Manualshelf

User guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 4 - SELINUX GUIDE
61626364656667686970
TCP Wrappers and xinetd
51
This output shows the system is running portmap due to the presence of the sunrpc service.
However, there is also a mystery service on port 834. To check if the port is associated with the official
list of known services, type:
cat /etc/services | grep 834
This command returns no output for port 834. Due to the format of the command, output for other ports
(1834, 2834, and 3834) will be shown. This indicates that while the port 834 is in the reserved range
(meaning 0 through 1023) and requires root access to open, it is not associated with a known service.
Next, check for information about the port using netstat or lsof. To check for port 834 using
netstat, use the following command:
netstat -anp | grep 834
The command returns the following output:
tcp 0 0 0.0.0.0:834 0.0.0.0:* LISTEN 653/ypbind
The presence of the open port in netstat is reassuring because a cracker opening a port
surreptitiously on a hacked system is not likely to allow it to be revealed through this command. Also,
the [p] option reveals the process ID (PID) of the service that opened the port. In this case, the open
port belongs to ypbind (NIS), which is an RPC service handled in conjunction with the portmap
service.
The lsof command reveals similar information to netstat since it is also capable of linking open
ports to services:
lsof -i | grep 834
The relevant portion of the output from this command follows:
ypbind 653 0 7u IPv4 1319 TCP *:834 (LISTEN)
ypbind 655 0 7u IPv4 1319 TCP *:834 (LISTEN)
ypbind 656 0 7u IPv4 1319 TCP *:834 (LISTEN)
ypbind 657 0 7u IPv4 1319 TCP *:834 (LISTEN)
These tools reveal a great deal about the status of the services running on a machine. These tools are
flexible and can provide a wealth of information about network services and configuration. Refer to the
man pages for lsof, netstat, nmap, and services for more information.
2.3. TCP Wrappers and xinetd
Controlling access to network services is one of the most important security tasks facing a server
administrator. Red Hat Enterprise Linux provides several tools for this purpose. For example, an
iptables-based firewall filters out unwelcome network packets within the kernel's network stack.
For network services that utilize it, TCP Wrappers add an additional layer of protection by defining
which hosts are or are not allowed to connect to "wrapped" network services. One such wrapped
network service is the xinetd super server. This service is called a super server because it controls
connections to a subset of network services and further refines access control.
Figure 2.4, “Access Control to Network Services” is a basic illustration of how these tools work
together to protect network services.