[lug] Interesting Crash Report

Wed Mar 21 11:00:05 MST 2001

Do you need them?  If not remove the "r"service daemons.  

If you don't, the general rule of Unix security is to remove any running
daemons that are not in use.

Portmap is used by NFS - if you're using NFS (which has its own security
problems...) then you'll need to keep the portmapper.

You certainly can do a "stop" on them and see if anything you need
broke.  If so, you'll have to live with the firewall protection, but if
you're really not using things, just remove them/disable them.

Nate

Glenn Murray wrote:
> 
> Nothing like a good security discussion to bring on that
> early morning paranoia:  when I run "lsof -i" I get
> 
> COMMAND   PID  USER   FD   TYPE DEVICE SIZE NODE NAME
> portmap   109  root    3u  IPv4     58       UDP *:sunrpc
> portmap   109  root    4u  IPv4     59       TCP *:sunrpc (LISTEN)
> rpc.statd 180  root    0u  IPv4    103       UDP *:781
> rpc.statd 180  root    1u  IPv4    106       TCP *:783 (LISTEN)
> 
> but my ipchains rules do not accept input packets on ports 111, 781 or 783.
> 
> 1. Am I safe from attacks on those ports?  (If not, then I've really
> missed the point about ipchains!)
> 
> 2. I know of no reason for another computer to call sunrpc or any
> other kind of rpc on my box---is there any harm in turning these
> daemons off in /etc/rc* ?  (I would think there would be no harm,
> but paranoia makes me ask.)
> 
> Thanks,
> Glenn Murray
> www.mines.edu/~glenn/public_html/Welcome.html
> 
> On Tue, 20 Mar 2001, Scott A. Herod wrote:
> 
> > Also, as root, check the result of "lsof -i".  Suspicious
> > things are sshd's running on numerical ports, esp. anything higher
> > than 1024.
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug