Securing services on my T40 - Debian

This is a discussion on Securing services on my T40 - Debian ; I see quite a few services active on my Thinkpad. Most of them should be usable only from loopback and not on the eth0 interface. I tried looking at inetd.conf but it's empty. Where do I go to bind some ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Securing services on my T40

  1. Securing services on my T40

    I see quite a few services active on my Thinkpad. Most of them should be
    usable only from loopback and not on the eth0 interface. I tried looking
    at inetd.conf but it's empty.

    Where do I go to bind some (perl is webmin, exim4 is for local delivery
    only, apache do not rem but prolly for webmin ?) of these services only
    on loopback ?

    Debian testing.

    Bob

    tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 5549/portmap
    tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 21571/perl
    tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 21430/apache
    tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 5888/cupsd
    tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 5971/exim4
    tcp 0 0 127.0.0.1:700 0.0.0.0:* LISTEN 6036/famd
    udp 0 0 0.0.0.0:10000 0.0.0.0:* 21571/perl
    udp 0 0 0.0.0.0:68 0.0.0.0:* 28407/dhclient
    udp 0 0 0.0.0.0:111 0.0.0.0:* 5549/portmap
    udp 0 0 0.0.0.0:631 0.0.0.0:* 5888/cupsd


    --
    To UNSUBSCRIBE, email to debian-laptop-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  2. Re: Securing services on my T40

    On Tue, Oct 04, 2005 at 02:21:32PM +0000, Bob Alexander wrote:
    > I see quite a few services active on my Thinkpad. Most of them should be
    > usable only from loopback and not on the eth0 interface. I tried looking
    > at inetd.conf but it's empty.
    >
    > Where do I go to bind some (perl is webmin, exim4 is for local delivery
    > only, apache do not rem but prolly for webmin ?) of these services only
    > on loopback ?
    >
    > Debian testing.


    I think you have to do it on a case-by-case basis, in each server's
    configuration file. For instance, portmap uses /etc/default/portmap,
    where you can say
    OPTIONS="-i 127.0.0.1"
    Exim4 has the local_interfaces directive. Apache has the Listen
    directive. You get the idea ....

    --
    Eric Cooper e c c @ c m u . e d u


    --
    To UNSUBSCRIBE, email to debian-laptop-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  3. Re: Securing services on my T40

    Eric Cooper wrote:
    > On Tue, Oct 04, 2005 at 02:21:32PM +0000, Bob Alexander wrote:
    >
    >>I see quite a few services active on my Thinkpad. Most of them should be
    >>usable only from loopback and not on the eth0 interface. I tried looking
    >>at inetd.conf but it's empty.
    >>
    >>Where do I go to bind some (perl is webmin, exim4 is for local delivery
    >>only, apache do not rem but prolly for webmin ?) of these services only
    >>on loopback ?
    >>
    >>Debian testing.

    >
    >
    > I think you have to do it on a case-by-case basis, in each server's
    > configuration file. For instance, portmap uses /etc/default/portmap,
    > where you can say
    > OPTIONS="-i 127.0.0.1"
    > Exim4 has the local_interfaces directive. Apache has the Listen
    > directive. You get the idea ....
    >


    Yup ... get the idea

    Maybe tcpwrappers could be a nice band-aid

    Thanks,
    Bob


    --
    To UNSUBSCRIBE, email to debian-laptop-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

+ Reply to Thread