Can't stop Solaris services.
Smart
Thank you for your help. Can't found any service (POP, LDAP) in the "
inetd.conf " file, I have already test the services status (telnet
10.10.1.100 25 / telnet 10.10.1.100 110....) in other server but no reponse.
In addition I have also try scan the port and show me that the port is open,
sure the services is not run on the server. Can you help me to solve the
problem.
Thank you very much.
****************************************************************************
**
bash-2.05# cat inetd.conf
#
# Copyright 1989-2002 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#ident "@(#)inetd.conf 1.51 02/11/19 SMI"
#
# Configuration file for inetd(1M). See inetd.conf(4).
#
# To re-configure the running inetd process, edit this file, then
# send the inetd process a SIGHUP.
#
# Syntax for socket-based Internet services:
# <service_name> <socket_type> <proto> <flags> <user> <server_pathname>
<args>
#
# Syntax for TLI-based Internet services:
#
# <service_name> tli <proto> <flags> <user> <server_pathname> <args>
#
# IPv6 and inetd.conf
# By specifying a <proto> value of tcp6 or udp6 for a service, inetd will
# pass the given daemon an AF_INET6 socket. The following daemons have
# been modified to be able to accept AF_INET6 sockets
#
# ftp telnet shell login exec tftp finger printer
#
# and service connection requests coming from either IPv4 or IPv6-based
# transports. Such modified services do not normally require separate
# configuration lines for tcp or udp. For documentation on how to do this
# for other services, see the Solaris System Administration Guide.
#
# You must verify that a service supports IPv6 before specifying <proto> as
# tcp6 or udp6. Also, all inetd built-in commands (time, echo, discard,
# daytime, chargen) require the specification of <proto> as tcp6 or udp6
#
# The remote shell server (shell) and the remote execution server
# (exec) must have an entry for both the "tcp" and "tcp6" <proto> values.
#
# Finger, systat and netstat give out user information which may be
# valuable to potential "system crackers." Many sites choose to disable
# some or all of these services to improve security.
#
systat stream tcp nowait root /usr/bin/ps ps -ef
netstat stream tcp nowait root /usr/bin/netstat netstat -f
inet
#
# Time service is used for clock synchronization.
#
time stream tcp6 nowait root internal
time dgram udp6 wait root internal
#
# Echo, discard, daytime, and chargen are used primarily for testing.
#
##echo stream tcp6 nowait root internal
##echo dgram udp6 wait root internal
discard stream tcp6 nowait root internal
discard dgram udp6 wait root internal
daytime stream tcp6 nowait root internal
daytime dgram udp6 wait root internal
##chargen stream tcp6 nowait root internal
##chargen dgram udp6 wait root internal
#
#
# RPC services syntax:
# <rpc_prog>/<vers> <endpoint-type> rpc/<proto> <flags> <user> \
# <pathname> <args>
#
# <endpoint-type> can be either "tli" or "stream" or "dgram".
# For "stream" and "dgram" assume that the endpoint is a socket descriptor.
# <proto> can be either a nettype or a netid or a "*". The value is
# first treated as a nettype. If it is not a valid nettype then it is
# treated as a netid. The "*" is a short-hand way of saying all the
# transports supported by this system, ie. it equates to the "visible"
# nettype. The syntax for <proto> is:
# *|<nettype|netid>|<nettype|netid>{[,<nettype|netid>]}
# For example:
# dummy/1 tli rpc/circuit_v,udp wait root
/tmp/test_svc test_svc
#
# Solstice system and network administration class agent server
##100232/10 tli rpc/udp wait root /usr/sbin/sadmind sadmind
#
# rpc.cmsd is a data base daemon which manages calendar data backed
# by files in /var/spool/calendar
#
#
# Sun ToolTalk Database Server
#
100083/1 tli rpc/tcp wait root /usr/dt/bin/rpc.ttdbserverd
rpc.ttdbserverd
#
# Sun KCMS Profile Server
#
##100221/1 tli rpc/tcp wait root /usr/openwin/bin/kcms_server
kcms_server
#
# Sun Font Server
#
fs stream tcp6 wait nobody /usr/openwin/lib/fs.auto fs
#
# CacheFS Daemon
#
100235/1 tli rpc/ticotsord wait root /usr/lib/fs/cachefs/cachefsd cachefsd
# OCFSERV - OCF (Smart card) Daemon
##100150/1 tli rpc/ticotsord wait root /usr/sbin/ocfserv
ocfserv
dtspc stream tcp6 nowait root /usr/dt/bin/dtspcd /usr/dt/bin/dtspcd
100068/2-5 dgram rpc/udp wait root /usr/dt/bin/rpc.cmsd rpc.cmsd
# KTKT_WARND - Kerberos V5 Warning Messages Daemon
##100134/1 tli rpc/ticotsord wait root
/usr/lib/krb5/ktkt_warnd ktkt_warnd
# GSSD - GSS Daemon
##100234/1 tli rpc/ticotsord wait root /usr/lib/gss/gssd
gssd
# METAD - SLVM metadb Daemon
##100229/1-2 tli rpc/tcp wait root /usr/sbin/rpc.metad
rpc.metad
# METAMHD - SLVM HA Daemon
##100230/1 tli rpc/tcp wait root /usr/sbin/rpc.metamhd
rpc.metamhd
# METAMEDD - SLVM Mediator Daemon
##100242/1 tli rpc/tcp wait root /usr/sbin/rpc.metamedd
rpc.metamedd
# MDMN_COMMD - SVM Multi Node Communication Daemon
##100422/1 tli rpc/tcp wait root /usr/sbin/rpc.mdcommd
rpc.mdcommd
# LPD - Print Protocol Adaptor (BSD listener)
##printer stream tcp6 nowait root /usr/lib/print/in.lpd
in.lpd
# RQUOTAD - rquotad server supports UFS disk quotas for NFS clients
##rquotad/1 tli rpc/datagram_v wait root /usr/lib/nfs/rquotad
rquotad
# REXD - rexd server provides only minimal authentication
##rexd/1 tli rpc/tcp wait root /usr/sbin/rpc.rexd rpc.rexd
# RSHD - rsh daemon (BSD protocols)
##shell stream tcp nowait root /usr/sbin/in.rshd in.rshd
##shell stream tcp6 nowait root /usr/sbin/in.rshd in.rshd
# RLOGIND - rlogin daemon (BSD protocols)
##login stream tcp6 nowait root /usr/sbin/in.rlogind in.rlogind
# REXECD - rexec daemon (BSD protocols)
##exec stream tcp nowait root /usr/sbin/in.rexecd in.rexecd
##exec stream tcp6 nowait root /usr/sbin/in.rexecd in.rexecd
# COMSATD - comsat daemon (BSD protocols)
##comsat dgram udp wait root /usr/sbin/in.comsat
in.comsat
# TALKD - talk daemon (BSD protocols)
##talk dgram udp wait root /usr/sbin/in.talkd in.talkd
# FINGERD - finger daemon
##finger stream tcp6 nowait nobody /usr/sbin/in.fingerd
in.fingerd
# RSTATD - rstat daemon
##rstatd/2-4 tli rpc/datagram_v wait root
/usr/lib/netsvc/rstat/rpc.rstatd rpc.rstatd
# RUSERSD - rusers daemon (gives out user information)
##rusersd/2-3 tli rpc/datagram_v,circuit_v wait root
/usr/lib/netsvc/rusers/rpc.rusersd rpc.rusersd
# RWALLD - rwall daemon (allows others to post messages to users)
##walld/1 tli rpc/datagram_v wait root
/usr/lib/netsvc/rwall/rpc.rwalld rpc.rwalld
# SPRAYD - spray daemon (used for testing)
##sprayd/1 tli rpc/datagram_v wait root
/usr/lib/netsvc/spray/rpc.sprayd rpc.sprayd
##sun-dr stream tcp wait root /usr/lib/dcs dcs
##sun-dr stream tcp6 wait root /usr/lib/dcs dcs
# TFTPD - tftp server (primarily used for booting)
#tftp dgram udp6 wait root /usr/sbin/in.tftpd in.tftpd -s
/tftpboot
# TNAMED - tname server (it is an obsolete IEN-116 name server protocol)
##name dgram udp wait root /usr/sbin/in.tnamed in.tnamed
# TELNETD - telnet server daemon
##telnet stream tcp6 nowait root /usr/sbin/in.telnetd
in.telnetd
# smserverd to support removable media devices
100155/1 tli rpc/ticotsord wait root
/usr/lib/smedia/rpc.smserverd rpc.smserverd
# FTPD - FTP server daemon
ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd -a
# Kerberos V5 DB Propagation Daemon
##krb5_prop stream tcp nowait root /usr/lib/krb5/kpropd
kpropd
# UUCPD - uucp daemon (must run as root to read /etc/shadow)
##uucp stream tcp nowait root /usr/sbin/in.uucpd in.uucpd
# Standard Type Services Framework (STSF) Font Server
100424/1 tli rpc/ticotsord wait root
/usr/lib/ST/stfsloader stfsloader
****************************************************************************
**
Hello Smart,
Smart wrote:
> Hi All,
>
> The scanning and netstat output below, I using the scanning tool is a "
> SuperScan " and I run the command " /etc/init.d/./sendmail stop " to stop
> SMTP services, how to stop smtp/pop/ldap services.
As one poster mentioned, inetd.conf (or its daemon inetd) may be causing
a number of the services to respond. go through /etc/inetd.conf and
comment out those services which you do not need, then
# kill -HUP "pid of inetd"
to restart inetd.
Some of the ports below are from services which are not started by
inetd. You can determine which process is using the port by running
lsof; I am not sure if it is part of Solaris 9, but you can obtain it
from multiple sources, blastwave being one of them
(http://www.blastwave.org/packages.php/lsof)
# lsof -p "port number"
will list the PID of program using the file; ps -fp pid will give you
the rest of the information. I remember an lsof -i tcp option, you might
like to look into that as well.
From there you can track down where the program is being started and
stop it, possibly removing the startup scripts or renaming their
symbolic links in /etc/rc3.d to something not start with a capital S.
For a fuller explanation search google for "hardening solaris" or go to
http://www.sun.com/blueprints and look through the older security
documents.
I hope this helps.
Kind Regards,
Nathan Dietsch
Nathan Dietsch
Smart wrote:
> Dear Nathan Dietsch,
>
> Thank you for your help. Can't found any service (POP, LDAP) in the "
> inetd.conf " file, I have already test the services status (telnet
> 10.10.1.100 25 / telnet 10.10.1.100 110....) in other server but no reponse.
> In addition I have also try scan the port and show me that the port is open,
> sure the services is not run on the server. Can you help me to solve the
> problem.
I am assuming that you have followed the advice I gave you in the
previous post regarding lsof and so forth.
As far as SMTP and POP3 are concerned, the netstat output from your
previous posts does not list any of those ports being bound to.
I am not familiar with your scanning tool, however nmap reports ports to
which a packet is sent without reply as being filtered. The nmap man
page <http://www.insecure.org/nmap/data/nmap_manpage.html> states that
"Filtered means that a firewall, filter, or other network obstacle is
covering the port and preventing nmap from determining whether the port
is open"
Perhaps your scanning tool is reporting the same "filtered" state and
there really isn't anything there.