Re: locking down my solaris box

["Ivan Coric" <ivan.coric () workcoverqld com au>]

Hi Juan,
You can comfortable turn of echo, discard, daytime, chargen. 

Some Solaris hardening links:
http://www.softpanorama.org/Solaris/hardening.shtml

http://www.sun.com/bigadmin/content/submitted/Solaris_build_document.pdf

http://www.securityfocus.com/infocus/1365

Port descriptions
http://www.iana.org/assignments/port-numbers

cheers
Ivan


Ivan Coric, CISSP
IT Technical Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: ivan.coric () workcoverqld com au

> > > Juan Declet <Juan.Declet () asu edu> 05/13/04 02:27am >>>
The following services are running in my Solaris machine, according to nmap:

Starting nmap 3.50 ( http://www.insecure.org/nmap ) at 2004-05-11 19:07 US Mount
ain Standard Time
Interesting ports on myhost.com
(The 1631 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE
7/tcp     open  echo
9/tcp     open  discard
13/tcp    open  daytime
19/tcp    open  chargen
25/tcp    open  smtp
80/tcp    open  http
111/tcp   open  rpcbind
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
512/tcp   open  exec
513/tcp   open  login
514/tcp   open  shell
515/tcp   open  printer
540/tcp   open  uucp
587/tcp   open  submission
898/tcp   open  sun-manageconsole
901/tcp   open  samba-swat
5901/tcp  open  vnc-1
6000/tcp  open  X11
6001/tcp  open  X11:1
6112/tcp  open  dtspc
7100/tcp  open  font-service
9999/tcp  open  abyss
32772/tcp open  sometimes-rpc7
32775/tcp open  sometimes-rpc13
32776/tcp open  sometimes-rpc15
32777/tcp open  sometimes-rpc17
32778/tcp open  sometimes-rpc19

Nmap run completed -- 1 IP address (1 host up) scanned in 44.844 seconds

There are services that I know I need, such as samba-swat, sun-manageconsole, abyss, vnc, etc.
This server offers http and samba services, but not much else. Can someone shed some light
on what the echo, discard, daytime, chargen services are for, and if there is any potential
of hosing the machine if these are disabled? I am trying to lockdown this machine against intrusions.

Also, I would like to know what file(s) hold info on which services use which ports.

Regards,
Juan Declet


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are 
guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a 
course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking 
lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html 
----------------------------------------------------------------------------







***************************************************************************
Messages included in this e-mail and any of its attachments are those
of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used 
for the intended purpose only and are to be kept confidential at all times.
This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this 
information should be deleted promptly and the sender notified.
This e-mail has been scanned by Sophos for known viruses.
However, no warranty nor liability is implied in this respect.
**********************************************************************


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------