (1 Reply)
Discussion started by: melanie_pfefer
1 Replies

8. Solaris

audit in solaris

How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not. Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies

9. Solaris

Sun Solaris Audit Program

Hi All, Any one has, sun solaris audit program which covers everything one need to check as a security auditor. Audit Program will help. Thanks, Ghanshyam Emails not allowed - see the Rules (4 Replies)
Discussion started by: ghanshyampatel
4 Replies

10. Solaris

How to turn on Audit trial for Solaris 8

Hi, Anyone know how to turn on Solaris 8 audt trial Thank (2 Replies)
Discussion started by: civic2005
2 Replies
Login or Register to Ask a Question