"Patrick Kirk" <[EMAIL PROTECTED]> writes: > 1. Running woody so is there a Woody specific line to add to sources'list > for security updates?
If I understand it correctly Potato will get timely security updates if you use deb http://security.debian.org stable/updates main contrib non-free Sid (unstable) will always get timely security updates, because every package, including security fixes, goes into sid immediately. Woody (testing) will not get timely security updates, because new packages in sid only get moved to woody after a shakeout period. This may have changed recently, but I seem to recall that is how it used to work. > Port State Protocol Service > 9 open tcp discard This port just discards all data it receives. It is not a security risk, other than giving out information that your system is on the net. > 13 open tcp daytime This port returns the time of day as a string, then closes the port. Again, not a security risk. > 21 open tcp ftp You should remove ftpd or whatever package is providing ftp. > 22 open tcp ssh If you want to be able to ssh to your box, then this is ok. Otherwise, reconfigure ssh not to run sshd: dpkg-reconfigure ssh. > 25 open tcp smtp If you want to receive mail on your box, you need this. Otherwise, reconfigure your mail transport agent to not listen but only send. This varies according to the package (sendmail, exim, postfix, etc.). > 37 open tcp time I believe that this is similar to daytime, but returns a 4-byte word containing a time_t. > 53 open tcp domain Unless you need a DNS server, just remove the bind package (or whatever package is providing dns). > 79 open tcp finger Remove the fingerd package. > 80 open tcp http Remove apache (or whatever is providing your web service) > 111 open tcp sunrpc I don't know what package opens up this port. > 113 open tcp auth Remove identd (or pidentd or bidentd). Note that you may want ident if you do irc stuff. > 139 open tcp netbios-ssn Remvoe samba. > 515 open tcp printer Remove lpr, or lprng, or whatever contains the lpd that is listening on that port. > 901 open tcp unknown > 1024 open tcp unknown lsof -i | grep 901 lsof -i | grep 1024 Figure out what programs are opening those ports so you can decide your course of action. I think that 901 may be swat (part of samba) and definitely something you don't want exposed. -- Dave Carrigan ([EMAIL PROTECTED]) | Yow! I pretend I'm living in a UNIX-Apache-Perl-Linux-Firewalls-LDAP-C-DNS | styrofoam packing crate, high in Seattle, WA, USA | th' SWISS ALPS, still unable to http://www.rudedog.org/ | accept th' idea of TOUCH-TONE | DIALING!!
