RE: locking down my solaris box

["Robert Escue" <roescue () cox net>]

Juan,

This looks to me like a default install of Solaris that does not have Secure
Shell installed or running. And why would you have CDE running on a machine
that could probably benefit from the memory not used by CDE (as well as the
security holes that would not be there if it was not running or removed).
you should easily be able to administer the machine with the Solaris
Management Console (another big memory hog).

You might want to start be reading this document from the NSA as well as
documents from SecurityFocus and another favorite site of mine (link
provided below):

http://www.nsa.gov/snac/downloads_sunsol.cfm?MenuID=scg10.3.1.1

http://www.mgmg-interactive.com/mgmg/


Robert Escue
System Administrator

-----Original Message-----
From: Juan Declet [mailto:Juan.Declet () asu edu]
Sent: Wednesday, May 12, 2004 12:27 PM
To: security-basics () lists securityfocus com
Subject: locking down my solaris box


The following services are running in my Solaris machine, according to nmap:

Starting nmap 3.50 ( http://www.insecure.org/nmap ) at 2004-05-11 19:07 US
Mount
ain Standard Time
Interesting ports on myhost.com
(The 1631 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE
7/tcp     open  echo
9/tcp     open  discard
13/tcp    open  daytime
19/tcp    open  chargen
25/tcp    open  smtp
80/tcp    open  http
111/tcp   open  rpcbind
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
512/tcp   open  exec
513/tcp   open  login
514/tcp   open  shell
515/tcp   open  printer
540/tcp   open  uucp
587/tcp   open  submission
898/tcp   open  sun-manageconsole
901/tcp   open  samba-swat
5901/tcp  open  vnc-1
6000/tcp  open  X11
6001/tcp  open  X11:1
6112/tcp  open  dtspc
7100/tcp  open  font-service
9999/tcp  open  abyss
32772/tcp open  sometimes-rpc7
32775/tcp open  sometimes-rpc13
32776/tcp open  sometimes-rpc15
32777/tcp open  sometimes-rpc17
32778/tcp open  sometimes-rpc19

Nmap run completed -- 1 IP address (1 host up) scanned in 44.844 seconds

There are services that I know I need, such as samba-swat,
sun-manageconsole, abyss, vnc, etc.
This server offers http and samba services, but not much else. Can someone
shed some light
on what the echo, discard, daytime, chargen services are for, and if there
is any potential
of hosing the machine if these are disabled? I am trying to lockdown this
machine against intrusions.

Also, I would like to know what file(s) hold info on which services use
which ports.

Regards,
Juan Declet


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------