jslayton01
asked on
Services in SUSE?
My question is this...In SUSE, how can I stop these following services below: The problem is, when I go into YAST to look for these services, I can't locate them. Can these be under a different name? I see them LISTENING when I do netstat -pan. Is it under a different name? Also, if I do manage to get stop these running, will it effect the Internet connection? Im using a DHCP DSL connection.
mdnsd Port: 5353
filenet-rpc Port 32769.
mdnsd Port: 5353
filenet-rpc Port 32769.
ASKER
Im running a DSL-modem LAN connection. Thats all. I am not using any USB Network ports, only the standard LAN Card or NIC. But its weird, because I can't locate it under the Yast Services lists.
Could you post a list of the services (under the runlevel editor) that are enabled?
ASKER
Ok ok ok ok ok ok HOLD ON A MINUTE....
While I was going down the list, I noticed that it does have the "mdnsd"....So, my question is, if I disable this, will my Internet connection work fine or not??? I dont want to mess up my system. So thats why I am asking this...
Anyway, here is the rest that are Enabled... Which ones do I have to DISABLE without having my system work improperly. I only use the PC for surfing the Internet and Email only.
alsasound
cron
cups
dbus
earlykbd
earlykdm
earlysyslog
fbset
hal
hwscan
network
nscd (Start Name Service Cache Daemon)
postfix
random
remgr
smbfs
syslog
xolm
While I was going down the list, I noticed that it does have the "mdnsd"....So, my question is, if I disable this, will my Internet connection work fine or not??? I dont want to mess up my system. So thats why I am asking this...
Anyway, here is the rest that are Enabled... Which ones do I have to DISABLE without having my system work improperly. I only use the PC for surfing the Internet and Email only.
alsasound
cron
cups
dbus
earlykbd
earlykdm
earlysyslog
fbset
hal
hwscan
network
nscd (Start Name Service Cache Daemon)
postfix
random
remgr
smbfs
syslog
xolm
ASKER
mdnsd is (mDNSresponder to handle Apple Rendezvous requests) but I am not sure if I need that or not. Is it OK to disable it?
ASKER
And also the bootstrap client which is PORT 68. Thats running also but I can't see it in the Yast services list too.
to see what process is on what port use:
"netstat --inet -pna"
"netstat --inet -pna"
to stop a service use "insserv -r servicename"
or for GUI go to yast and disable there
or for GUI go to yast and disable there
CORRECTION:
to stop a service use "/etc/init.d/servicename stop"
to DISABLE a service use "insserv -r servicename"
or for GUI go to yast and disable there
to stop a service use "/etc/init.d/servicename stop"
to DISABLE a service use "insserv -r servicename"
or for GUI go to yast and disable there
ASKER
Ok I understand....
But my questions is, will STOPPING these services will effect my connection to the Internet or not? Im afraid something will happen to my system if I disable these.
But my questions is, will STOPPING these services will effect my connection to the Internet or not? Im afraid something will happen to my system if I disable these.
ASKER
Also heres my output of the services running. But, For those ports and names that I posted, I need to know there names in the YAST Services List. But the names do not show up in that list in YAST. Can it be under a different name?
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
tcp 0 0 192.168.1.100:45593 69.73.159.57:80 TIME_WAIT -
tcp 0 0 192.168.1.100:45592 69.73.159.57:80 TIME_WAIT -
tcp 0 0 192.168.1.100:52192 212.100.246.90:80 ESTABLISHED 6903/firefox-bin
tcp 0 0 192.168.1.100:56729 64.233.187.99:80 ESTABLISHED 6903/firefox-bin
tcp 0 0 192.168.1.100:35284 66.51.197.166:80 ESTABLISHED 6903/firefox-bin
tcp 0 0 192.168.1.100:35285 66.51.197.166:80 ESTABLISHED 6903/firefox-bin
tcp 0 0 192.168.1.100:35296 66.51.197.166:80 ESTABLISHED 6903/firefox-bin
tcp 0 0 192.168.1.100:35297 66.51.197.166:80 ESTABLISHED 6903/firefox-bin
tcp 0 0 192.168.1.100:34795 66.51.197.168:80 ESTABLISHED 6903/firefox-bin
udp 0 0 0.0.0.0:32769 0.0.0.0:* -
udp 0 0 0.0.0.0:68 0.0.0.0:* -
udp 0 0 0.0.0.0:5353 0.0.0.0:* -
udp 0 0 0.0.0.0:631 0.0.0.0:* -
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
tcp 0 0 192.168.1.100:45593 69.73.159.57:80 TIME_WAIT -
tcp 0 0 192.168.1.100:45592 69.73.159.57:80 TIME_WAIT -
tcp 0 0 192.168.1.100:52192 212.100.246.90:80 ESTABLISHED 6903/firefox-bin
tcp 0 0 192.168.1.100:56729 64.233.187.99:80 ESTABLISHED 6903/firefox-bin
tcp 0 0 192.168.1.100:35284 66.51.197.166:80 ESTABLISHED 6903/firefox-bin
tcp 0 0 192.168.1.100:35285 66.51.197.166:80 ESTABLISHED 6903/firefox-bin
tcp 0 0 192.168.1.100:35296 66.51.197.166:80 ESTABLISHED 6903/firefox-bin
tcp 0 0 192.168.1.100:35297 66.51.197.166:80 ESTABLISHED 6903/firefox-bin
tcp 0 0 192.168.1.100:34795 66.51.197.168:80 ESTABLISHED 6903/firefox-bin
udp 0 0 0.0.0.0:32769 0.0.0.0:* -
udp 0 0 0.0.0.0:68 0.0.0.0:* -
udp 0 0 0.0.0.0:5353 0.0.0.0:* -
udp 0 0 0.0.0.0:631 0.0.0.0:* -
"tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -"
That is sendmail (or Postfix running as sendmail).
"tcp 0 0 192.168.1.100:35284 66.51.197.166:80 ESTABLISHED 6903/firefox-bin"
That is your browser (Firefox, good choice).
"udp 0 0 0.0.0.0:32769 0.0.0.0:* -"
If I'm not mistaken, that's an RCP listener from the r* family - rexecd, rshd, et. al.
That is sendmail (or Postfix running as sendmail).
"tcp 0 0 192.168.1.100:35284 66.51.197.166:80 ESTABLISHED 6903/firefox-bin"
That is your browser (Firefox, good choice).
"udp 0 0 0.0.0.0:32769 0.0.0.0:* -"
If I'm not mistaken, that's an RCP listener from the r* family - rexecd, rshd, et. al.
ASKER
So is it OK to disabled these ports including POstfix?
And what about Port 68 and 5353?? What names do those belong to?
And what about Port 68 and 5353?? What names do those belong to?
ASKER
And the only one is ENABLED on the "Rs" lists is the "resmgr"....
run it as root to see ALL processes
alsasound <- sound daemon, keep
cron <- timed commands scheduler, keep
cups <- printing , remove if not needed
dbus <- hal-reated, keep
earlykbd <- boot, keep
earlykdm <- boot, keep
earlysyslog <- boot, keep
fbset <- framebuffer, keep
hal <- hardware abstraction layer, keep
hwscan <- keep
network <- network initialization, keep
nscd (Start Name Service Cache Daemon) <- keep
postfix <- mail, keep
random <- system random device, keep
remgr <- re(s)mgr ? resource manager for device file access, keep
smbfs <- keep
syslog <- error logs, keep
xolm <- ??? xen ??
morer infos: "grep 'Description:' /etc/rc.d/*"
cron <- timed commands scheduler, keep
cups <- printing , remove if not needed
dbus <- hal-reated, keep
earlykbd <- boot, keep
earlykdm <- boot, keep
earlysyslog <- boot, keep
fbset <- framebuffer, keep
hal <- hardware abstraction layer, keep
hwscan <- keep
network <- network initialization, keep
nscd (Start Name Service Cache Daemon) <- keep
postfix <- mail, keep
random <- system random device, keep
remgr <- re(s)mgr ? resource manager for device file access, keep
smbfs <- keep
syslog <- error logs, keep
xolm <- ??? xen ??
morer infos: "grep 'Description:' /etc/rc.d/*"
ASKER
Ok, here is some detailes here. Remember...I want to disalbe ports 68, 5353, and 32769...So, by looking at this, which names can I find under the Yast Services List? And, my question is, if I disable those ports, will I have problems with my Internet connection?
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 6155/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 6460/master
tcp 0 0 192.168.1.100:54931 66.102.7.147:80 ESTABLISHED 6825/firefox-bin
udp 0 0 0.0.0.0:32769 0.0.0.0:* 5982/mdnsd
udp 0 0 0.0.0.0:68 0.0.0.0:* 5641/dhcpcd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 5982/mdnsd
udp 0 0 0.0.0.0:631 0.0.0.0:* 6155/cupsd
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 6155/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 6460/master
tcp 0 0 192.168.1.100:54931 66.102.7.147:80 ESTABLISHED 6825/firefox-bin
udp 0 0 0.0.0.0:32769 0.0.0.0:* 5982/mdnsd
udp 0 0 0.0.0.0:68 0.0.0.0:* 5641/dhcpcd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 5982/mdnsd
udp 0 0 0.0.0.0:631 0.0.0.0:* 6155/cupsd
port 68 => dhcpcd (DHCP client daemon) will go away if you configure all your interfaces with fixed IP, not DHCP
port 5353 + 32769 => mdnsd - to remove: "insserv -r mdnsd" + "/etc/init.d/mdnsd stop"
port 5353 + 32769 => mdnsd - to remove: "insserv -r mdnsd" + "/etc/init.d/mdnsd stop"
ASKER
But do I need to have mdnsd or not?
ASKER
So, just to confirm, I need the Port 68 because I am NOT using a static IP when connecting to the DSL modem. Also, Im glad to say that I disabled the mdnsd and my system boots up fine.
And what about Port: 25?? Do I need that at all? I do use an email client (Thunderbird).
And what about Port: 25?? Do I need that at all? I do use an email client (Thunderbird).
a) yes
b) 127.0.0.1:25 ==> loopback interfacd, only visible from local machine, not form the internet
b) 127.0.0.1:25 ==> loopback interfacd, only visible from local machine, not form the internet
ASKER
So do I need to disable port 25 too?
no
ASKER
So by judging by the output of Listening services below, am I considered to be secure?
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
tcp 0 0 192.168.1.100:56235 72.3.149.241:80 TIME_WAIT -
tcp 0 0 192.168.1.100:56227 72.3.149.241:80 TIME_WAIT -
tcp 0 0 192.168.1.100:56217 72.3.149.241:80 TIME_WAIT -
tcp 0 0 192.168.1.100:56216 72.3.149.241:80 TIME_WAIT -
tcp 0 0 192.168.1.100:56222 72.3.149.241:80 TIME_WAIT -
udp 0 0 0.0.0.0:68 0.0.0.0:* -
udp 0 0 0.0.0.0:631 0.0.0.0:*
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
tcp 0 0 192.168.1.100:56235 72.3.149.241:80 TIME_WAIT -
tcp 0 0 192.168.1.100:56227 72.3.149.241:80 TIME_WAIT -
tcp 0 0 192.168.1.100:56217 72.3.149.241:80 TIME_WAIT -
tcp 0 0 192.168.1.100:56216 72.3.149.241:80 TIME_WAIT -
tcp 0 0 192.168.1.100:56222 72.3.149.241:80 TIME_WAIT -
udp 0 0 0.0.0.0:68 0.0.0.0:* -
udp 0 0 0.0.0.0:631 0.0.0.0:*
firewall or disable cups (631/tcp)
firewall dhcp (68/udp) or use static IP if possible
firewall dhcp (68/udp) or use static IP if possible
ASKER
But am I even close to being secure or not secure at all?
if you close cups and dhcp - yes
there are no ports left open for attack
activating the SUSE firewall in Yast doesn't hurt - just in case you accidentially restart some service :-)
there are no ports left open for attack
activating the SUSE firewall in Yast doesn't hurt - just in case you accidentially restart some service :-)
ASKER
Ok...I know, but If I DISABLE those services will my Internet connection work? Thats all I am asking.
ASKER
Also, I disabled CUPS in the past I my printer did not respond to print operations. How can I disable CUPS and print at the same time? And what about port 68? What will happen if I disable that?
ASKER
I dont know why I am being left out in the cold here....Can someone please reply to this?
ASKER
All I want to know is how can I still print even If the CUPS service is DISABLED? Thats all I want to know.
ASKER
Or, how would disabling port 68 can effect my Internet connection? Can it effect it? Thats all Im asking for.....I thought this was really an "experts" forum...Beats me.
Go to Yast - Hardware - printer
change printer configuration - set cups to accept only local connections
change printer configuration - set cups to accept only local connections
ASKER
Ok, what about port 68?? Should I disable that too?
ASKER
Also, in YAST, can you please tell me in detail on how to do this within Yast to have CUPS accept only local connections? Thanks
ASKER
OK, if thats all done in YAST, will I have to also disable the CUPS service under the YAST services list?
ASKER
I am still VERY VERY CONFUSED here sorry to say... People are not giving me details here. I went Yast's printing configuration settings and I dont know what to do in there. Do I go to the Set Permissions??? It says Full CUPS Server Installation. Or, do I need to DENY or ALLOW access to which local IP address??
Help me out please.....I am still confused here like crazy. I dont know what to do.
And Im tired from the lack of responses latetly....Or, no one seems to be using SUSE anymore. Please this is very very important here.
Help me out please.....I am still confused here like crazy. I dont know what to do.
And Im tired from the lack of responses latetly....Or, no one seems to be using SUSE anymore. Please this is very very important here.
ASKER
Ok, I set ALLOW,DENY to Allow to 127.0.0.1.
And plus, I disabled CUPS in the services....Still, I can't print.
And plus, I disabled CUPS in the services....Still, I can't print.
ASKER
I am really lost now. Where in the Print Settings or Permissions what do I have to do? I tried everything here but my printing does not work.
And after the Print settings configuration, do I have disable cups in the services list?
You are not being detailed here. I want someone to be very very detailed on what to do here.
And after the Print settings configuration, do I have disable cups in the services list?
You are not being detailed here. I want someone to be very very detailed on what to do here.
I'm sorry to hear that you are having a hard time with SuSE, but most people here answer questions based upon specific questions..not general info as you require. To do so would require lots of time that most people here cannot dedicate to you. I would suggest that you read the administration manual that comes with SuSE (assuming that you bought it boxed), as it goes into great detail about what each service is for and the configuration options. SuSE is designed to be secure by default out of the box as long as you ENABLE the firewall (as has been mentioned here by other posters). Enable the firewall and you will be safe to connect to the web, as no services are open by default. Also as mentioned CUPS is NOT visable to outside (unless you enable a hole in your firewall to allow this!!!)
Please rememeber that people who answer here do so out of kindness to others..multiple repeated questions under just one header question is unlikely to get you many responses. If your having difficulty getting answer try upping the points reward (as this will encourage people to answer), but try and contain your questions to just a few specific ones.
Please rememeber that people who answer here do so out of kindness to others..multiple repeated questions under just one header question is unlikely to get you many responses. If your having difficulty getting answer try upping the points reward (as this will encourage people to answer), but try and contain your questions to just a few specific ones.
And yes you will need either CUPS or lpd to be able to print.
ASKER
I want to manually disable CUPS in order for it NOT to be as Listening inder NETSTAT -PAN. Thats my concern here. My question is, can I do that and still be able to print? I want to diable CUPS from LISTENING but still able to print.
ASKER
Also, I am using the Linksys Firewall Router and everything is stealthed (without the Suse firewall enabled).... But why does it show as LISTENING under netstat?
ASKER
Ok.....for those who dont understand on what I want to accomplish here...well, here I go. Under netstat, I want to have NO LISTENING ports whatsoever seen. That makes me more secure.
However, I just Probed Port 631 and it came up stealth...So, why is it listening undet NETSTAT -PAN?
However, I just Probed Port 631 and it came up stealth...So, why is it listening undet NETSTAT -PAN?
A process can still be listening without any traffic going to that port. If you set the SUSE firewall to on and set no open ports on your linksys then it will be safe from port probes from the internet. It's the same analogy as if I was locked in a sound proof room, even though I no sound gets to me ...I can still hear!! You WILL need to enable either CUPS or LPD to be able to print as these are the print daemons that talk to the hardware (same as windows has a built in printer daemon), for the buffering and queuing of jobs. If you disable it you will not be able to print ..it's as simple as that.
Netstat only shows processes on the LOCAL system that are listening...not their visablility to the internet..if you want to check that out I suggest you take a hop over to:
https://www.grc.com/x/ne.dll?bh0bkyd2
and run the full port scan..it will quickly show you if anything is open.
Netstat only shows processes on the LOCAL system that are listening...not their visablility to the internet..if you want to check that out I suggest you take a hop over to:
https://www.grc.com/x/ne.dll?bh0bkyd2
and run the full port scan..it will quickly show you if anything is open.
ASKER
I probed ALL of my ports and ALL ARE STEALTHED... Considering the fact that the SUSEFirewall is in fact DISABLED because I have the router thats doing all the firewalling.
And BTW, does the SUSE-firewall do Stateful Packeting or only NAT? And which is a better firewall? A Stateful Packet kind or a NAT firewall? But which kind of firewall is the SUSE-firewall?
And BTW, does the SUSE-firewall do Stateful Packeting or only NAT? And which is a better firewall? A Stateful Packet kind or a NAT firewall? But which kind of firewall is the SUSE-firewall?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
How do I do the points? This forum is way different (AND WAY WAY WAY BETTER) than the other ones.... since I dont know how to establish points, thanks to all of you and Im sorry for my outburts.
BTW, how can tell if SuseFirewall2 is doing SPI??? Please explain...
Also, I dont know how to create iptables, so will the SuseFirewall2 be able to function properly WITHOUT me having to create iptables rulesets???
And....ARE YOU REALLY REALLY SURE that the SUSE-Firewall2 DOES Stateful Packet Inspection? In the book, it only states that it does Packet Filter or NAT... Please explain. will you please?
BTW, how can tell if SuseFirewall2 is doing SPI??? Please explain...
Also, I dont know how to create iptables, so will the SuseFirewall2 be able to function properly WITHOUT me having to create iptables rulesets???
And....ARE YOU REALLY REALLY SURE that the SUSE-Firewall2 DOES Stateful Packet Inspection? In the book, it only states that it does Packet Filter or NAT... Please explain. will you please?
ASKER
Oh, and could I CLOSE this forum??? And plus, how can I CLOSE all my rest of my topics. I hate seeing them pile up....
Not exactly sure what filenet is, but I think it might be a lowlevel web caching daemon. I'm on SuSE9.2 and I see neither of these, so not sure what services you could possible stop to get rid of them.