|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Test server
Hi
I have this openbsd server set up with rootbsd.net Apache is running. http://204.109.60.194/ How can I check with nmap all security risks on it? Thanks |
|
|||
Code:
nmap -sT 204.109.60.194 Starting Nmap 5.51 ( http://nmap.org ) at 2012-08-01 15:37 EDT Nmap scan report for twy8.x.rootbsd.net (204.109.60.194) Host is up (0.000036s latency). Not shown: 995 closed ports PORT STATE SERVICE 13/tcp open daytime 22/tcp open ssh 37/tcp open time 80/tcp open http 113/tcp open auth Last edited by ocicat; 2nd August 2012 at 05:09 PM. Reason: Please use [code] & [/code] tags when posting command output! |
|
|||
http://serverfault.com/questions/220...t-installation
accepted Daytime and Time and what I would consider "legacy" protocols. My guess is they are included in the default configuration for traditional UNIX-style completeness. They are started by inetd, and unless you need these services (you probably don't if you have to ask) you can disable them by commenting out the relevant lines in your /etc/inetd.conf (see man page). Code:
#ident stream tcp nowait _identd /usr/libexec/identd identd -el #ident stream tcp6 nowait _identd /usr/libexec/identd identd -el #daytime stream tcp nowait root internal #daytime stream tcp6 nowait root internal #time stream tcp nowait root internal #time stream tcp6 nowait root internal ============================================ 3 down vote Given that pf is enabled by default you can make your pf.conf use the default deny method. Assume your interface is fxp0, this is a good starting rule set. Code:
set skip on lo0 block in fxp0 block out fxp0 pass out on fxp0 proto { tcp, udp, icmp } from any to any modulate state pass in on fxp0 proto tcp from any to (fxp0) {22 80} Last edited by ocicat; 2nd August 2012 at 05:11 PM. Reason: Please use [code] & [/code] tags when posting command output! |
|
|||
So, closing all uneeded ports with PF is a good idea? or should I use the config files?
|
|
|||
Feels like stating the obvious. Run the services that you need, and allow access to the ones that require it.
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
SNMP config file test | badguy | OpenBSD Packages and Ports | 14 | 23rd September 2011 06:41 PM |
OpenBSD Packages test needed | J65nko | News | 2 | 29th January 2011 07:15 PM |
[Noob] test a port before install? | Broodjegehaktmetmayo | FreeBSD Ports and Packages | 6 | 13th April 2010 05:43 AM |
test port connection | carpman | FreeBSD Security | 5 | 9th February 2009 11:12 AM |