Netstat -lantu

yeleek · November 23, 2009, 1:32pm

Hey,

Fresh install of opensuse - virtualbox, rkhunter, etc etc installed.

As su carry out netstat -lantu and get this


Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      
udp        0      0 0.0.0.0:696             0.0.0.0:*                           
udp        0      0 0.0.0.0:68              0.0.0.0:*                           
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           
udp        0      0 0.0.0.0:111             0.0.0.0:*                           
udp        0      0 0.0.0.0:631             0.0.0.0:*                           
udp        0      0 0.0.0.0:55552           0.0.0.0:*

Why are these services listening? I’ve certainly not configured SSH (22) for example

Regards

Chrysantine · November 23, 2009, 1:47pm

You didn’t say which version of openSUSE, pre-11.2 sshd is enabled by default.

111 is portmapper, 631 is CUPS, 25 is postfix, 5353 is mdns and so forth - all of those services are “enabled by default” and since you have firewall up (I hope) they’re also walled in.

ken_yap · November 23, 2009, 2:16pm

I also wonder if you are looking at the right box, since by default openSUSE’s postfix listens only on 127.0.0.1:25. And you’ve got something listening on port 68 which is for DHCP client daemon. It doesn’t look like a default openSUSE install at all. Either it’s not, or you changed the defaults before installing.

yeleek · November 23, 2009, 2:37pm

Hi - sorry am on 11.2.

And it is a default install from the gnome cd, its a single workstation with the only dhcp server being provided via the router.

Yes iptables is running

Just a tad surprised to be honest - as I thought an initial install of OpenSuse started with no ports open by default?

Chrysantine · November 23, 2009, 2:40pm

Well it has ports open for various services but since the firewall goes up before the networking kicks in, it’s not an issue.

Minimal install has nothing open, absolutely nothing. Then again it includes nothing either

yeleek · November 23, 2009, 2:58pm

Indeed not

Would you be concerned with those services opening? Even with a fw in place?

Thanks

Chrysantine · November 23, 2009, 3:58pm

No, they’re all firewalled tightly - many of them offer additional functionality for workstations. Unless you’re extremely paranoid or intend to run without an FW, I would just leave them as they are.

yeleek · November 23, 2009, 4:33pm

Great - Thank you