[Courses] [Security] The useful netstat

Katie Bechtold katie at katie-and-rob.org
Wed Mar 6 10:33:23 EST 2002 

On Tue, Mar 05, 2002 at 06:00:48PM -0500, Raven, corporate courtesan wrote:
> If anyone feels like posting
> the netstat info from their system for comment, we can go over what you
> should and shouldn't see here.  For the most part, if you don't know
> what it is, you probably shouldn't have it listening on a port here.

I'll bite:

[root at blue root]# netstat -pl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address
State       PID/Program name   
tcp        0      0 localhost:32769         *:*
LISTEN      865/xinetd          
tcp        0      0 *:printer               *:*
LISTEN      922/lpd Waiting     
tcp        0      0 *:x11                   *:*
LISTEN      2751/X              
tcp        0      0 *:http                  *:*
LISTEN      1052/httpd          
tcp        0      0 *:auth                  *:*
LISTEN      825/identd          
tcp        0      0 *:ssh                   *:*
LISTEN      883/sshd            
tcp        0      0 localhost:smtp          *:*
LISTEN      982/sendmail: accep 
tcp        0      0 *:x11-ssh-offset        *:*
LISTEN      2371/sshd           
tcp        0      0 *:6011                  *:*
LISTEN      2415/sshd           
tcp        0      0 *:https                 *:*
LISTEN      1052/httpd          
tcp        0      0 *:6012                  *:*
LISTEN      2495/sshd           
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node PID/Program
name    Path
unix  2      [ ACC ]     STREAM     LISTENING     1414   1176/xfs
/tmp/.font-unix/fs7100
unix  2      [ ACC ]     STREAM     LISTENING     1292   1029/gpm
/dev/gpmctl
unix  2      [ ACC ]     STREAM     LISTENING     2158   1435/oafd
/tmp/orbit-katie/orb-1579713980692359511
unix  2      [ ACC ]     STREAM     LISTENING     7161434 2751/X
/tmp/.X11-unix/X0
Active IPX sockets
Proto Recv-Q Send-Q Local Address              Foreign Address
State


Before the doing the netstat you see above, I:
- stopped portmap and removed it from my init script for runlevel 5
(is it just a coincidence that it apparently was running on port
666? :)
- tried to stop X, but it always restarted
- stopped rpc.statd; it wasn't clear to me which init script starts
it
- removed nfslock from init script for runlevel 5
- stopped netfs; removed from init script for runlevel 5

Other than that, this is basically a freshly installed RedHat 7.2
system.  I'm using it as my desktop system, so I don't think I have
a good reason to be running lpd or httpd.  I do want to run sshd and
some mailserver (so mutt can send mail out), though.  I don't know
about identd; is it considered a security risk?  I'll also note that
this system is behind a NAT router, so maybe running unneeded
services isn't a humongous risk, but I want to know how to do it
right anyway.

-- 
Katie Bechtold
http://www.katie-and-rob.org/katie/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://linuxchix.org/pipermail/courses/attachments/20020306/e19f9fae/attachment.pgp

More information about the Courses mailing list