RE: locking down my solaris box
From: Robert Escue (roescue_at_cox.net)
Date: 05/13/04
- Previous message: Chris Curtiss: "RE: Administrator's Journal"
- In reply to: Juan Declet: "locking down my solaris box"
- Next in thread: John Jasen: "Re: locking down my solaris box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Juan Declet" <Juan.Declet@asu.edu> Date: Thu, 13 May 2004 14:48:00 -0400
Juan,
This looks to me like a default install of Solaris that does not have Secure
Shell installed or running. And why would you have CDE running on a machine
that could probably benefit from the memory not used by CDE (as well as the
security holes that would not be there if it was not running or removed).
you should easily be able to administer the machine with the Solaris
Management Console (another big memory hog).
You might want to start be reading this document from the NSA as well as
documents from SecurityFocus and another favorite site of mine (link
provided below):
http://www.nsa.gov/snac/downloads_sunsol.cfm?MenuID=scg10.3.1.1
http://www.mgmg-interactive.com/mgmg/
Robert Escue
System Administrator
-----Original Message-----
From: Juan Declet [mailto:Juan.Declet@asu.edu]
Sent: Wednesday, May 12, 2004 12:27 PM
To: security-basics@lists.securityfocus.com
Subject: locking down my solaris box
The following services are running in my Solaris machine, according to nmap:
Starting nmap 3.50 ( http://www.insecure.org/nmap ) at 2004-05-11 19:07 US
Mount
ain Standard Time
Interesting ports on myhost.com
(The 1631 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
7/tcp open echo
9/tcp open discard
13/tcp open daytime
19/tcp open chargen
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
512/tcp open exec
513/tcp open login
514/tcp open shell
515/tcp open printer
540/tcp open uucp
587/tcp open submission
898/tcp open sun-manageconsole
901/tcp open samba-swat
5901/tcp open vnc-1
6000/tcp open X11
6001/tcp open X11:1
6112/tcp open dtspc
7100/tcp open font-service
9999/tcp open abyss
32772/tcp open sometimes-rpc7
32775/tcp open sometimes-rpc13
32776/tcp open sometimes-rpc15
32777/tcp open sometimes-rpc17
32778/tcp open sometimes-rpc19
Nmap run completed -- 1 IP address (1 host up) scanned in 44.844 seconds
There are services that I know I need, such as samba-swat,
sun-manageconsole, abyss, vnc, etc.
This server offers http and samba services, but not much else. Can someone
shed some light
on what the echo, discard, daytime, chargen services are for, and if there
is any potential
of hosing the machine if these are disabled? I am trying to lockdown this
machine against intrusions.
Also, I would like to know what file(s) hold info on which services use
which ports.
Regards,
Juan Declet
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
- Previous message: Chris Curtiss: "RE: Administrator's Journal"
- In reply to: Juan Declet: "locking down my solaris box"
- Next in thread: John Jasen: "Re: locking down my solaris box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
