56


Chapter 5. Server Security


5.7.3. Mail only Users


To help prevent local user exploits on the Sendmail server, it is best for mail users to only access the


Sendmail server using an Email program. Shell accounts on the mail server should not be allowed and


all user shells in the


/etc/passwd


file should be set to


/bin/false


(with the possible exception of


the root user.


5.8. Verifying Which Ports Are Listening


Once you have configured services on the network, it is important to keep tabs on which ports are


actually listening to the systems network interfaces. Any open ports can be evidence of an intrusion.


There are two basic approaches for listing the ports that are listening on the network. The less reliable


approach is to query the network stack by typing commands such as


netstat  an


or


lsof  i


. This


method is less reliable since the program does not connect to the machine from the network, but rather


checks to see what is running. For this reason, these applications are frequent targets for replacement


by attackers. In this way, crackers attempt to cover their tracks if they open network ports.


A more reliable way to check which ports are listening on the network by using a port scanner such


as


nmap


.


The following command issued from the console determines which ports are listening for TCP con 


nections from the network:


nmap  sT  O localhost


The output of this command looks like the following:


Starting nmap V. 3.00 ( www.insecure.org/nmap/ )


Interesting ports on localhost.localdomain (127.0.0.1):


(The 1596 ports scanned but not shown below are in state: closed)


Port


State


Service


22/tcp


open


ssh


111/tcp


open


sunrpc


515/tcp


open


printer


834/tcp


open


unknown


6000/tcp


open


X11


Remote OS guesses: Linux Kernel 2.4.0   2.5.20, Linux 2.5.25 or Gentoo 1.2 Linux 2.4.19 rc1 


rc7)


Nmap run completed    1 IP address (1 host up) scanned in 5 seconds


This output shows the system is running


portmap


due to the presence of the


sunrpc


service. How 


ever, there is also a mystery service on port 834. To check if the port is associated with the official list


of known services, type:


cat /etc/services | grep 834


This command returns no output. This indicates that while the port is in the reserved range (meaning


0 through 1023) and requires root access to open, it is not associated with a known service.


Next, you can check for information about the port using


netstat


or


lsof


. To check for port 834


using


netstat


, use the following command:


netstat  anp | grep 834


The command returns the following output:


tcp


0


0 0.0.0.0:834


0.0.0.0:*


LISTEN


653/ypbind








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      web hosting comparison

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved