[lug] Interesting Crash Report
nate at natetech.com
Wed Mar 21 11:00:05 MST 2001
Do you need them? If not remove the "r"service daemons.
If you don't, the general rule of Unix security is to remove any running
daemons that are not in use.
Portmap is used by NFS - if you're using NFS (which has its own security
problems...) then you'll need to keep the portmapper.
You certainly can do a "stop" on them and see if anything you need
broke. If so, you'll have to live with the firewall protection, but if
you're really not using things, just remove them/disable them.
Glenn Murray wrote:
> Nothing like a good security discussion to bring on that
> early morning paranoia: when I run "lsof -i" I get
> COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
> portmap 109 root 3u IPv4 58 UDP *:sunrpc
> portmap 109 root 4u IPv4 59 TCP *:sunrpc (LISTEN)
> rpc.statd 180 root 0u IPv4 103 UDP *:781
> rpc.statd 180 root 1u IPv4 106 TCP *:783 (LISTEN)
> but my ipchains rules do not accept input packets on ports 111, 781 or 783.
> 1. Am I safe from attacks on those ports? (If not, then I've really
> missed the point about ipchains!)
> 2. I know of no reason for another computer to call sunrpc or any
> other kind of rpc on my box---is there any harm in turning these
> daemons off in /etc/rc* ? (I would think there would be no harm,
> but paranoia makes me ask.)
> Glenn Murray
> On Tue, 20 Mar 2001, Scott A. Herod wrote:
> > Also, as root, check the result of "lsof -i". Suspicious
> > things are sshd's running on numerical ports, esp. anything higher
> > than 1024.
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG