% nmap localhost Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on localhost.localdomain (127.0.0.1): (The 1596 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 631/tcp open ipp 6000/tcp open X11 Nmap run completed -- 1 IP address (1 host up) scanned in 2 secondsyou could question if you really need an ssh server running (i.e. do you need to ssh into your laptop). But as long as you're up to date on ssh, you should be fine.
Common example of things you should most likely not have open are: sendmail, smtp, ftp, login, shell, sunrcp, http
make clean sense # <-- rebuild the package ./chkrootkit ./chkproc ./ifpromisc ./chklastlog ./chkwtmp ./check_wtmpx
% rpm -Va > rpm0.log and
Some of the comments here may be somewhat more specific to a RedHat (5.2/6.0 at the time of this writing), but we will try and avoid being distribution specific. I am also assuming you are somewhat familiar with the tools to configure your machine, but here is outlined what you do. Not why.
Historically Linux machines open on the Internet have often been broken into, mostly because their owners did not properly secure them. Please consult the security tips and links therein how to make your machine less vulnerable to attacks. Be very serious about this, especially if you frequently have your machine "on the net" and escpecially if under a fixed IP. ("don't look for us, we'll find you").
Changing settings in the system files that are listed below normally do not require you to reboot your machine, but often do need you to restart certain daemons. If you don't know them, rebooting is the safest way. (*** need to add which PID's to restart below ***)
/sbin/ifconfig | grep HWaddr and give Ohlmacher, Sebok or me your HWaddr. (a number like 00:08:74:3A:3F:21 )(this assumes your card is supported by Linux). For Windows there are two commands, depending on which version. Try winipcfg (Win95/98) or ipconfig (Win NT/2k). On XP i also found this to work: Control Panel -> Network Connection -> LAN (or whichever device) -> Support -> Details. For MacOSX use something like ifconfig en0 and find the ether address.
domain astro.umd.edu nameserver 22.214.171.124 nameserver 126.96.36.199 nameserver 188.8.131.52
alias netup '/etc/sysconfig/network-scripts/ifup eth0' alias netdown '/etc/sysconfig/network-scripts/ifdown eth0' alias modemup '/etc/sysconfig/network-scripts/ifup ppp0' alias modemdown '/etc/sysconfig/network-scripts/ifdown ppp0'
# UMD Astronomy Department printers: astro2:lp=:rm=astro2:sd=/var/spool/lpd:rp=ps:lf=/var/log/lpd-errs: bima:lp=:rm=bima:sd=/var/spool/lpd:rp=ps:lf=/var/log/lpd-errs: bima2:lp=:rm=bima2:sd=/var/spool/lpd:rp=ps:lf=/var/log/lpd-errs:See /etc/printers.conf for the table of (Solaris) printers on which machine they reside. For older versions of redhat (6.2 and below) the printer configuration tool (printtool) is pretty self-explanatory, and will create entries in your /etc/printcap file. Just follow "add" | "remote unix" and add your favorite printer:
Name: astro2 Spool directory: /var/spool/lpd/astro2 File limit: 0 Remote host: earth Remote queue: astro2 Input filter: <The newer distributions (rh7+) come with a tool "printconf-gui", that generates the /etc/printcap file from a database in /etc/alchemist/namespace/printconf (yes, don't ask).
click New click Next fill in Queue name [astro2], select Unix Printer (LPD) and click Next Server: fill in machine assosiated with the printer [earth.astro.umd.edu] Queue: fill in the proper queue name on that server [astro2] Select appropriate printer, Postscript printer is usually OK. click Finish click Apply (this will build the /etc/printcap file, and restart lpd)Now you're ready to print. Another handy thing is, if you have multiple entries in the printcap file, to select the appropriate one to be the default printer.
Especially for laptops that change location, maintaining pleasant default printers will need some kind of work. Apart from the described standard method, with or without a technique like eth_configure, you can also use a package called rlpr, which allows a simple syntax such as
rlpr --printer=astro2@earth junk.ps
Since CUPS is now used in the department, best is to use the IPP service instead of the classic LPD. Use your web-browser to point to e.g. http://gaia.astro.umd.edu:631/printers (use lynx in a unix shell if you're not within the astro subnet). Some sample entries of the Server/Path combination you will need:
hyperion.astro.umd.edu /printers/bima2 earth.astro.umd.edu /printers/astro2 kuma.astro.umd.edu /printers/taurus Note, as we speak (feb 2006) the color printer (tek860) is an exception, use LPD with server luna and port tek860.
/ *.astro.umd.edu(rw) /cdrom *.astro.umd.edu(ro) /DOS *.astro.umd.edu(rw)Note that you can also replace the '*' with your machine name if you only allow one machine to mount your laptop partitions.
taurusp:/ - /taurusp/root nfs - no - taurusp:/DOS - /taurusp/dos nfs - no - taurusp:/cdrom - /taurusp/cdrom nfs - no -where "taurusp" is the name of the laptop. Also be sure to create the directories /taurusp/root, /taurusp/dos, /taurusp/cdrom (all as root).
# At UMD: # if you're not in /local/etc/hostlist # make sure you're in /etc/hosts.equiv, by editing /etc/hosts.share # and executing 'cd /etc/dfs; sh dfstab' # which will create a new /etc/dfs/sharetab # You can then 'mount -f nfs machine:/disk /disk' on your linux laptop apus:/apus /apus nfs defaults,noauto,user 0 0 apus:/lma2 /lma2 nfs defaults,noauto,user 0 0
Of course I haven't used PPP in ages, thanks to various broadbands available locally.
smbmount //CLIENT/c /client/cwill mount the "C" drive from a machine called CLIENT to your /client/c mount point. The smbmount may not be available through samba, but another package.
"My Computer" | "C" | File | Sharingto turn that on.
# this assumes you've got masquerading turned on # and are using a local network 192.168.1.x w/ netmask 255.255.255.0 ipfwadm -F -p deny ipfwadm -F -a masquerade -S 192.168.1.0/24 -D 0.0.0.0/0 # depending on kernel config, you may need to add a few of these: insmod ip_masq_ftpKernel modules to aid masquerading live in /lib/modules/*/ipv4