On Wednesday 08 October 2003 04:57 pm, Staven Bruce wrote: > Thanks for the suggestions Edward and Reuben. > > I should explain a little more and say my server is behind a Cisco PIX > firewall, and that only port 25 and 80 are open to the outside world. But I > was thinking that I should have everything locked down tight on the box as > well, just in case. Am I being paranoid? If you're the only one behind the firewall, than it's unnecessary to try to close all ports. You should only try to see what's port open from outside the Cisco firewall. This is what the world can see. If there are other machines behind the Cisco firewall and you have somekind of a LAN, then it depends on how much you trust your LAN. You can be as paranoid as you wish :), and have another personal firewall on your machine, which essentially only to protect you from other machine on the LAN. Reuben D. Budiardja > > > om: Edward Croft [mailto:ecroft@xxxxxxxxxxxxxxx] > Sent: Wednesday, October 08, 2003 12:25 PM > To: Red Hat List > Subject: Re: Open TCP & UDP Ports > > On Wed, 2003-10-08 at 15:11, Staven Bruce wrote: > > I have a RedHat 8.0 box running Apache and Mailman. I am trying to make > > sure > > > it is locked down. When I run a port scan with nmap, I find the following > > TCP ports open: > > > > 25 -- Mail > > 80 -- WWW > > 111 -- SUN RPC > > 443 -- SSL > > 515 -- spooler > > 6000 -- X Windows > > 32768 -- Filenet > > > > Now, I know I need 80 and 25 open, but can't I just close the rest? How > > do > > I > > > close a specific port within the RedHat OS? > > > > One last question, the port scan also returns 81 UDP ports as open or not > > answering, should I close these as well? > > > > I would appreciate any info..... > > I always err on the conservative side. You can use lokkit and set the > level to high, then tab to customize and open up the ports you need from > there. Then click okay. This should lock down the ports. > Of course others may have other ideas and there are other firewall > tools. I just figured you needed quick and dirty. For more flexible and > configurable, you might try gShield. It has worked for me. > Ed -- Reuben D. Budiardja Department of Physics and Astronomy The University of Tennessee, Knoxville, TN --------------------------------------------------------- "To be a nemesis, you have to actively try to destroy something, don't you? Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect." - Linus Torvalds - -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
