Tuesday, October 27, 2009

Re: [LINUX_Newbies] Re: protecting the root user in Centos

 

On Tue, Oct 27, 2009 at 01:18:06PM -0400, J wrote:
> On Tue, Oct 27, 2009 at 12:43, Scott <scottro@nyc.rr.com> wrote:
>
> > uncomment it and change it to say 7032. (First do grep 7032
> > /etc/services)  When nothing comes back, I know that 7032 isn't being
> > used for anything.  Now, it should read, instead of #Port 22
> > Port 7032
>
> Would "netstat -an |grep $PORT" not be more appropriate?
> /etc/services is IIRC, more a reference and not a list of active
> ports... for example:
>
> telnet 23/tcp
> telnet 23/udp
>
> NONE of my systems even has a telnet daemon installed, but
> /etc/services for each system includes the descriptor for the accepted
> telnet port.
>

Good point--I'd say do both. This way you see what is running, as you
point out, and also what might run in the future. Using telnet as
an example (a bad one, admittedly, as few folks run telnet these days)
say you do netstat -an |grep 23 and see nothing. So, you think 23 will
work. You forget about it, and a month later, decide to put in a telnet
server.

A combination of the two would probably be best--to protect against what
is and what could be.

This way, you know that nothing is running on 7032, and you know that
assuming you use standard ports for anything that might be installed in
the future, nothing is likely to use it either.

Makes sense?

--
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Angel: I'm weak. I've never been anything else. I wanted to lose
myself in you. I know it will cost me my soul, and part of me
didn't care. It's not the demon in me that needs killing, Buffy,
it's the man.

__._,_.___
To unsubscribe from this list, please email LINUX_Newbies-unsubscribe@yahoogroups.com & you will be removed.
Recent Activity
Visit Your Group
Ads on Yahoo!

Learn more now.

Reach customers

searching for you.

Dog Zone

on Yahoo! Groups

Join a Group

all about dogs.

Check out the

Y! Groups blog

Stay up to speed

on all things Groups!

.

__,_._,___

No comments:

Post a Comment