[NCLUG] Closing ports

R P Herrold herrold at owlriver.com
Sun Apr 22 08:30:34 MDT 2001


On Sun, 22 Apr 2001, dobbster wrote:

> By the way, I do have all of these ports commented out in /etc/services,

<snip lament about not running the service>

... Clip and save ...

Commenting out a given service name in /etc/services does
NOTHING to stop it from running -- /etc/services is just a
'phonebook' allowing for looking up the ports used by a given
service IF it is not already known.  Just as you do not need
to look up your home phone number every time you make a call
home, the portmap binary 'knows' where it is going to ...

Commenting out in /etc/services has NO EFFECT.

-------------------------
Stopping the portmapper --

You do not mention if you are running a Slack or a RH
(BSD-type or SysV-type initscripts) distribution.  In either
case, this should work:

   mv /usr/sbin/portmap  /usr/sbin/portmap-hold

... that is we move the portmap binary away from its usual
location, and the service will not start.  This is a hackish
solution, but should work.

In a host exposed on the public internet, it is much better
is to formally remove the package and its ancillaries, along
with the YP utilities, and R services, and so forth.  A
discussion of this moves to formal hardening and is beyond the
scope of your question.

-- Russ





More information about the NCLUG mailing list