Date: Mon, 19 Jun 2000 06:51:43 -0700 (PDT) From: "tjk@tksoft.com" <tjk@tksoft.com> To: oleg@inforser.ru (Oleg Strizhak) Cc: FreeBSD-security@FreeBSD.ORG Subject: Re: tried to be cracked Message-ID: <200006191351.GAA07969@uno.tksoft.com> In-Reply-To: <002b01bfd9f1$03fb2680$a4df36c3@Inforser.Ru> from "Oleg Strizhak" at Jun 19, 0 05:19:34 pm
next in thread | previous in thread | raw e-mail | index | archive | help
You don't need any service you don't know about. You can disable all of them, except ftp and telnet, if you use telnet. You should also not have any daemons running which you don't use. mountd, nfsd, portmap, etc.. Try "man hosts.allow" or "man hosts_access" (not at a FreeBSD box right now, so can't check.) Anyway, you can use "netstat -n -a" to find out what ports you have open. Troy > > Hi all! > > Today seeng this in messages: > Jun 17 03:30:01 servak su: _secure_path: /xxx/.login_conf is not owned by uid 65534 > Jun 17 03:30:01 servak su: _secure_path: /xxx/.login_conf is not owned by uid 65534 > > checked all the logs -- there was no login via telnet, ssh. Nothing of activity was detected for that period of time on my http or ftp daemons. So I suppose that it was through one of the predifined inetd services. > > Here is my inetd.conf's enabled nodes: > > ftp stream tcp nowait root /usr/local/sbin/proftpd proftpd > telnet stream tcp nowait root /usr/libexec/telnetd telnetd > shell stream tcp nowait root /usr/libexec/rshd rshd > login stream tcp nowait root /usr/libexec/rlogind rlogind > finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s > comsat dgram udp wait tty:tty /usr/libexec/comsat comsat > ntalk dgram udp wait tty:tty /usr/libexec/ntalkd ntalkd > > > # > # IPv6 services > # > ftp stream tcp6 nowait root /usr/local/sbin/proftpd proftpd > telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd > shell stream tcp6 nowait root /usr/libexec/rshd rshd > login stream tcp6 nowait root /usr/libexec/rlogind rlogind > finger stream tcp6 nowait/3/10 nobody /usr/libexec/fingerd fingerd -s > > Question is: which of these daemons can be disabled (or even inetd itself) w/o any harm. I've no use of NFS -- plain http/ftp/pop server. SMTP and POP stuff is already handled by tcpserv. > > I've already set up hosts.allow: denied any w/o reverse DNS, allowed any ftp, portmap, and ssh; denied all other daemons/users except trusted address. > Where can I find out additional info about hosts.allow syntax? > > Thanx in advance. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006191351.GAA07969>