Re: Interesting Question....

[Bruce Smith <bruce@xxxxxxxxxxx>]

> I downloaded and ran a program tonight called "Nmap". This is a port scanner
> that runs on Linux as well as other platforms. I did this to see how well I am
> doing at securing the Linux box before I place it on the Internet.
> 
> I've gotten about the results I was expecting, but have two questions....
> 
> Port 640 / unknown? Does anyone happen to know what item(s) might run at port
> 640. I checked the /etc/services file but no luck....

According to my port scanner, I don't have port 640 running on my PC.
Look at all your running processes.  What unusual things are you running?

What about that webmin thing you're giving a presentation on?  (guessing)

Run a "netstat -aep" and look for that port.
Telnet to that port and look at the telnet output and the log files.

> Port 1024 / kdm? Any ideas?

I believe it's the NFS "lockd" process.

If you're not using the NFS server, stop it, it's not safe over the internet.

>     Since I'm running ssh on my machine I have disabled ftp, Telnet, rcp,
> rlogin, etc. since I can transfer files via ssh.

Good idea.

>     I've also added ALL:ALL to my /etc/hosts.deny file on the suggestion of a
> howto I was reading... (Linux Security Howto) I realize I will need to edit my
> /etc/hosts.allow file so I can access my machine from work, correct?

Yes, but only for processes started with the TCP wrapper.  (/usr/sbin/tcpd)

P.S.  Update your address book.  This list is named "members".   
      The "klug" name is obsolete and will quit working someday.

--------------------------------------------
Bruce Smith                bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan  49093  USA
http://www.armstrong-intl.com/
--------------------------------------------