Re: RH 7.1 high security setting

From: Anders Pettersson (anders.pettersson@avitec.se)
Date: 04/09/02 

To: dewt <dewt@kc.rr.com>
From: Anders Pettersson <anders.pettersson@avitec.se>
Date: 09 Apr 2002 10:02:44 +0200

dewt <dewt@kc.rr.com> writes:

> On Monday 08 April 2002 12:44 am, Anders Pettersson wrote:
> > Something is odd. I reinstalled RedHat Linux 7.1 on a test system this
> > weekend and I selected to install the workstation the high security
> > settings and booted it up.
> >
> > I then "nmap -sT":ed myself and realized that 25, 110 and 111 was
> > open, although 25 & 100 was not reachable from the NIC only loopback
> > IF.
> >
> > But rpc was reacheable from the outside.
> >
> > I was wondering, it seems that the people at RH did a pretty good job
> > of not starting every service available as they seem but how could
> > they have missed rpc? Or did I screw something up - I don't think so I
> > took time and answered careful to all the questions in order to
> > install a system with the highest security possible.
> >
> > Earlier RH systems usually came with everything running out of the
> > box, http, ftp, rpc, bind you name it - it got it and it was in heavy
> > need of editing the etc files to turn off what was not needed. I think
> > this is a step in the right direction.
> >
> > I am just fishing for other people's comments on this, private mail is
> > fine as well.

> you might have some special custom rules in, or ipchains isn't set to start in
> your runlevel (type service ipchains restart and scan your machine again)

I did tell it to allow http and ssh inbound traffic so it did
configure ipchains for me, but I said nothing about rpc at all. I have
fixed it now though, the ipchains it had installed had a default
policy of accept on input, output and forward chanins. I changed it to
deny on input and forward and added rules to allow outbound traffic
and it's responses back in then nmap:ed myself again and it was
completely silent from the outside.

I am still curious how rpc ever got there though. I will do some more
experimentation the coming weekend. 

-- 
Anders Pettersson, Test Engineer

Relevant Pages

  • A Very Sick W2K Server
    ... had service pack 3 on it. ... (This was NOT the CD I used to originally install W2K Server. ... starting due to RPC, which it depends on, not being up and I can not Start ... files on its two mapped drives on the server. ...
    (microsoft.public.win2000.general)
  • Re: hp Printer Problem
    ... The people think the Constitution protects their rights; But government sees it as an obstacle to be overcome. ... I am trying to install HP LaserJet 1012 and continually | receive the message "RPC service is unavailable". ... I | upgraded from Win98 to XP Home SP2 with a retail version CD upgrade and ever | since then, ...
    (microsoft.public.windowsxp.hardware)
  • Re: XP Firewall and blaster worm
    ... posts wherein the patch didn't actually install, ... "Is there any way blaster can connect to my TCP port 135 if it ... > interface which listens to RPC without properly checking ...
    (microsoft.public.windowsxp.security_admin)
  • Re: RPC + SP issues????
    ... I will try later today again by unplugging the network cable to see if it can bypass the search for My Documents without having to stop the ISA Services so that the SP1 reinstallation goes well. ... we have a server subnet and a client subnet firewalled in between by ISA 2004 running W2K3. ... Monitoring ISA showed RPC not passing through the firewall. ... If we take the network down to install SP1 ISA2004 will this fix the issues? ...
    (microsoft.public.isa)
  • RE: RPC - HTTP ERRORS
    ... I could not ever get RPC over HTTP to work with Windows Server SP1, ... It seems that if you install Windows Server SP1 -BEFORE- you install ...
    (microsoft.public.exchange.setup)