dewt <[EMAIL PROTECTED]> writes: > On Monday 08 April 2002 12:44 am, Anders Pettersson wrote: > > Something is odd. I reinstalled RedHat Linux 7.1 on a test system this > > weekend and I selected to install the workstation the high security > > settings and booted it up. > > > > I then "nmap -sT":ed myself and realized that 25, 110 and 111 was > > open, although 25 & 100 was not reachable from the NIC only loopback > > IF. > > > > But rpc was reacheable from the outside. > > > > I was wondering, it seems that the people at RH did a pretty good job > > of not starting every service available as they seem but how could > > they have missed rpc? Or did I screw something up - I don't think so I > > took time and answered careful to all the questions in order to > > install a system with the highest security possible. > > > > Earlier RH systems usually came with everything running out of the > > box, http, ftp, rpc, bind you name it - it got it and it was in heavy > > need of editing the etc files to turn off what was not needed. I think > > this is a step in the right direction. > > > > I am just fishing for other people's comments on this, private mail is > > fine as well.
> you might have some special custom rules in, or ipchains isn't set to start in > your runlevel (type service ipchains restart and scan your machine again) I did tell it to allow http and ssh inbound traffic so it did configure ipchains for me, but I said nothing about rpc at all. I have fixed it now though, the ipchains it had installed had a default policy of accept on input, output and forward chanins. I changed it to deny on input and forward and added rules to allow outbound traffic and it's responses back in then nmap:ed myself again and it was completely silent from the outside. I am still curious how rpc ever got there though. I will do some more experimentation the coming weekend. -- Anders Pettersson, Test Engineer
