-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, Aug 29, 2015 at 11:28:10PM +0100, Brian wrote: > On Sat 29 Aug 2015 at 22:56:50 +0200, to...@tuxteam.de wrote: > > > On Sat, Aug 29, 2015 at 01:25:28PM -0500, rlhar...@oplink.net wrote:
[...] > > > tcp 0 0 0.0.0.0:22 0.0.0.0:* LIS 568/sshd > > > > Common wisdom is to keep that (but to secure it properly [...] [...] > Common wisdom or old-wives tales? He probably has no need for it. Purge. Count me als old-wive then. I know I've used that a couple of times to diagnose things. To each one to decide (put another way: no need to take with you the circular saw every time if you know you'll never use it :) > > > tcp 0 0 127.0.0.1:631 0.0.0.0:* LIS 1248/cupsd > > > > Are you using your laptop as a print server? If not, the cups-client > > package might be enough. > > Its only listening on localhost. What's the problem? You're right, I missed that. > cups-client alone is insufficient to print to a printer attached to the > machine. that's correct. I assumed that the printer isn't attached to the laptop, but that there are printer services around (I'm using lprng anyway). > > > tcp 0 0 127.0.0.1:5432 0.0.0.0:* LIS 675/postgres > > > tcp 0 0 127.0.0.1:25 0.0.0.0:* LIS 1063/exim4 > > > > Database server, mail server. What are they doing? For postgres, > > you could configure it to just serve over an UNIX domain socket, > > if the only applications around connect locally. Your call. > > For exim4 (mail server)... depends on your mail setup. > > Both are only listening on localhost. Perfectly safe. Correct. My fault. See above > > > tcp 0 0 127.0.0.1:2628 0.0.0.0:* LIS 599/0 > > > > Uh -- what is *this*? A process called "0"? Looks really strange > > to me. > > > > > tcp6 0 0 :::111 :::* LIS 530/rpcbind > > > tcp6 0 0 :::38930 :::* LIS 540/rpc.statd > > > tcp6 0 0 :::22 :::* LIS 568/sshd > > > tcp6 0 0 ::1:631 :::* LIS 1248/cupsd > > > tcp6 0 0 ::1:5432 :::* LIS 675/postgres > > > tcp6 0 0 ::1:25 :::* LIS 1063/exim4 > > > > Those are IPV6 variants of some of the above. > > > > > udp 0 0 0.0.0.0:36358 0.0.0.0:* 612/avahi-daemon:r > > > > Avahi: this is a service discovery service: your laptop is broadcasting > > to the network "hey, here's a [printer, database, whatnot]. Wanna play > > with me? > > > > That's one of the things I ban from my computer. > > Broadcating is one thing. Allowing access to a service is another. Broadcasting is inviting :-) > > > udp 0 0 0.0.0.0:631 0.0.0.0:* 647/cups-browsed > > > > Here cups is announcing its availability. Down with it :-) > > CUPS isn't doing anything. Have another go. :) This is 631/udp, aka "CUPS browsing and polling": it's a discovery protocol ("any printers around?" "oh, yes, here's one"). So it's doing something. And sometimes, it has even holes: <http://www.openwall.com/lists/oss-security/2014/04/01/4> I'd say "down with his head". Leave 631/tcp (that's for printing) if you use a local printer, but leave it restricted to localhost (as done by default above). regards - -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlXitSwACgkQBcgs9XrR2kbH1wCfZ8A587OGnbBSTvzv+Tdncvma wOQAn0vuYGxLn6l82Y6FqU55iqHqQeKE =ZHCq -----END PGP SIGNATURE-----