Manualshelf

User guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 4 - SELINUX GUIDE
51525354555657585960
Chapter 2. Securing Your Network
50
Note
With NFSv4 using Kerberos, this is not the case, since the SECRPC_GSS kernel module does not
utilize UID-based authentication. However, it is still considered good practice not to put the mail
spool directory on NFS shared volumes.
2.2.7.3. Mail-only Users
To help prevent local user exploits on the Sendmail server, it is best for mail users to only access the
Sendmail server using an email program. Shell accounts on the mail server should not be allowed and
all user shells in the /etc/passwd file should be set to /sbin/nologin (with the possible exception
of the root user).
2.2.8. Verifying Which Ports Are Listening
After configuring network services, it is important to pay attention to which ports are actually listening
on the system's network interfaces. Any open ports can be evidence of an intrusion.
There are two basic approaches for listing the ports that are listening on the network. The less reliable
approach is to query the network stack using commands such as netstat -an or lsof -i. This
method is less reliable since these programs do not connect to the machine from the network, but
rather check to see what is running on the system. For this reason, these applications are frequent
targets for replacement by attackers. Crackers attempt to cover their tracks if they open unauthorized
network ports by replacing netstat and lsof with their own, modified versions.
A more reliable way to check which ports are listening on the network is to use a port scanner such as
nmap.
The following command issued from the console determines which ports are listening for TCP
connections from the network:
nmap -sT -O localhost
The output of this command appears as follows:
Starting Nmap 4.68 ( http://nmap.org ) at 2009-03-06 12:08 EST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1711 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
113/tcp open auth
631/tcp open ipp
834/tcp open unknown
2601/tcp open zebra
32774/tcp open sometimes-rpc11
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.17 - 2.6.24
Uptime: 4.122 days (since Mon Mar 2 09:12:31 2009)
Network Distance: 0 hops
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.420 seconds