Re: [expert] basic firewall setup-please help

Tue, 29 May 2001 02:14:25 -0700 

Hello

First of all... 

1. Checking which programs use which port
use "lsof" like so: lsof -iTCP -iUDP | grep port_number

2. Closing ports
you can use ipchains: "ipchains -A input -d "my_ip" "my_port" -j REJECT
Carreful with this... you can close yourself from the world ;)

3. Bastille - Linux Hardening
if you had read the site you would had noticed that bastille misses the
interface libs (point 3 of the downloads in www.bastille-linux.org).
Install the rpm "Perl-Tk from Mandrake ".
If it still doesn't work you can use CPAN: 
"perl -MCPAN -eshell" (at this point I would suggest perldoc : "perldoc -q
cpan", second point)

my 2 cents,
   Rui Lapa

Note: Sorry for the confusion... but expertee comes from practice... ;)

mp writes:

> 
> hy!
> i installed mandrake 8.0 without servers.
> i configured tiny firewall (everything no) with the mandrake control
> tool. i set security high in this tool, but he doesnt remember that. when
> logged in as a root this is set to high.
> logged in as a user
> i type netstat -l in a xterm:
> result:
> tcp        0      0 *:1024                  *:*                    
>  LISTEN tcp        0      0 *:blackjack             *:*                   
>  LISTEN tcp        0      0 *:dwf                   *:*                  
>  LISTEN tcp        0      0 *:sunrpc                *:*                 
>  LISTEN tcp        0      0 *:6000                  *:*                
>  LISTEN tcp        0      0 *:ipp                   *:*               
>  LISTEN udp        0      0 *:1024                  *:*
> udp        0      0 *:xdmcp                 *:*
> udp        0      0 *:sunrpc                *:*
> udp        0      0 *:ipp
> 
> so, i have several servers running? -blackjack,sunrpc etc..
> 
> I then tried to use Bastille but it would (logged in as a root, in
> etc/usr and any other) display:
> [root@mymachine sbin]# InteractiveBastille
> Using Tk user interface module.
> Only displaying questions relevant to the current configuration.
> Can't locate Bastille_Tk.pm in @INC (@INC contains: /usr/lib
> /usr/lib/perl5/5.6.0/i386-linux /usr/lib/perl5/5.6.0
> /usr/lib/perl5/site_perl/5.6.0/i386-linux /usr/lib/perl5/site_perl/5.6.0
> /usr/lib/perl5/site_perl /usr/lib/perl5/site_perl/ /usr/lib/Bastille) at
> /usr/sbin/InteractiveBastille line 270.
> [root@smymachine sbin]#
> 
> 
> All i want to is to close all ports, but the ones i need to use for
> pop3,smtp,http,ftp,smtp,irc- no blackjack or stuff i dont know.
> my cableprovider does port-scans and if a user has some dangerous (spam!)
> server online the user would be disconnected forever...
> Thank you very much!
> Regards,
> Philipp
>

Reply via email to