Security Basics mailing list archives

Re: locking down my solaris box

From: "Jay D. Dyson" <jdyson () treachery net>
Date: Thu, 13 May 2004 11:23:51 -0700 (PDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 12 May 2004, Juan Declet wrote:

There are services that I know I need, such as samba-swat,
sun-manageconsole, abyss, vnc, etc. This server offers http and samba
services, but not much else. Can someone shed some light on what the
echo, discard, daytime, chargen services are for, and if there is any
potential of hosing the machine if these are disabled? I am trying to
lockdown this machine against intrusions.


        First off, I strongly recommend that you download, compile and
install IPfilter on your Solaris box.  You can acquire IPfilter at
http://www.ipfilter.org/ .

        Next, I highly recommend Lance Spitzner's article, "Armoring
Solaris."  (http://www.spitzner.net/armoring.html)  Also pick up "Yet
Another Solaris Security Package (YASSP)" at http://www.yassp.org/ .

        If you're unfamiliar with compiling your own programs, go to
SunFreeWare (http://www.sunfreeware.com/).

Also, I would like to know what file(s) hold info on which services use
which ports.


        As root, run 'netstat -anp'.  This will show you what service is
bound to what port.  A lot of what you're seeing here will be under the
blanket 'inetd'.  You'll need to go through /etc/inetd.conf to
disable those.

        You can also download and install the List Open Files (lsof)
utility (http://people.freebsd.org/~abe/).  Once installed, just run
'lsof -Pni' to see what services are listening.

- -Jay

  (    (                                                         _______
  ))   ))  .--"There's always time for a good cup of coffee."--.  >====<--.
C|~~|C|~~| )>------ Jay D. Dyson - jdyson () treachery net ------<( |    = |-'
 `--' `--' `-If you wanna make God laugh, tell Him your plans.-' `------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iD8DBQFAo7096uxsHJ5aYG4RAkRFAJ92fxavCQ6knZFoj+EMBowZMb8KhACfbDGT
4bMVpdAR+eR9V6JnCjW9KQA=
=ZqNk
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

locking down my solaris box Juan Declet (May 13)
- RE: locking down my solaris box Robert Escue (May 14)
- Re: locking down my solaris box John Jasen (May 14)
- Re: locking down my solaris box Ivan Angelov (May 14)
- Re: locking down my solaris box Jay D. Dyson (May 14)
- <Possible follow-ups>
- RE: locking down my solaris box Amin Tora (May 14)
- Re: locking down my solaris box Ivan Coric (May 17)