I thought I might comment here,
it is quiet acceptable to close both cups and x11 on your external
interface,, (ie the one that connects to the outside world, be it via ppp0,,
eth0 or other, in fact, since you want neither X or cups linked to the
outside world, its RECOMMENDED you do close them on the external
interface,,,,
closing them on all interfaces, particularly the interal ones,, is bad and
will effect the services,, (ie they wont work)
see my earlier email about ipchains...
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of John Rye
Sent: Wednesday, 4 July 2001 3:02 PM
To: Judith Miner
Cc: [EMAIL PROTECTED]
Subject: Re: [newbie] Internet Security
On Tue, 3 Jul 2001 21:57:44 -0400
"Judith Miner" <[EMAIL PROTECTED]> wrote:
S'ok - we've all been here at some point <GGGGGGrin>
> that had something to do with mail transport. So okay, some progress.
> At sdesign.com I had fewer ports open than I did before, but I'm still
> seeing open ports at 631 (tcp) and 6000 (tcp X11).
Port 631 is your Cups printer Daemon and 6000 is part of your GUI setup
>
> I got the same results whether I went online as root or as user.
>
> How can I get those ports closed? Clear directions much appreciated!
> If you tell me exactly where to look and what to edit, I can do it,
> but I can't figure it out on my own.
I'm not sure about the results of cups the port being closed, but as I
understand closing the X11 port with have a sortakindlikeabit
deretorious effect on your preference for the GUI (um - won't work) <g>
It's a real ring-a-round - if you want to close/disable 631 completely,
you might well wind up removing the cups systems and installing the
'old' lpr/lpd' system - others will correct me on this issue.
> I tried to run the interactive Bastille but I didn't understand the
> options and the explanations were much too sketchy. I don't like to
> make
> decisions like that when I don't understand what I'm doing. So I ran
> BastilleChooser instead and figure it's better than nothing. Why isn't
> Bastille on medium security closing all my ports?
I agree with these comments. Part of the problem with many applications
we try to use when we are unfamiliar with them is the on-screen
instruction. Remember that very many of the applications developers do
not use English (which-ever flavour) as their first language and as a
result many messages are rather obscure. I don't have a work around for
this.
I use the firewalling which is accessed from the Mandrake Control
Centre. It is a subset of Bastille and unless one is totally paranoid
about security, I feel it is quite adequate for the 'average home user'
(which included me).
Have you taken a look at that yet, I know there's a great deal to learn
here and I suspect that you, like many other on the list, will
eventually get there.
There are a good many books out there which are very helpful - one which
I found useful when I was first starting was:Sams "Teach Yourself Linux
in 10 minutes" which cost me about $US10. It's 200-page paperback which
helps with much of the 'basic' stuff. If you want to get more detail
then look at the O'Rielly titles in your local book-store.
_BUT_ bear in mind that many of the books out there are written around
the Redhat distributions and may not be exactly what you are looking
for. Look at this way (Comment from mere male) The diff between RH and
LM is much the same as the difference between a couple od say Microwave
ovens - they do the same job - it's just that the controls are
different.
Cheers
John
--
"The number of UNIX installations has grown to 10, with more expected"
(The UNIX Programmer's Manual, 2nd Edition, June 1972.)
Registered Linux User: 102826
