[TriLUG] iptables/ipchains (WAS: Security woes)

Jon Carnes jonc at nc.rr.com
Fri Jan 18 10:11:12 EST 2002 

In /etc/xinetd.d/..  look for the config file for the service you want to
start.  Edit the file and change "disabled   =  yes" to "disabled  = no"

To start Openssh server:  "/etc/rc.d/init.d/sshd start"

Jon Carnes
----- Original Message -----
From: "Vestal, Roy L." <rvestal at rti.org>
To: "'Lisa Lorenzin'" <lorenzin at 1000plus.com>
Cc: "'Trilug-Triangle Linux Users Group'" <trilug at trilug.org>
Sent: Friday, January 18, 2002 8:55 AM
Subject: RE: [TriLUG] iptables/ipchains (WAS: Security woes)


> Okey, here's my "DOH!!"
>
> telnet server, wu-ftp server, and openssh server were not installed!
DOH!.
> I've installed the stock ones from RHL 7.2. I am a newbie in the server
> arena (setup wise), and I've learned the "stock" box isn't best. But I'm
not
> sure how to start these, since I am used to inetd and 7.2 uses xinetd.
>
> So the server packages are now installed. Now what?
>
> -----Original Message-----
> From: Lisa Lorenzin [mailto:lorenzin at 1000plus.com]
> Sent: Thursday, January 17, 2002 5:20 PM
> To: Vestal, Roy L.
> Subject: RE: [TriLUG] iptables/ipchains (WAS: Security woes)
>
>
>
> hi roy,
>
> just a quick check - are you sure that the telnet, ftp, and vnc are
> running on the box, and accepting outside connections?  is it possible
> that your daemons aren't running / listening?
>
> does ps -ef | grep telnet show your telnet daemon running?  does netstat
> -an show your box listening on port 23?  is there anything in your
> /etc/hosts.allow or hosts.deny?
>
> can you get ANYTHING in to the box?  web connections?  ssh?
>
> (sorry for the no-brainer questions, but i usually try to start at the
> very beginning when troubleshooting this kind of thing.)
>
> have you tried using tcpdump to see whether your box is receiving any
> traffic requests?  run
>
> tcpdump -i eth0 -v > /tmp/tcpdump.output
>
> and then try to telnet to the box from another system, and then wait a
> couple minutes minutes (it takes a while for tcpdump to write out all its
> data), then kill tcpdump and grep/eyeball the output file for the ip
> address of the other box.
>
> also, after you attempt to telnet in, go into /var/log and grep * <ip
> address of other box> to see if anything shows up in there.
>
> if these are way too obvious and you've already gone through all this, i'm
> sorry for cluttering your inbox...
>
> lisa
>
> --
> lisa lorenzin   |   lorenzin at 1000plus.com   |
> http://www.1000plus.com/lisa/
> # find / -user your -name base -print0 | xargs -0 chown us
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug

More information about the TriLUG mailing list