DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 1st August 2012
barti barti is offline
Shell Scout
 
Join Date: Jul 2012
Posts: 122
Thanked 0 Times in 0 Posts
Default Test server

Hi


I have this openbsd server set up with rootbsd.net

Apache is running.


http://204.109.60.194/


How can I check with nmap all security risks on it?



Thanks
Reply With Quote
  #2   (View Single Post)  
Old 1st August 2012
barti barti is offline
Shell Scout
 
Join Date: Jul 2012
Posts: 122
Thanked 0 Times in 0 Posts
Default

Code:
nmap -sT  204.109.60.194

Starting Nmap 5.51 ( http://nmap.org ) at 2012-08-01 15:37 EDT
Nmap scan report for twy8.x.rootbsd.net (204.109.60.194)
Host is up (0.000036s latency).
Not shown: 995 closed ports
PORT    STATE SERVICE
13/tcp  open  daytime
22/tcp  open  ssh
37/tcp  open  time
80/tcp  open  http
113/tcp open  auth
How can I close the uneeded ports?

Last edited by ocicat; 2nd August 2012 at 05:09 PM. Reason: Please use [code] & [/code] tags when posting command output!
Reply With Quote
  #3   (View Single Post)  
Old 2nd August 2012
barti barti is offline
Shell Scout
 
Join Date: Jul 2012
Posts: 122
Thanked 0 Times in 0 Posts
Default

http://serverfault.com/questions/220...t-installation


accepted Daytime and Time and what I would consider "legacy" protocols. My guess is they are included in the default configuration for traditional UNIX-style completeness. They are started by inetd, and unless you need these services (you probably don't if you have to ask) you can disable them by commenting out the relevant lines in your /etc/inetd.conf (see man page).
Code:
#ident           stream  tcp     nowait  _identd /usr/libexec/identd     identd -el
#ident           stream  tcp6    nowait  _identd /usr/libexec/identd     identd -el
#daytime        stream  tcp     nowait  root    internal
#daytime        stream  tcp6    nowait  root    internal
#time           stream  tcp     nowait  root    internal
#time           stream  tcp6    nowait  root    internal
kill -HUP `cat /var/run/inetd.pid`


============================================


3

down vote Given that pf is enabled by default you can make your pf.conf use the default deny method. Assume your interface is fxp0, this is a good starting rule set.
Code:
set skip on lo0

block in  fxp0
block out fxp0

pass out on fxp0 proto { tcp, udp, icmp } from any to any modulate state

pass in on fxp0 proto tcp from any to (fxp0) {22 80}

Last edited by ocicat; 2nd August 2012 at 05:11 PM. Reason: Please use [code] & [/code] tags when posting command output!
Reply With Quote
  #4   (View Single Post)  
Old 2nd August 2012
barti barti is offline
Shell Scout
 
Join Date: Jul 2012
Posts: 122
Thanked 0 Times in 0 Posts
Default

So, closing all uneeded ports with PF is a good idea? or should I use the config files?
Reply With Quote
  #5   (View Single Post)  
Old 2nd August 2012
denta denta is offline
Fdisk Soldier
 
Join Date: Nov 2009
Posts: 73
Thanked 0 Times in 0 Posts
Default

Feels like stating the obvious. Run the services that you need, and allow access to the ones that require it.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SNMP config file test badguy OpenBSD Packages and Ports 14 23rd September 2011 06:41 PM
OpenBSD Packages test needed J65nko News 2 29th January 2011 07:15 PM
[Noob] test a port before install? Broodjegehaktmetmayo FreeBSD Ports and Packages 6 13th April 2010 05:43 AM
test port connection carpman FreeBSD Security 5 9th February 2009 11:12 AM


All times are GMT. The time now is 11:37 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick