On Mon, Mar 18, 2002 at 10:02:25PM -0600, Dave Erickson wrote:
> Hi all, I am trying to lock my system down and have a quick question.
> 
> After all i've done I still have two ports showing open,
> 
> 111/tcp    open        sunrpc                 
> 6000/tcp   open        X11
> 
> I set  /etc/hosts.deny to ALL:ALL am I vulnerable with these ports open? 
> If so what is the best way to close them?

sunrpc is for portmap.  if you need NFS, you must run portmap.  In
which case you need to add hosts.allow or hosts.deny lines for portmap.
Remember to use IP addresses and netmasks only for portmap.

    # hosts.allow
    ALL: LOCAL
    sshd: ALL

    # hosts.deny line
    ALL: PARANOID
    sshd: bad.host.tld
    portmap: ALL 192.168.1.254 EXCEPT 192.168.1.0/24

The X11 is your X server.  Use the "-nolisten tcp" option for your X
server in its respective startup script (i.e. gdm.conf, etc).  Use ssh
X11 forwarding to display X apps from remote hosts.

An alternative for NFS is to do NFS over tcp and use the SSL library or
sslwrap to encrypt the traffic.  Then shut off all portmap except for
localhost, etc....

Good luck.  Oh, and if worse comes to worse, use ip filters (ipchains or
iptables) to block traffic that libwrap can't catch.

-- 
Chad Walstrom <chewie at wookimus.net>                 | a.k.a. ^chewie
http://www.wookimus.net/                            | s.k.a. gunnarr
Get my public key, ICQ#, etc. $(mailx -s 'get info' chewie at wookimus.net)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20020318/2463d790/attachment.pgp