RE: locking down my solaris box

From: Robert Escue (roescue_at_cox.net)
Date: 05/13/04

  • Next message: jburzenski_at_americanhm.com: "RE: Authenticity of downloads"
    To: "Juan Declet" <Juan.Declet@asu.edu>
    Date: Thu, 13 May 2004 14:48:00 -0400
    
    

    Juan,

    This looks to me like a default install of Solaris that does not have Secure
    Shell installed or running. And why would you have CDE running on a machine
    that could probably benefit from the memory not used by CDE (as well as the
    security holes that would not be there if it was not running or removed).
    you should easily be able to administer the machine with the Solaris
    Management Console (another big memory hog).

    You might want to start be reading this document from the NSA as well as
    documents from SecurityFocus and another favorite site of mine (link
    provided below):

    http://www.nsa.gov/snac/downloads_sunsol.cfm?MenuID=scg10.3.1.1

    http://www.mgmg-interactive.com/mgmg/

    Robert Escue
    System Administrator

    -----Original Message-----
    From: Juan Declet [mailto:Juan.Declet@asu.edu]
    Sent: Wednesday, May 12, 2004 12:27 PM
    To: security-basics@lists.securityfocus.com
    Subject: locking down my solaris box

    The following services are running in my Solaris machine, according to nmap:

    Starting nmap 3.50 ( http://www.insecure.org/nmap ) at 2004-05-11 19:07 US
    Mount
    ain Standard Time
    Interesting ports on myhost.com
    (The 1631 ports scanned but not shown below are in state: closed)
    PORT STATE SERVICE
    7/tcp open echo
    9/tcp open discard
    13/tcp open daytime
    19/tcp open chargen
    25/tcp open smtp
    80/tcp open http
    111/tcp open rpcbind
    139/tcp open netbios-ssn
    445/tcp open microsoft-ds
    512/tcp open exec
    513/tcp open login
    514/tcp open shell
    515/tcp open printer
    540/tcp open uucp
    587/tcp open submission
    898/tcp open sun-manageconsole
    901/tcp open samba-swat
    5901/tcp open vnc-1
    6000/tcp open X11
    6001/tcp open X11:1
    6112/tcp open dtspc
    7100/tcp open font-service
    9999/tcp open abyss
    32772/tcp open sometimes-rpc7
    32775/tcp open sometimes-rpc13
    32776/tcp open sometimes-rpc15
    32777/tcp open sometimes-rpc17
    32778/tcp open sometimes-rpc19

    Nmap run completed -- 1 IP address (1 host up) scanned in 44.844 seconds

    There are services that I know I need, such as samba-swat,
    sun-manageconsole, abyss, vnc, etc.
    This server offers http and samba services, but not much else. Can someone
    shed some light
    on what the echo, discard, daytime, chargen services are for, and if there
    is any potential
    of hosing the machine if these are disabled? I am trying to lockdown this
    machine against intrusions.

    Also, I would like to know what file(s) hold info on which services use
    which ports.

    Regards,
    Juan Declet

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the
    skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------


  • Next message: jburzenski_at_americanhm.com: "RE: Authenticity of downloads"