Re: Re: How do I disable (close) ports?
On Wed, Jan 16, 2002 at 12:36:21PM -0500, Noah L. Meyerhans wrote: > On Wed, Jan 16, 2002 at 12:25:34PM -0500, Chris Hilts wrote: > > >> It seems to. The above ports were closed just by commenting them out > > >> of /etc/services and then rebooting. > > > An init 1, init 3 would have worked as well. > > > > Correct me if I'm wrong here, but why would you comment things out of > > /etc/services? Try /etc/inetd.conf or /etc/xinetd.conf > > Yes, this was discussed at length when the thread was current some time > ago. I am not sure why Mr. Weir just replied today. Sorry, must have got stuck in the spool;) -rob pgpuycK6ifBK5.pgp Description: PGP signature
Re: Re: How do I disable (close) ports?
On Wed, Jan 16, 2002 at 12:36:21PM -0500, Noah L. Meyerhans wrote: > On Wed, Jan 16, 2002 at 12:25:34PM -0500, Chris Hilts wrote: > > >> It seems to. The above ports were closed just by commenting them out > > >> of /etc/services and then rebooting. > > > An init 1, init 3 would have worked as well. > > > > Correct me if I'm wrong here, but why would you comment things out of > > /etc/services? Try /etc/inetd.conf or /etc/xinetd.conf > > Yes, this was discussed at length when the thread was current some time > ago. I am not sure why Mr. Weir just replied today. Sorry, must have got stuck in the spool;) -rob msg05433/pgp0.pgp Description: PGP signature
Re: Re: How do I disable (close) ports?
On Wed, Jan 16, 2002 at 12:25:34PM -0500, Chris Hilts wrote: > >> It seems to. The above ports were closed just by commenting them out > >> of /etc/services and then rebooting. > > An init 1, init 3 would have worked as well. > > Correct me if I'm wrong here, but why would you comment things out of > /etc/services? Try /etc/inetd.conf or /etc/xinetd.conf Yes, this was discussed at length when the thread was current some time ago. I am not sure why Mr. Weir just replied today. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgpIIPfkrhcJW.pgp Description: PGP signature
Re: Re: How do I disable (close) ports?
> On Wed, Dec 05, 2001 at 01:24:54PM +0100, J. Paul Bruns-Bielkowicz > wrote: >> It seems to. The above ports were closed just by commenting them out >> of /etc/services and then rebooting. > An init 1, init 3 would have worked as well. Correct me if I'm wrong here, but why would you comment things out of /etc/services? Try /etc/inetd.conf or /etc/xinetd.conf /etc/services just maps ports to service names. Chris
Re: Re: How do I disable (close) ports?
> On Wed, Dec 05, 2001 at 01:24:54PM +0100, J. Paul Bruns-Bielkowicz > wrote: >> It seems to. The above ports were closed just by commenting them out >> of /etc/services and then rebooting. > An init 1, init 3 would have worked as well. Correct me if I'm wrong here, but why would you comment things out of /etc/services? Try /etc/inetd.conf or /etc/xinetd.conf /etc/services just maps ports to service names. Chris
Re: Re: How do I disable (close) ports?
On Wed, Dec 05, 2001 at 01:24:54PM +0100, J. Paul Bruns-Bielkowicz wrote: > It seems to. The above ports were closed just by commenting them out of > /etc/services and then rebooting. An init 1, init 3 would have worked as well. -rob pgpySYcllWHDN.pgp Description: PGP signature
Re: Re: How do I disable (close) ports?
On Wed, Jan 16, 2002 at 12:25:34PM -0500, Chris Hilts wrote: > >> It seems to. The above ports were closed just by commenting them out > >> of /etc/services and then rebooting. > > An init 1, init 3 would have worked as well. > > Correct me if I'm wrong here, but why would you comment things out of > /etc/services? Try /etc/inetd.conf or /etc/xinetd.conf Yes, this was discussed at length when the thread was current some time ago. I am not sure why Mr. Weir just replied today. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html msg05320/pgp0.pgp Description: PGP signature
Re: Re: How do I disable (close) ports?
> On Wed, Dec 05, 2001 at 01:24:54PM +0100, J. Paul Bruns-Bielkowicz > wrote: >> It seems to. The above ports were closed just by commenting them out >> of /etc/services and then rebooting. > An init 1, init 3 would have worked as well. Correct me if I'm wrong here, but why would you comment things out of /etc/services? Try /etc/inetd.conf or /etc/xinetd.conf /etc/services just maps ports to service names. Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re: How do I disable (close) ports?
> On Wed, Dec 05, 2001 at 01:24:54PM +0100, J. Paul Bruns-Bielkowicz > wrote: >> It seems to. The above ports were closed just by commenting them out >> of /etc/services and then rebooting. > An init 1, init 3 would have worked as well. Correct me if I'm wrong here, but why would you comment things out of /etc/services? Try /etc/inetd.conf or /etc/xinetd.conf /etc/services just maps ports to service names. Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re: How do I disable (close) ports?
On Wed, Dec 05, 2001 at 01:24:54PM +0100, J. Paul Bruns-Bielkowicz wrote: > It seems to. The above ports were closed just by commenting them out of > /etc/services and then rebooting. An init 1, init 3 would have worked as well. -rob msg05317/pgp0.pgp Description: PGP signature
Re: Re: How do I disable (close) ports?
On Wed, Dec 05, 2001 at 02:04:32PM +0100, J. Paul Bruns-Bielkowicz wrote: > > You're not going to become a good Linux-administrator before you realize > > that you should UNDERSTAND what you do instead of just guessing and be > > happy because it worked. > > Becoming a good administrator is making it work and keeping it working. It > seems there is an official way of closing the ports and an unofficial > (wrong?) way of doing it. Understanding is gained, among others through > experience, and this is quite an experience judging by quantity of replies > Yes, you are right, sorry about my rather harsh reply. Just that I've been in the game some time, seeing too many people who refuse to learn, who wants a simple way spoonfead to them, and refusing to even look at documentation even when pointed at specific documents. Sometimes, you jump to the wrong conclusions too early. But listen to what has been said, restore the original /etc/services file, and disable it the correct way instead. As has been pointed out, none of the things you have done are guaranteed to work after your next package update of Debian. -- - Vegard Engen, member of the first RFC1149 implementation team.
Re: Re: How do I disable (close) ports?
> You're not going to become a good Linux-administrator before you realize > that you should UNDERSTAND what you do instead of just guessing and be > happy because it worked. Becoming a good administrator is making it work and keeping it working. It seems there is an official way of closing the ports and an unofficial (wrong?) way of doing it. Understanding is gained, among others through experience, and this is quite an experience judging by quantity of replies Thanks, J. Paul Bruns-Bielkowicz http://www.america.prv.pl
Re: Re: How do I disable (close) ports?
> How did you verify? I'm using nmap & netstat. J. Paul Bruns-Bielkowicz http://www.america.prv.pl
Re: Re: How do I disable (close) ports?
On Wed, Dec 05, 2001 at 01:24:54PM +0100, J. Paul Bruns-Bielkowicz wrote: > - Original Message - > From: "Rolf Kutz" <[EMAIL PROTECTED]> > > Commenting out things in /etc/services doesn't > > disable anything. > > It seems to. The above ports were closed just by commenting them out of > /etc/services and then rebooting. > This is *purely* by coincidence, because the startup-scripts does indeed use the NAME for the startup, and not the port. It's quite possible that some package upgrade will change this, and suddenly, the services will start. Trust us, this is *not* the way to disable services. Did you even read all things said in this thread? I gave a rather lengthy description in an earlier mail, and there's also been numerous good replys, most of them telling you that editing /etc/services is not the correct way to disable services. It might work, yes, but system changes may change that later, and you'll have to use the *correct* way then. Just use the correct way in the FIRST place, i.e. removing the startup scripts from the correct /etc/rc?.d/-catalog, as I described, and commenting out from /etc/inetd.conf You're not going to become a good Linux-administrator before you realize that you should UNDERSTAND what you do instead of just guessing and be happy because it worked. -- - Vegard Engen, member of the first RFC1149 implementation team.
Re: Re: How do I disable (close) ports?
J. Paul Bruns-Bielkowicz ([EMAIL PROTECTED]) wrote: > > Commenting out things in /etc/services doesn't > > disable anything. > > It seems to. The above ports were closed just by commenting them out of > /etc/services and then rebooting. How did you verify? > > No, I just changed /etc/services It's just mapping ports, so $ telnet 127.0.0.1 nntp works, if you have a newsserver installed, but $ telnet 127.0.0.1 119 should still work. - Rolf
Re: Re: How do I disable (close) ports?
- Original Message - From: "Rolf Kutz" <[EMAIL PROTECTED]> > J. Paul Bruns-Bielkowicz ([EMAIL PROTECTED]) wrote: > > > > I have a restricted services file and a default (open) services file. Some > > services are disabled, i.e. > > 9/tcp opendiscard > > 13/tcp opendaytime > > 109/tcpopenpop-2 > > 987/tcpopenunknown > > by commenting them out of /etc/services. > > Commenting out things in /etc/services doesn't > disable anything. It seems to. The above ports were closed just by commenting them out of /etc/services and then rebooting. >If you want to disable services, > edit /etc/inetd.conf, /etc/hosts.allow, > /etc/hosts.deny and the scripts in /etc/init.d/, > but maybe that's what you meant. No, I just changed /etc/services J. Paul Bruns-Bielkowicz http://www.america.prv.pl
Re: Re: How do I disable (close) ports?
basilisk ([EMAIL PROTECTED]) wrote: > If you do edit the init.d scripts don't forget to end the processes too. ACK. > Also don't just use a port scanner like nmap. have a look at lsof too > > lsof -Pan -i tcp -i udp > > It's quite useful. Right, but it doesn't help with hosts.[allow|deny] entries, cause inetd will still listen to that port. It's very useful to identify the process listening, anyhow. - Rolf
Re: Re: How do I disable (close) ports?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 5 Dec 2001, Rolf Kutz wrote: > J. Paul Bruns-Bielkowicz ([EMAIL PROTECTED]) wrote: > > > > I have a restricted services file and a default (open) services file. Some > > services are disabled, i.e. > > 9/tcp opendiscard > > 13/tcp opendaytime > > 109/tcpopenpop-2 > > 987/tcpopenunknown > > by commenting them out of /etc/services. > > Commenting out things in /etc/services doesn't > disable anything. If you want to disable services, > edit /etc/inetd.conf, /etc/hosts.allow, > /etc/hosts.deny and the scripts in /etc/init.d/, > but maybe that's what you meant. > > Then portscan you maschine to make sure, the ports > are deactivated. > > - Rolf If you do edit the init.d scripts don't forget to end the processes too. Also don't just use a port scanner like nmap. have a look at lsof too lsof -Pan -i tcp -i udp It's quite useful. -BEGIN PGP SIGNATURE- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQA/AwUBPA4PktZK+ucCabUAEQIsCQCg50isGcNUXXF3gFn9OsOa9G1es/cAn1zX bxOS4dEjRcAfKgK04DrvZkHm =46SW -END PGP SIGNATURE-
Re: Re: How do I disable (close) ports?
J. Paul Bruns-Bielkowicz ([EMAIL PROTECTED]) wrote: > > I have a restricted services file and a default (open) services file. Some > services are disabled, i.e. > 9/tcp opendiscard > 13/tcp opendaytime > 109/tcpopenpop-2 > 987/tcpopenunknown > by commenting them out of /etc/services. Commenting out things in /etc/services doesn't disable anything. If you want to disable services, edit /etc/inetd.conf, /etc/hosts.allow, /etc/hosts.deny and the scripts in /etc/init.d/, but maybe that's what you meant. Then portscan you maschine to make sure, the ports are deactivated. - Rolf
Re: Re: How do I disable (close) ports?
Thanks for all the response, comments and suggestions. Moving portmapper from /etc/init.d solved my issue. As for commenting our services in /etc/services, I am surprised that this isn't supposed to work and that it is not the proper way to disable services. I have a restricted services file and a default (open) services file. Some services are disabled, i.e. 9/tcp opendiscard 13/tcp opendaytime 109/tcpopenpop-2 987/tcpopenunknown by commenting them out of /etc/services. Thanks, J. Paul Bruns-Bielkowicz http://www.america.prv.pl
Re: Re: How do I disable (close) ports?
On Wed, Dec 05, 2001 at 02:04:32PM +0100, J. Paul Bruns-Bielkowicz wrote: > > You're not going to become a good Linux-administrator before you realize > > that you should UNDERSTAND what you do instead of just guessing and be > > happy because it worked. > > Becoming a good administrator is making it work and keeping it working. It > seems there is an official way of closing the ports and an unofficial > (wrong?) way of doing it. Understanding is gained, among others through > experience, and this is quite an experience judging by quantity of replies > Yes, you are right, sorry about my rather harsh reply. Just that I've been in the game some time, seeing too many people who refuse to learn, who wants a simple way spoonfead to them, and refusing to even look at documentation even when pointed at specific documents. Sometimes, you jump to the wrong conclusions too early. But listen to what has been said, restore the original /etc/services file, and disable it the correct way instead. As has been pointed out, none of the things you have done are guaranteed to work after your next package update of Debian. -- - Vegard Engen, member of the first RFC1149 implementation team. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re: How do I disable (close) ports?
> You're not going to become a good Linux-administrator before you realize > that you should UNDERSTAND what you do instead of just guessing and be > happy because it worked. Becoming a good administrator is making it work and keeping it working. It seems there is an official way of closing the ports and an unofficial (wrong?) way of doing it. Understanding is gained, among others through experience, and this is quite an experience judging by quantity of replies Thanks, J. Paul Bruns-Bielkowicz http://www.america.prv.pl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re: How do I disable (close) ports?
> How did you verify? I'm using nmap & netstat. J. Paul Bruns-Bielkowicz http://www.america.prv.pl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re: How do I disable (close) ports?
On Wed, Dec 05, 2001 at 01:24:54PM +0100, J. Paul Bruns-Bielkowicz wrote: > - Original Message - > From: "Rolf Kutz" <[EMAIL PROTECTED]> > > Commenting out things in /etc/services doesn't > > disable anything. > > It seems to. The above ports were closed just by commenting them out of > /etc/services and then rebooting. > This is *purely* by coincidence, because the startup-scripts does indeed use the NAME for the startup, and not the port. It's quite possible that some package upgrade will change this, and suddenly, the services will start. Trust us, this is *not* the way to disable services. Did you even read all things said in this thread? I gave a rather lengthy description in an earlier mail, and there's also been numerous good replys, most of them telling you that editing /etc/services is not the correct way to disable services. It might work, yes, but system changes may change that later, and you'll have to use the *correct* way then. Just use the correct way in the FIRST place, i.e. removing the startup scripts from the correct /etc/rc?.d/-catalog, as I described, and commenting out from /etc/inetd.conf You're not going to become a good Linux-administrator before you realize that you should UNDERSTAND what you do instead of just guessing and be happy because it worked. -- - Vegard Engen, member of the first RFC1149 implementation team. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re: How do I disable (close) ports?
J. Paul Bruns-Bielkowicz ([EMAIL PROTECTED]) wrote: > > Commenting out things in /etc/services doesn't > > disable anything. > > It seems to. The above ports were closed just by commenting them out of > /etc/services and then rebooting. How did you verify? > > No, I just changed /etc/services It's just mapping ports, so $ telnet 127.0.0.1 nntp works, if you have a newsserver installed, but $ telnet 127.0.0.1 119 should still work. - Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re: How do I disable (close) ports?
- Original Message - From: "Rolf Kutz" <[EMAIL PROTECTED]> > J. Paul Bruns-Bielkowicz ([EMAIL PROTECTED]) wrote: > > > > I have a restricted services file and a default (open) services file. Some > > services are disabled, i.e. > > 9/tcp opendiscard > > 13/tcp opendaytime > > 109/tcpopenpop-2 > > 987/tcpopenunknown > > by commenting them out of /etc/services. > > Commenting out things in /etc/services doesn't > disable anything. It seems to. The above ports were closed just by commenting them out of /etc/services and then rebooting. >If you want to disable services, > edit /etc/inetd.conf, /etc/hosts.allow, > /etc/hosts.deny and the scripts in /etc/init.d/, > but maybe that's what you meant. No, I just changed /etc/services J. Paul Bruns-Bielkowicz http://www.america.prv.pl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re: How do I disable (close) ports?
basilisk ([EMAIL PROTECTED]) wrote: > If you do edit the init.d scripts don't forget to end the processes too. ACK. > Also don't just use a port scanner like nmap. have a look at lsof too > > lsof -Pan -i tcp -i udp > > It's quite useful. Right, but it doesn't help with hosts.[allow|deny] entries, cause inetd will still listen to that port. It's very useful to identify the process listening, anyhow. - Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re: How do I disable (close) ports?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 5 Dec 2001, Rolf Kutz wrote: > J. Paul Bruns-Bielkowicz ([EMAIL PROTECTED]) wrote: > > > > I have a restricted services file and a default (open) services file. Some > > services are disabled, i.e. > > 9/tcp opendiscard > > 13/tcp opendaytime > > 109/tcpopenpop-2 > > 987/tcpopenunknown > > by commenting them out of /etc/services. > > Commenting out things in /etc/services doesn't > disable anything. If you want to disable services, > edit /etc/inetd.conf, /etc/hosts.allow, > /etc/hosts.deny and the scripts in /etc/init.d/, > but maybe that's what you meant. > > Then portscan you maschine to make sure, the ports > are deactivated. > > - Rolf If you do edit the init.d scripts don't forget to end the processes too. Also don't just use a port scanner like nmap. have a look at lsof too lsof -Pan -i tcp -i udp It's quite useful. -BEGIN PGP SIGNATURE- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQA/AwUBPA4PktZK+ucCabUAEQIsCQCg50isGcNUXXF3gFn9OsOa9G1es/cAn1zX bxOS4dEjRcAfKgK04DrvZkHm =46SW -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re: How do I disable (close) ports?
J. Paul Bruns-Bielkowicz ([EMAIL PROTECTED]) wrote: > > I have a restricted services file and a default (open) services file. Some > services are disabled, i.e. > 9/tcp opendiscard > 13/tcp opendaytime > 109/tcpopenpop-2 > 987/tcpopenunknown > by commenting them out of /etc/services. Commenting out things in /etc/services doesn't disable anything. If you want to disable services, edit /etc/inetd.conf, /etc/hosts.allow, /etc/hosts.deny and the scripts in /etc/init.d/, but maybe that's what you meant. Then portscan you maschine to make sure, the ports are deactivated. - Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re: How do I disable (close) ports?
Thanks for all the response, comments and suggestions. Moving portmapper from /etc/init.d solved my issue. As for commenting our services in /etc/services, I am surprised that this isn't supposed to work and that it is not the proper way to disable services. I have a restricted services file and a default (open) services file. Some services are disabled, i.e. 9/tcp opendiscard 13/tcp opendaytime 109/tcpopenpop-2 987/tcpopenunknown by commenting them out of /etc/services. Thanks, J. Paul Bruns-Bielkowicz http://www.america.prv.pl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]