[Courses] [Security] The useful netstat
Katie Bechtold
katie at katie-and-rob.org
Wed Mar 6 10:33:23 EST 2002
On Tue, Mar 05, 2002 at 06:00:48PM -0500, Raven, corporate courtesan wrote:
> If anyone feels like posting
> the netstat info from their system for comment, we can go over what you
> should and shouldn't see here. For the most part, if you don't know
> what it is, you probably shouldn't have it listening on a port here.
I'll bite:
[root at blue root]# netstat -pl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 localhost:32769 *:*
LISTEN 865/xinetd
tcp 0 0 *:printer *:*
LISTEN 922/lpd Waiting
tcp 0 0 *:x11 *:*
LISTEN 2751/X
tcp 0 0 *:http *:*
LISTEN 1052/httpd
tcp 0 0 *:auth *:*
LISTEN 825/identd
tcp 0 0 *:ssh *:*
LISTEN 883/sshd
tcp 0 0 localhost:smtp *:*
LISTEN 982/sendmail: accep
tcp 0 0 *:x11-ssh-offset *:*
LISTEN 2371/sshd
tcp 0 0 *:6011 *:*
LISTEN 2415/sshd
tcp 0 0 *:https *:*
LISTEN 1052/httpd
tcp 0 0 *:6012 *:*
LISTEN 2495/sshd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program
name Path
unix 2 [ ACC ] STREAM LISTENING 1414 1176/xfs
/tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 1292 1029/gpm
/dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 2158 1435/oafd
/tmp/orbit-katie/orb-1579713980692359511
unix 2 [ ACC ] STREAM LISTENING 7161434 2751/X
/tmp/.X11-unix/X0
Active IPX sockets
Proto Recv-Q Send-Q Local Address Foreign Address
State
Before the doing the netstat you see above, I:
- stopped portmap and removed it from my init script for runlevel 5
(is it just a coincidence that it apparently was running on port
666? :)
- tried to stop X, but it always restarted
- stopped rpc.statd; it wasn't clear to me which init script starts
it
- removed nfslock from init script for runlevel 5
- stopped netfs; removed from init script for runlevel 5
Other than that, this is basically a freshly installed RedHat 7.2
system. I'm using it as my desktop system, so I don't think I have
a good reason to be running lpd or httpd. I do want to run sshd and
some mailserver (so mutt can send mail out), though. I don't know
about identd; is it considered a security risk? I'll also note that
this system is behind a NAT router, so maybe running unneeded
services isn't a humongous risk, but I want to know how to do it
right anyway.
--
Katie Bechtold
http://www.katie-and-rob.org/katie/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://linuxchix.org/pipermail/courses/attachments/20020306/e19f9fae/attachment.pgp
More information about the Courses
mailing list