Security Basics mailing list archives

RE: locking down my solaris box

From: "Amin Tora" <atora () EPLUS com>
Date: Thu, 13 May 2004 14:48:01 -0400


Juan,

7/tcp echo              this service basically echoes back whatever you
feed it...
9/tcp discard   this service takes whatever you feed it and "discards"
it...like a blackhole
13/tcp daytime  this service gives out the time of your system clock
19/tcp chargen  this service generates ascii characters - as soon as you
connect, it spews data back at you

You can disable these services without hindering anything major on your
system - unless you have some software that you know of that depends on
any of these. You can disable these services by commenting them out in
the file /etc/inetd.conf

To see exactly what each port does try to telnet to each one (i.e. to
see how the ECHO port works, on a command line type: telnet 10.10.10.10
7 )

See also:

 -SANS Solaris hardening information
http://www.sans.org/resources/hard_solaris.htm

 -nddconfig , JASS security tookit, and others at
http://www.sun.com/blueprints/tools/

 -A good reference book is "Practical Unix & Internet Security - 3rd
ed." O'reilly publications...



Amin Tora, CISSP, CHSP
Security Consultant
ePlus Technology Inc.
13595 Dulles Technology Drive
Herndon, VA 20171
office: 703-793-1330
cell: 703-675-0738
web: http://www.eplustechnology.com
email: atora-at-eplus.com

**NOTICE**
------------------------------------------
THE INFORMATION CONTAINED IN THIS ELECTRONIC TRANSMISSION AND ANY
ATTACHMENTS HERETO IS CONSIDERED PROPRIETARY AND CONFIDENTIAL.
DISTRIBUTION OF THIS MATERIAL TO ANYONE OTHER THAN THE ADDRESSED IS
PROHIBITED. ANY DISCLOSURE, COPYING, DISTRIBUTION OR USE OF THE CONTENTS
OF THIS TRANSMISSION OR ANY ATTACHMENTS HERETO FOR ANY REASON OTHER THAN
THEIR INTENDED PURPOSE IS PROHIBITED. IF YOU HAVE RECEIVED THIS
TRANSMISSION IN ERROR, PLEASE CONTACT THE SENDER.
------------------------------------------


-----Original Message-----
From: Juan Declet [mailto:Juan.Declet () asu edu] 
Sent: Wednesday, May 12, 2004 12:27 PM
To: security-basics () lists securityfocus com
Subject: locking down my solaris box

The following services are running in my Solaris machine, according to
nmap:

Starting nmap 3.50 ( http://www.insecure.org/nmap ) at 2004-05-11 19:07
US Mount ain Standard Time Interesting ports on myhost.com (The 1631
ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE
7/tcp     open  echo
9/tcp     open  discard
13/tcp    open  daytime
19/tcp    open  chargen
25/tcp    open  smtp
80/tcp    open  http
111/tcp   open  rpcbind
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
512/tcp   open  exec
513/tcp   open  login
514/tcp   open  shell
515/tcp   open  printer
540/tcp   open  uucp
587/tcp   open  submission
898/tcp   open  sun-manageconsole
901/tcp   open  samba-swat
5901/tcp  open  vnc-1
6000/tcp  open  X11
6001/tcp  open  X11:1
6112/tcp  open  dtspc
7100/tcp  open  font-service
9999/tcp  open  abyss
32772/tcp open  sometimes-rpc7
32775/tcp open  sometimes-rpc13
32776/tcp open  sometimes-rpc15
32777/tcp open  sometimes-rpc17
32778/tcp open  sometimes-rpc19

Nmap run completed -- 1 IP address (1 host up) scanned in 44.844 seconds

There are services that I know I need, such as samba-swat,
sun-manageconsole, abyss, vnc, etc.
This server offers http and samba services, but not much else. Can
someone shed some light on what the echo, discard, daytime, chargen
services are for, and if there is any potential of hosing the machine if
these are disabled? I am trying to lockdown this machine against
intrusions.

Also, I would like to know what file(s) hold info on which services use
which ports.

Regards,
Juan Declet


------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off any course! All of our class sizes are guaranteed to be 10 students
or less to facilitate one-on-one interaction with one of our expert
instructors. 
Attend a course taught by an expert instructor with years of
in-the-field pen testing experience in our state of the art hacking lab.
Master the skills of an Ethical Hacker to better assess the security of
your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

locking down my solaris box Juan Declet (May 13)
- RE: locking down my solaris box Robert Escue (May 14)
- Re: locking down my solaris box John Jasen (May 14)
- Re: locking down my solaris box Ivan Angelov (May 14)
- Re: locking down my solaris box Jay D. Dyson (May 14)
- <Possible follow-ups>
- RE: locking down my solaris box Amin Tora (May 14)
- Re: locking down my solaris box Ivan Coric (May 17)