Difference between revisions of "Ict-usb-linux"
(→Features) |
|||
| Line 5: | Line 5: | ||
Distribution: Linux Mint 17 | Distribution: Linux Mint 17 | ||
==Features== | ==Features== | ||
| − | + | ===Open Firewall wall - no filtering rules=== | |
** Suggestion: | ** Suggestion: | ||
*** Drop policy on INPUT and Forward chains | *** Drop policy on INPUT and Forward chains | ||
| Line 12: | Line 12: | ||
<pre> | <pre> | ||
/sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT | /sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
| + | </pre> | ||
| + | ===smbd and nmbd services === | ||
| + | * Do you really want to have these on? | ||
| + | <pre> | ||
| + | ict-2014-v1 selinux # netstat -taunp | ||
| + | Active Internet connections (servers and established) | ||
| + | Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name | ||
| + | tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1436/smbd | ||
| + | tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 3237/dnsmasq | ||
| + | tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3004/cupsd | ||
| + | tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1436/smbd | ||
| + | tcp6 0 0 :::139 :::* LISTEN 1436/smbd | ||
| + | tcp6 0 0 ::1:631 :::* LISTEN 3004/cupsd | ||
| + | tcp6 0 0 :::445 :::* LISTEN 1436/smbd | ||
| + | tcp6 1 0 ::1:55026 ::1:631 CLOSE_WAIT 2185/cups-browsed | ||
| + | tcp6 0 0 ::1:55028 ::1:631 ESTABLISHED 2635/cinnamon-setti | ||
| + | tcp6 0 0 ::1:631 ::1:55028 ESTABLISHED 3004/cupsd | ||
| + | udp 0 0 127.0.1.1:53 0.0.0.0:* 3237/dnsmasq | ||
| + | udp 0 0 0.0.0.0:68 0.0.0.0:* 3233/dhclient | ||
| + | udp 0 0 172.18.255.255:137 0.0.0.0:* 3361/nmbd | ||
| + | udp 0 0 172.18.81.236:137 0.0.0.0:* 3361/nmbd | ||
| + | udp 0 0 0.0.0.0:137 0.0.0.0:* 3361/nmbd | ||
| + | udp 0 0 172.18.255.255:138 0.0.0.0:* 3361/nmbd | ||
| + | udp 0 0 172.18.81.236:138 0.0.0.0:* 3361/nmbd | ||
| + | udp 0 0 0.0.0.0:138 0.0.0.0:* 3361/nmbd | ||
| + | udp 0 0 0.0.0.0:631 0.0.0.0:* 2185/cups-browsed | ||
| + | udp 0 0 0.0.0.0:5353 0.0.0.0:* 1231/avahi-daemon: | ||
| + | udp 0 0 0.0.0.0:35063 0.0.0.0:* 1231/avahi-daemon: | ||
| + | udp 0 0 0.0.0.0:14647 0.0.0.0:* 3233/dhclient | ||
| + | udp6 0 0 :::52153 :::* 1231/avahi-daemon: | ||
| + | udp6 0 0 :::28749 :::* 3233/dhclient | ||
| + | udp6 0 0 :::5353 :::* 1231/avahi-daemon: | ||
</pre> | </pre> | ||
Revision as of 10:18, 17 December 2014
ICT Linux USB for First Semester Students
Contents
Version 1, 2014
Date Created: December 2014 Distribution: Linux Mint 17
Features
Open Firewall wall - no filtering rules
- Suggestion:
- Drop policy on INPUT and Forward chains
- Accept policy on OUTPUT chains
- Add accept rule to FORWARD chain to allow "ESTABLISHED" and "RELATED" packets
- Suggestion:
/sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
smbd and nmbd services
- Do you really want to have these on?
ict-2014-v1 selinux # netstat -taunp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1436/smbd tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 3237/dnsmasq tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3004/cupsd tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1436/smbd tcp6 0 0 :::139 :::* LISTEN 1436/smbd tcp6 0 0 ::1:631 :::* LISTEN 3004/cupsd tcp6 0 0 :::445 :::* LISTEN 1436/smbd tcp6 1 0 ::1:55026 ::1:631 CLOSE_WAIT 2185/cups-browsed tcp6 0 0 ::1:55028 ::1:631 ESTABLISHED 2635/cinnamon-setti tcp6 0 0 ::1:631 ::1:55028 ESTABLISHED 3004/cupsd udp 0 0 127.0.1.1:53 0.0.0.0:* 3237/dnsmasq udp 0 0 0.0.0.0:68 0.0.0.0:* 3233/dhclient udp 0 0 172.18.255.255:137 0.0.0.0:* 3361/nmbd udp 0 0 172.18.81.236:137 0.0.0.0:* 3361/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 3361/nmbd udp 0 0 172.18.255.255:138 0.0.0.0:* 3361/nmbd udp 0 0 172.18.81.236:138 0.0.0.0:* 3361/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 3361/nmbd udp 0 0 0.0.0.0:631 0.0.0.0:* 2185/cups-browsed udp 0 0 0.0.0.0:5353 0.0.0.0:* 1231/avahi-daemon: udp 0 0 0.0.0.0:35063 0.0.0.0:* 1231/avahi-daemon: udp 0 0 0.0.0.0:14647 0.0.0.0:* 3233/dhclient udp6 0 0 :::52153 :::* 1231/avahi-daemon: udp6 0 0 :::28749 :::* 3233/dhclient udp6 0 0 :::5353 :::* 1231/avahi-daemon:
