Linux help
Thread Starter
Joined: Aug 2001
Posts: 1,610
Likes: 1
From: Clearlake, CA
Originally posted by cthree
Ok, I think I remember what's going on here. Type netstat -nr. You probably have 2 routes to 0.0.0.0. You need to remove one of them. I think you've got two default routes.
Ok, I think I remember what's going on here. Type netstat -nr. You probably have 2 routes to 0.0.0.0. You need to remove one of them. I think you've got two default routes.
PS: probably not reachable now, rebooting, etc.
Registered User
Joined: Oct 2001
Posts: 1,611
Likes: 0
From: Melbourne
0.0.0.0 means default route. You can go, "route del default" and it will remove one of them..which one? who knows hehe..
tell me which interface is what?
example:
eth0 internal dhcp
eth1 external static
tell me which interface is what?
example:
eth0 internal dhcp
eth1 external static
Registered User
Joined: Oct 2001
Posts: 1,611
Likes: 0
From: Melbourne
Lane,
You're running a lot of extraneous services that could lead to the compromise of your system. I'd recommend shutting off all services unless you absolutely need them!
You're running:
Port State Service
13/tcp open daytime
21/tcp open ftp
23/tcp open telnet
37/tcp open time
79/tcp open finger
111/tcp open sunrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
514/tcp open shell
548/tcp open afpovertcp
1024/tcp open kdm
The only one you need is ftp right? You really should be using ssh for remote admin instead of telnet. You can shutdown and prevent the following services from starting up by issuing the following commands as root: (these are xinetd based services)
chkconfig daytime off
chkconfig time off
chkconfig finger off
chkconfig rsh off
You also have standalone daemons running that should be turned off. So you'll need to issue 2 commands per daemon - one to shut if off now, and the other to prevent it from starting at next boot time.
chkconfig portmap off
service portmap stop
chkconfig nfslock off
service nfslock off
If you want to disable telnet and use SSH instead, follow the above commands for an xinetd based service, then turn on sshd and start it up at next boot with the following commands:
chkconfig telnet off
service sshd start
chkconfig sshd on
Additionally, upgrade Wu-ftpd asap!
I can help with samba also if you need it. Also, you can read O'reilly's Samba book at my site listed below.
You're running a lot of extraneous services that could lead to the compromise of your system. I'd recommend shutting off all services unless you absolutely need them!
You're running:
Port State Service
13/tcp open daytime
21/tcp open ftp
23/tcp open telnet
37/tcp open time
79/tcp open finger
111/tcp open sunrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
514/tcp open shell
548/tcp open afpovertcp
1024/tcp open kdm
The only one you need is ftp right? You really should be using ssh for remote admin instead of telnet. You can shutdown and prevent the following services from starting up by issuing the following commands as root: (these are xinetd based services)
chkconfig daytime off
chkconfig time off
chkconfig finger off
chkconfig rsh off
You also have standalone daemons running that should be turned off. So you'll need to issue 2 commands per daemon - one to shut if off now, and the other to prevent it from starting at next boot time.
chkconfig portmap off
service portmap stop
chkconfig nfslock off
service nfslock off
If you want to disable telnet and use SSH instead, follow the above commands for an xinetd based service, then turn on sshd and start it up at next boot with the following commands:
chkconfig telnet off
service sshd start
chkconfig sshd on
Additionally, upgrade Wu-ftpd asap!
I can help with samba also if you need it. Also, you can read O'reilly's Samba book at my site listed below.
Registered User
Joined: Jan 2001
Posts: 1,414
Likes: 0
From: Houston, Texas
Yes Yes...
Get rid of those extra services, especially finger, rsh and time.... these are the first places to compromise a system, as well as wu-ftp..... update it.
Ah.... I love nmap
Dale
Get rid of those extra services, especially finger, rsh and time.... these are the first places to compromise a system, as well as wu-ftp..... update it.
Ah.... I love nmap
Dale
Registered User
Joined: Oct 2001
Posts: 1,611
Likes: 0
From: Melbourne
I would ditch wu-ftpd completely and replace it with something more secure, such as pro-ftpd, or I'd even consider running OpenBSD's ftp server. There are soooo many remote r00t exploits for wu it's not even funny.
Thread Starter
Joined: Aug 2001
Posts: 1,610
Likes: 1
From: Clearlake, CA
I wouldn't mind running pro-ftpd, and have once before...but it took days to get it setup correctly. Is there an "easy" install method for it for RedHat 7.1 (I checked, I am running 7.1).
Thanks for the info on the other daemons, I'll turn them off asap. (I had finger running so I could have a .plan up, but never got around to it so might as well turn it off).
I used RH's "up2date" to update wu-ftpd, so short term that should be OK.
Thanks for the info on the other daemons, I'll turn them off asap. (I had finger running so I could have a .plan up, but never got around to it so might as well turn it off).
I used RH's "up2date" to update wu-ftpd, so short term that should be OK.