| View previous topic :: View next topic |
| Author |
Message |
TxEdO
n00b
Joined: 09 Aug 2004
Posts: 17
|
 Posted: Tue Oct 18, 2005 1:11 pm Post subject: Is this a security risk? ports 111 and 813 |
 |
|
I've been testing some tools and I found this:
| Code: | Port State Service
111 open sunrpc
813 open unknown |
| Code: | # rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
391002 2 tcp 813 sgi_fam |
I really don't know much about security on GNU/Linux, so can anyone tell me what is that and, in case it is a security risk, how to fix it?
Thank you in advance. |
|
| Back to top |
|
 |
slam_head
Guru
Joined: 06 Jan 2003
Posts: 449
Location: New York City
|
| Posted: Wed Oct 19, 2005 3:00 am Post subject: |
|
|
| Are you running NFS? |
|
| Back to top |
|
|
TxEdO
n00b
Joined: 09 Aug 2004
Posts: 17
|
| Posted: Wed Oct 19, 2005 9:18 am Post subject: |
|
|
I checked at startup and seems no NFS is initialized but I checked my kernel configuration and it is compiled, should I remove it?
| Code: |
<*> NFS file system support
[ ] Provide NFSv3 client support
[ ] Provide NFSv4 client support (EXPERIMENTAL)
[ ] Allow direct I/O on NFS files (EXPERIMENTAL)
<*> NFS server support
[ ] Provide NFSv3 server support
[*] Provide NFS server over TCP support |
|
|
| Back to top |
|
|
slam_head
Guru
Joined: 06 Jan 2003
Posts: 449
Location: New York City
|
| Posted: Wed Oct 19, 2005 8:40 pm Post subject: |
|
|
| The portmapper should only be running if NFS is setup. /etc/init.d/netmount handles this but will only start the portmapper if there is a NFS entry in /etc/fstab. |
|
| Back to top |
|
|
groovin
Guru
Joined: 07 Feb 2004
Posts: 429
Location: California, USA
|
| Posted: Thu Oct 20, 2005 5:00 am Post subject: Re: Is this a security risk? ports 111 and 813 |
|
|
| TxEdO wrote: |
I really don't know much about security on GNU/Linux, so can anyone tell me what is that and, in case it is a security risk, how to fix it?
Thank you in advance. |
i guess now would be a nice time to learn about security! =)
you might want to try looking at iptables to firewall off some of those services. you can just simply close those ports by stopping those services, but there might be a time when you actually need to have some potentially vulnerable ports open but want to add another layer of access control besides whatever the listening daemons native controls are (like hosts.allow or securenets or whatever) |
|
| Back to top |
|
|
TxEdO
n00b
Joined: 09 Aug 2004
Posts: 17
|
| Posted: Sun Oct 23, 2005 11:27 am Post subject: |
|
|
netmount and portmap aren't running and I don't have a NFS entry in my /etc/fstab either. I just have NFS support compiled in my kernel but I don't use it.
So how could I close that ports? how to do the iptables thing?
Thank you in advance. |
|
| Back to top |
|
|
groovin
Guru
Joined: 07 Feb 2004
Posts: 429
Location: California, USA
|
| Posted: Sun Oct 23, 2005 11:59 pm Post subject: |
|
|
iptables isnt something you can just explain to someone on a thread. its best to check out some of the online resoures like:
http://gentoo-wiki.com/HOWTO_Iptables_for_newbies
of course there are tools and frontends that make life with iptables much easier, but if you want to really learn a great piece of security, give iptables by itself a try first. I am no iptables expert, but there are tons of guys on this forum that are.
good luck |
|
| Back to top |
|
|
saturday
Apprentice
Joined: 20 Dec 2004
Posts: 246
Location: de/munich/home
|
| Posted: Mon Oct 24, 2005 12:12 am Post subject: |
|
|
| Given that fam is the only app that needs portmap on your system, you can make your system safer by simply replacing fam with gamin and then unmerging portmap. No need for iptables then. |
|
| Back to top |
|
|
|
Networking & Security
