|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
Questions about my home configuration services
Questions about my home configuration services
Code:
$ fstat | grep internet | grep -v -e '>' -e '<' ale Xorg 24090 4* internet6 stream tcp 0xd6057004 *:6000 ale Xorg 24090 6* internet stream tcp 0xd6057194 *:6000 root sendmail 24841 4* internet stream tcp 0xd607a960 127.0.0.1:25 root sendmail 24841 5* internet6 stream tcp 0xd607aaf0 [::1]:25 root sendmail 24841 6* internet stream tcp 0xd607ac80 127.0.0.1:587 root sendmail 24841 7* internet6 stream tcp 0xd607ae10 [::1]:587 root inetd 20616 4* internet stream tcp 0xd607a000 *:113 root inetd 20616 5* internet6 stream tcp 0xd607a190 *:113 root inetd 20616 6* internet dgram udp 127.0.0.1:512 root inetd 20616 7* internet6 dgram udp [::1]:512 root inetd 20616 8* internet stream tcp 0xd607a320 *:13 root inetd 20616 9* internet6 stream tcp 0xd607a4b0 *:13 root inetd 20616 10* internet stream tcp 0xd607a640 *:37 root inetd 20616 11* internet6 stream tcp 0xd607a7d0 *:37 _syslogd syslogd 764 4* internet dgram udp *:514 _dhcp dhclient 12391 8* internet raw ip 0xd6199000 Code:
$ fstat | grep internet | grep -v -e '>' -e '<' ale Xorg 28227 4* internet6 stream tcp 0xd6070960 *:6000 ale Xorg 28227 6* internet stream tcp 0xd6070af0 *:6000 root inetd 30906 4* internet stream tcp 0xd6070000 *:113 root inetd 30906 5* internet6 stream tcp 0xd6070190 *:113 root inetd 30906 6* internet dgram udp 127.0.0.1:512 root inetd 30906 7* internet6 dgram udp [::1]:512 root inetd 30906 8* internet stream tcp 0xd6070320 *:13 root inetd 30906 9* internet6 stream tcp 0xd60704b0 *:13 root inetd 30906 10* internet stream tcp 0xd6070640 *:37 root inetd 30906 11* internet6 stream tcp 0xd60707d0 *:37 _syslogd syslogd 6171 4* internet dgram udp *:514 _dhcp dhclient 28736 8* internet raw ip 0xd6199000 Also i have another question. How can disable service without restart the OS? Note: I have read the Faq 10. |
|
|||
You can also stop Xorg from listing on TCP port 6000, assuming you using ksh as your shell.. add the following into your .kshrc or .profile
Code:
alias startx='/usr/X11R6/bin/startx -- -nolisten tcp' export startx Line 31-34 in /etc/inetd.conf have the daytime/time services, ports 13 and 37 tcp, they may or may not be required. In all honesty, you do not need to disable any of these services.. sendmail listens on localhost so it wasn't a security threat, a lot of system daemons use it for logging. Consider configuring pf(4) instead of blindly disabling services you don't understand.. Take care. Last edited by BSDfan666; 10th June 2008 at 11:43 AM. |
|
||||
Regarding port 6000 listening, see:
http://marc.info/?t=102905976900001&r=1&w=2 and http://marc.info/?t=112532270200004&r=1&w=2 |
|
|||
Quote:
However in this manner i have release additional memory. $top SIZE RES COMMAND 1124K 1496K sendmail Note: I have also disabled the service ssh! However before disable services for which i'm uncertain will ask clarification. |
|
||||
Daemons use syslogd(8). As I mentioned above in http://daemonforums.org/showpost.php?p=5823&postcount=2 sendmail is used for security(8) and the daily(8) management scripts.
Quote:
In addition, you have shown yourself concerned about security. Shutting down sendmail prevents you from seeing the results of security(8) output, which security-conscious admins should be reading every day. Quote:
|
|
|||
Mmm ok i will restart this service.
Perhaps I will try to replace sendmail with postfix or exim. |
|
||||
Quote:
This would be of little value, unless you want to teach yourself postfix/exim.
|
|
|||
Thanks.
|
|
|||
I replace sendmail on every OpenBSD installation..
Postfix IMHO is so much easier to configure /troubleshoot.. About 4 years ago, I tried to configure Sendmail and after 3 days I gave up.. Installed Postfix and had it configured in about 10 minutes.. Jiggimi has also stated a very good point.. Setting up a good spam free email server does require time.. All my SMTP (email) OpenBSD gateways run: - OpenBSD spamd - SpamAssassin - Razor2 - DCC - Amavisd Example.. The office manager at our parish asked me if the (linux) email server was broken. I asked.. "Why"... She said.. I am not getting any SPAM... OpenBSD packages make it very easy to change from Sendmail to Postfix if you so choose.. rk
__________________
All posts sent on ReCycled Electrons... Last edited by roundkat; 12th June 2008 at 02:03 PM. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
k3b, configuration. | maxrussell | FreeBSD Ports and Packages | 4 | 3rd March 2009 04:23 AM |
NFS mount /usr/home? | giddyupman | FreeBSD General | 1 | 1st September 2008 07:06 PM |
start stop services ? | smooth187 | OpenBSD General | 4 | 31st August 2008 01:00 AM |
Learn which services are listening on your box | anomie | Guides | 5 | 14th May 2008 09:59 AM |
Home Button | JMJ_coder | Feedback and Suggestions | 4 | 5th May 2008 05:13 PM |