On Mon, Mar 18, 2002 at 10:02:25PM -0600, Dave Erickson wrote: > Hi all, I am trying to lock my system down and have a quick question. > > After all i've done I still have two ports showing open, > > 111/tcp open sunrpc > 6000/tcp open X11 > > I set /etc/hosts.deny to ALL:ALL am I vulnerable with these ports open? > If so what is the best way to close them? sunrpc is for portmap. if you need NFS, you must run portmap. In which case you need to add hosts.allow or hosts.deny lines for portmap. Remember to use IP addresses and netmasks only for portmap. # hosts.allow ALL: LOCAL sshd: ALL # hosts.deny line ALL: PARANOID sshd: bad.host.tld portmap: ALL 192.168.1.254 EXCEPT 192.168.1.0/24 The X11 is your X server. Use the "-nolisten tcp" option for your X server in its respective startup script (i.e. gdm.conf, etc). Use ssh X11 forwarding to display X apps from remote hosts. An alternative for NFS is to do NFS over tcp and use the SSL library or sslwrap to encrypt the traffic. Then shut off all portmap except for localhost, etc.... Good luck. Oh, and if worse comes to worse, use ip filters (ipchains or iptables) to block traffic that libwrap can't catch. -- Chad Walstrom <chewie at wookimus.net> | a.k.a. ^chewie http://www.wookimus.net/ | s.k.a. gunnarr Get my public key, ICQ#, etc. $(mailx -s 'get info' chewie at wookimus.net) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20020318/2463d790/attachment.pgp