56
Chapter 5. Server Security
5.7.3. Mail only Users
To help prevent local user exploits on the Sendmail server, it is best for mail users to only access the
Sendmail server using an Email program. Shell accounts on the mail server should not be allowed and
all user shells in the
/etc/passwd
file should be set to
/bin/false
(with the possible exception of
the root user.
5.8. Verifying Which Ports Are Listening
Once you have configured services on the network, it is important to keep tabs on which ports are
actually listening to the systems network interfaces. Any open ports can be evidence of an intrusion.
There are two basic approaches for listing the ports that are listening on the network. The less reliable
approach is to query the network stack by typing commands such as
netstat an
or
lsof i
. This
method is less reliable since the program does not connect to the machine from the network, but rather
checks to see what is running. For this reason, these applications are frequent targets for replacement
by attackers. In this way, crackers attempt to cover their tracks if they open network ports.
A more reliable way to check which ports are listening on the network by using a port scanner such
as
nmap
.
The following command issued from the console determines which ports are listening for TCP con
nections from the network:
nmap sT O localhost
The output of this command looks like the following:
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1596 ports scanned but not shown below are in state: closed)
Port
State
Service
22/tcp
open
ssh
111/tcp
open
sunrpc
515/tcp
open
printer
834/tcp
open
unknown
6000/tcp
open
X11
Remote OS guesses: Linux Kernel 2.4.0 2.5.20, Linux 2.5.25 or Gentoo 1.2 Linux 2.4.19 rc1
rc7)
Nmap run completed 1 IP address (1 host up) scanned in 5 seconds
This output shows the system is running
portmap
due to the presence of the
sunrpc
service. How
ever, there is also a mystery service on port 834. To check if the port is associated with the official list
of known services, type:
cat /etc/services | grep 834
This command returns no output. This indicates that while the port is in the reserved range (meaning
0 through 1023) and requires root access to open, it is not associated with a known service.
Next, you can check for information about the port using
netstat
or
lsof
. To check for port 834
using
netstat
, use the following command:
netstat anp | grep 834
The command returns the following output:
tcp
0
0 0.0.0.0:834
0.0.0.0:*
LISTEN
653/ypbind
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved