Date: Mon, 19 Jun 2000 16:13:23 +0200 (CEST) From: Bart van Leeuwen <bart@ixori.demon.nl> To: "tjk@tksoft.com" <tjk@tksoft.com> Cc: Oleg Strizhak <oleg@inforser.ru>, FreeBSD-security@freebsd.org Subject: Re: tried to be cracked Message-ID: <Pine.BSF.4.21.0006191612100.4139-100000@isengard.ixori.demon.nl> In-Reply-To: <200006191351.GAA07969@uno.tksoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
to add to that, on 4.0 it seems to be man hosts_options for info on the hosts.allow file. Another very usefuill command to look at is sockstat (-an), it will tell you which 'command' is actually listening to which port on your machine. Bart van Leeuwen ----------------------------------------------------------- mailto:bart@ixori.demon.nl - http://www.ixori.demon.nl/ ----------------------------------------------------------- On Mon, 19 Jun 2000, tjk@tksoft.com wrote: > You don't need any service you don't know about. > > You can disable all of them, except ftp and telnet, if > you use telnet. You should also not have any daemons > running which you don't use. mountd, nfsd, portmap, etc.. > > Try > "man hosts.allow" or "man hosts_access" > (not at a FreeBSD box right now, so can't check.) > > Anyway, you can use "netstat -n -a" to find out what > ports you have open. > > Troy > > > > > Hi all! > > > > Today seeng this in messages: > > Jun 17 03:30:01 servak su: _secure_path: /xxx/.login_conf is not owned by uid 65534 > > Jun 17 03:30:01 servak su: _secure_path: /xxx/.login_conf is not owned by uid 65534 > > > > checked all the logs -- there was no login via telnet, ssh. Nothing of activity was detected for that period of time on my http or ftp daemons. So I suppose that it was through one of the predifined inetd services. > > > > Here is my inetd.conf's enabled nodes: > > > > ftp stream tcp nowait root /usr/local/sbin/proftpd proftpd > > telnet stream tcp nowait root /usr/libexec/telnetd telnetd > > shell stream tcp nowait root /usr/libexec/rshd rshd > > login stream tcp nowait root /usr/libexec/rlogind rlogind > > finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s > > comsat dgram udp wait tty:tty /usr/libexec/comsat comsat > > ntalk dgram udp wait tty:tty /usr/libexec/ntalkd ntalkd > > > > > > # > > # IPv6 services > > # > > ftp stream tcp6 nowait root /usr/local/sbin/proftpd proftpd > > telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd > > shell stream tcp6 nowait root /usr/libexec/rshd rshd > > login stream tcp6 nowait root /usr/libexec/rlogind rlogind > > finger stream tcp6 nowait/3/10 nobody /usr/libexec/fingerd fingerd -s > > > > Question is: which of these daemons can be disabled (or even inetd itself) w/o any harm. I've no use of NFS -- plain http/ftp/pop server. SMTP and POP stuff is already handled by tcpserv. > > > > I've already set up hosts.allow: denied any w/o reverse DNS, allowed any ftp, portmap, and ssh; denied all other daemons/users except trusted address. > > Where can I find out additional info about hosts.allow syntax? > > > > Thanx in advance. > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0006191612100.4139-100000>