[Wolves] firewalls

Chris Procter Chris at foxonline.co.uk
Thu Oct 30 10:58:08 GMT 2003


Hi,
Welcome to the wonderfull world of Linux startup. Preventing unused services
from starting can really help boot times so its worth doing even if your
firewall stops the security risk.

portmapper is used by NFS (Suns Network File System, the process is
'nfsserver' iirc) so you need it if your running that, otherwise in
/etc/init.d/rc3.d (or similar they put them in slightly different paths on
different distros, Im using SuSE) you'll have a file called S99portmapper
(or similar, the numbers change) which is a symbolic link to a file
/etc/init.d/portmapper (again this varies slightly with distro) which is a
shell script that manages (generally start, stop, restart) the service. 

To stop the service you can use the command:-
/etc/init.d/portmapper stop

and then you can delete the /etc/init.d/rc3.d/S99portmapper link which will
prevent portmapper restarting when you reboot.

Explanation:-
When linux moves into a runlevel (3 is command line, 5 is x-windows the
others a just transitional stages in the boot process generally) it looks in
the /etc/init.d/rc.X (where X is the run level its moving to) directory,
finds all the files starting with K and goes through them from K1 to K99
striping off the Kxx part and running 'filename stop' (so if theres a
K99portmapper link it would do all the others first and then run
'./portmapper stop' which runs the shell script its linked to in
/etc/init.d), it then goes through all the S files from 1 to 99 issuing
'start' commands.

So when you boot up, linux moves into runlevel 1 then 2 then 3 stopping (or
killing thus the K) services and starting new ones according to the K and S
links it finds in the rc1.d, rc2.d, and rc3.d directories, if it finds a
S[0-9][0-9]portmapper link it will run '/etc/init.d/rc3.d/portmapper start'
and so open up port 111, if not it wont. (When you startx from the command
line it then moves into runlevel 4 and then 5 starting and stopping those
services, if you boot straight into X then of course it does them all from 1
to 5 while its booting)

Kde has a nice little tool that will allow you to do all this with a GUI. 


chris








-----Original Message-----
From: fizzy [mailto:fizzyorguk at yahoo.com]
Sent: 30 October 2003 10:07
To: Wolverhampton Linux User Group
Subject: Re: [Wolves] firewalls


 --- david <nux at blueyonder.co.uk> wrote: > Port 111
> you are right
> a bad thing?
> hmm
> how do i close it?

I thought it would have been in /etc/inetd.conf but
apparantly not, google tells me:

"111 is portmaper, its in /etc/init.d, you can stop
the services with ./portmap
stop then remove the sym link to the run level or
chmod the script to 0400 and it
wont run on boot in future."

Does that make sense or should I give further info?

fizz

________________________________________________________________________
Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://mail.messenger.yahoo.co.uk

_______________________________________________
Wolves LUG mailing list
Homepage: http://www.wolveslug.org.uk/
Mailing list: Wolves at mailman.lug.org.uk
Mailing list home: http://mailman.lug.org.uk/mailman/listinfo/wolves


**********************************************************************
Any opinions expressed in this email are those of the individual
and not necessarily those of Fox Online.
This email and any files transmitted with it, including replies and
forwarded copies (which may contain alterations) subsequently transmitted
from Fox Online, are confidential and solely for the use
of the intended recipient.
If you have received this email in error please notify Fox Online by
telephone on +44 (0)121 693 1424.
**********************************************************************




More information about the Wolves mailing list