View Full Version : Securing Security Lab
29th June 2010, 01:59 PM
I ran the LiveCD of Fedora SecurityLab and noticed these ports open, 111,631, 34526.
How can I close them and what runs behind them. I know 111 is rpcbind, 631 ipp and 34526 is unknown.
29th June 2010, 05:02 PM
Shut down CUPS, RPC and any related services. 34526 is an ephemeral port so you won't find it with 'getent services 34526' but 'lsof -Pwni :34526' should if in use (using 'netstat -antupe|grep 34526' being as convoluted as 'ps|grep' or 'cat|less'). You should also raise your firewall to only allow any traffic you need (SPOF) and use "-j LOG" target rules where necessary for auditing purposes.
29th June 2010, 08:39 PM
Yea but it runs of the standard cd, without or before having modified anything.
But how can I shut down RPC and CUPS in the meantime?
29th June 2010, 09:35 PM
To shut down until next reboot: "service cups stop" (as root user in terminal), same for RPC (service name is "portmap").
To disable permanently, in a root terminal open "ntsysv", then remove the checks for these services.
30th June 2010, 03:35 PM
Thanks I found it.
And its rpcbind not portmapd. But thanks assen that helped.
vBulletin® v3.8.7, Copyright ©2000-2013, vBulletin Solutions, Inc.