annuncio

Comprimi
Ancora nessun annuncio.

Come blindare chiudendo le porte

Comprimi
X
  • Filtro
  • Ora
  • Visualizza
Elimina tutto
nuovi messaggi

  • Come blindare chiudendo le porte

    Per tanto né approfitto per complimentarmi con i Moderatori del Forum ed ovviamente anche con gli sviluppatori di questa magnifica immagine.
    Come da titolo , desidero chiudere o cambiare alcune porte in modo da blindare nel miglior modo possibile l'apparecchio, un ZGemma i 55.Ho visto che per default c'è il plugin OpenWebif, che come noto ci consente cambiare , in particolar modo la porta 80, ma mi serve relativamente, vorrei proprio chiudere le porte 21 Ftp, 22 SSh e la 23 Telnet...ho provato anche a cambiarli da etc/services e poi riavviato, ma senza alcun successo...c'è anche da dire, che da plugin ovviamente OpenWebif è comunque raggiungibile e quindi cambiando li , l'utente finale potrebbe sempre cambiare le porte...quindi ad esempio non esiste un modo per nascondere i plugin??...lo so, basterebbe mettere un parental code, ma alcuni altri plugin invece sono necessari...chi di voi mi può dare una mano??...Grazie in Anticipo

  • #2
    Possibile che nessuno mi possa dare una mano??...eppure è una richiesta, almeno credo, non difficile!!...il problema di nascondere i plugin l'ho risolto , alterrando il file menu.xml presente su /usr/share/enigma2...riesco anche a chiudere le porte da gestione software...a me serve capire quali file vengono cambiati, tutti qui!!

    Commenta


    • #3
      Originariamente inviato da ercocco Visualizza il messaggio
      vorrei proprio chiudere le porte 21 Ftp, 22 SSh e la 23 Telnet
      Le porte le puoi editare come meglio credi, la puoi persino celare con un hashtag anteposto alla porta. i file li trovi in /etc/services e /etc/vsftpd.conf
      codice:
      # Network services, Internet style
      #
      # Note that it is presently the policy of IANA to assign a single well-known
      # port number for both TCP and UDP; hence, officially ports have two entries
      # even if the protocol doesn't support UDP operations.
      #
      # Updated from http://www.iana.org/assignments/port-numbers and other
      # sources like http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/services .
      # New ports will be added on request if they have been officially assigned
      # by IANA and used in the real-world or are needed by a debian package.
      # If you need a huge list of used numbers please install the nmap package.
      
      tcpmux        1/tcp                # TCP port service multiplexer
      echo        7/tcp
      echo        7/udp
      discard        9/tcp        sink null
      discard        9/udp        sink null
      systat        11/tcp        users
      daytime        13/tcp
      daytime        13/udp
      netstat        15/tcp
      qotd        17/tcp        quote
      msp        18/tcp                # message send protocol
      msp        18/udp
      chargen        19/tcp        ttytst source
      chargen        19/udp        ttytst source
      ftp-data    20/tcp
      ftp        21/tcp
      fsp        21/udp        fspd
      ssh        22/tcp                # SSH Remote Login Protocol
      telnet        23/tcp
      smtp        25/tcp        mail
      time        37/tcp        timserver
      time        37/udp        timserver
      rlp        39/udp        resource    # resource location
      nameserver    42/tcp        name        # IEN 116
      whois        43/tcp        nicname
      tacacs        49/tcp                # Login Host Protocol (TACACS)
      tacacs        49/udp
      re-mail-ck    50/tcp                # Remote Mail Checking Protocol
      re-mail-ck    50/udp
      domain        53/tcp                # Domain Name Server
      domain        53/udp
      tacacs-ds    65/tcp                # TACACS-Database Service
      tacacs-ds    65/udp
      bootps        67/tcp                # BOOTP server
      bootps        67/udp
      bootpc        68/tcp                # BOOTP client
      bootpc        68/udp
      tftp        69/udp
      gopher        70/tcp                # Internet Gopher
      finger        79/tcp
      http        80/tcp        www        # WorldWideWeb HTTP
      link        87/tcp        ttylink
      kerberos    88/tcp        kerberos5 krb5 kerberos-sec    # Kerberos v5
      kerberos    88/udp        kerberos5 krb5 kerberos-sec    # Kerberos v5
      supdup        95/tcp
      hostnames    101/tcp        hostname    # usually from sri-nic
      iso-tsap    102/tcp        tsap        # part of ISODE
      acr-nema    104/tcp        dicom        # Digital Imag. & Comm. 300
      acr-nema    104/udp        dicom
      csnet-ns    105/tcp        cso-ns        # also used by CSO name server
      csnet-ns    105/udp        cso-ns
      rtelnet        107/tcp                # Remote Telnet
      rtelnet        107/udp
      pop3        110/tcp        pop-3        # POP version 3
      sunrpc        111/tcp        portmapper rpcbind # RPC 4.0 portmapper
      sunrpc        111/udp        portmapper rpcbind
      auth        113/tcp        authentication tap ident
      sftp        115/tcp
      nntp        119/tcp        readnews untp    # USENET News Transfer Protocol
      ntp        123/tcp
      ntp        123/udp                # Network Time Protocol
      pwdgen        129/tcp                # PWDGEN service
      pwdgen        129/udp
      loc-srv        135/tcp        epmap        # Location Service
      loc-srv        135/udp        epmap
      netbios-ns    137/tcp                # NETBIOS Name Service
      netbios-ns    137/udp
      netbios-dgm    138/tcp                # NETBIOS Datagram Service
      netbios-dgm    138/udp
      netbios-ssn    139/tcp                # NETBIOS session service
      netbios-ssn    139/udp
      imap2        143/tcp        imap        # Interim Mail Access P 2 and 4
      snmp        161/tcp                # Simple Net Mgmt Protocol
      snmp        161/udp
      snmp-trap    162/tcp        snmptrap    # Traps for SNMP
      snmp-trap    162/udp        snmptrap
      cmip-man    163/tcp                # ISO mgmt over IP (CMOT)
      cmip-man    163/udp
      cmip-agent    164/tcp
      cmip-agent    164/udp
      mailq        174/tcp            # Mailer transport queue for Zmailer
      mailq        174/udp
      xdmcp        177/tcp                # X Display Mgr. Control Proto
      xdmcp        177/udp
      nextstep    178/tcp        NeXTStep NextStep    # NeXTStep window
      nextstep    178/udp        NeXTStep NextStep    #  server
      bgp        179/tcp                # Border Gateway Protocol
      irc        194/tcp                # Internet Relay Chat
      irc        194/udp
      smux        199/tcp                # SNMP Unix Multiplexer
      smux        199/udp
      at-rtmp        201/tcp                # AppleTalk routing
      at-rtmp        201/udp
      at-nbp        202/tcp                # AppleTalk name binding
      at-nbp        202/udp
      at-echo        204/tcp                # AppleTalk echo
      at-echo        204/udp
      at-zis        206/tcp                # AppleTalk zone information
      at-zis        206/udp
      qmtp        209/tcp                # Quick Mail Transfer Protocol
      qmtp        209/udp
      z3950        210/tcp        wais        # NISO Z39.50 database
      z3950        210/udp        wais
      ipx        213/tcp                # IPX
      ipx        213/udp
      pawserv        345/tcp                # Perf Analysis Workbench
      pawserv        345/udp
      zserv        346/tcp                # Zebra server
      zserv        346/udp
      fatserv        347/tcp                # Fatmen Server
      fatserv        347/udp
      rpc2portmap    369/tcp
      rpc2portmap    369/udp                # Coda portmapper
      codaauth2    370/tcp
      codaauth2    370/udp                # Coda authentication server
      clearcase    371/tcp        Clearcase
      clearcase    371/udp        Clearcase
      ulistserv    372/tcp                # UNIX Listserv
      ulistserv    372/udp
      ldap        389/tcp            # Lightweight Directory Access Protocol
      ldap        389/udp
      imsp        406/tcp            # Interactive Mail Support Protocol
      imsp        406/udp
      svrloc        427/tcp                # Server Location
      svrloc        427/udp
      https        443/tcp                # http protocol over TLS/SSL
      snpp        444/tcp                # Simple Network Paging Protocol
      snpp        444/udp
      microsoft-ds    445/tcp                # Microsoft Naked CIFS
      microsoft-ds    445/udp
      kpasswd        464/tcp
      kpasswd        464/udp
      urd        465/tcp        ssmtp smtps  # URL Rendesvous Directory for SSM
      saft        487/tcp            # Simple Asynchronous File Transfer
      saft        487/udp
      isakmp        500/tcp            # IPsec - Internet Security Association
      isakmp        500/udp            #  and Key Management Protocol
      rtsp        554/tcp            # Real Time Stream Control Protocol
      rtsp        554/udp
      nqs        607/tcp                # Network Queuing system
      nqs        607/udp
      npmp-local    610/tcp        dqs313_qmaster        # npmp-local / DQS
      npmp-local    610/udp        dqs313_qmaster
      npmp-gui    611/tcp        dqs313_execd        # npmp-gui / DQS
      npmp-gui    611/udp        dqs313_execd
      hmmp-ind    612/tcp        dqs313_intercell    # HMMP Indication / DQS
      hmmp-ind    612/udp        dqs313_intercell
      asf-rmcp    623/udp        # ASF Remote Management and Control Protocol
      qmqp        628/tcp
      qmqp        628/udp
      ipp        631/tcp                # Internet Printing Protocol
      ipp        631/udp
      #
      # UNIX specific services
      #
      exec        512/tcp
      biff        512/udp        comsat
      login        513/tcp
      who        513/udp        whod
      shell        514/tcp        cmd        # no passwords used
      syslog        514/udp
      printer        515/tcp        spooler        # line printer spooler
      talk        517/udp
      ntalk        518/udp
      route        520/udp        router routed    # RIP
      timed        525/udp        timeserver
      tempo        526/tcp        newdate
      courier        530/tcp        rpc
      conference    531/tcp        chat
      netnews        532/tcp        readnews
      netwall        533/udp                # for emergency broadcasts
      gdomap        538/tcp                # GNUstep distributed objects
      gdomap        538/udp
      uucp        540/tcp        uucpd        # uucp daemon
      klogin        543/tcp                # Kerberized `rlogin' (v5)
      kshell        544/tcp        krcmd        # Kerberized `rsh' (v5)
      dhcpv6-client    546/tcp
      dhcpv6-client    546/udp
      dhcpv6-server    547/tcp
      dhcpv6-server    547/udp
      afpovertcp    548/tcp                # AFP over TCP
      afpovertcp    548/udp
      idfp        549/tcp
      idfp        549/udp
      remotefs    556/tcp        rfs_server rfs    # Brunhoff remote filesystem
      nntps        563/tcp        snntp        # NNTP over SSL
      submission    587/tcp                # Submission [RFC4409]
      ldaps        636/tcp                # LDAP over SSL
      ldaps        636/udp
      tinc        655/tcp                # tinc control port
      tinc        655/udp
      silc        706/tcp
      silc        706/udp
      kerberos-adm    749/tcp                # Kerberos `kadmin' (v5)
      #
      webster        765/tcp                # Network dictionary
      webster        765/udp
      rsync        873/tcp
      ftps-data    989/tcp                # FTP over SSL (data)
      ftps        990/tcp
      telnets        992/tcp                # Telnet over SSL
      imaps        993/tcp                # IMAP over SSL
      pop3s        995/tcp                # POP-3 over SSL
      #
      # From ``Assigned Numbers'':
      #
      #> The Registered Ports are not controlled by the IANA and on most systems
      #> can be used by ordinary user processes or programs executed by ordinary
      #> users.
      #
      #> Ports are used in the TCP [45,106] to name the ends of logical
      #> connections which carry long term conversations.  For the purpose of
      #> providing services to unknown callers, a service contact port is
      #> defined.  This list specifies the port used by the server process as its
      #> contact port.  While the IANA can not control uses of these ports it
      #> does register or list uses of these ports as a convienence to the
      #> community.
      #
      socks        1080/tcp            # socks proxy server
      socks        1080/udp
      proofd        1093/tcp
      proofd        1093/udp
      rootd        1094/tcp
      rootd        1094/udp
      openvpn        1194/tcp
      openvpn        1194/udp
      rmiregistry    1099/tcp            # Java RMI Registry
      rmiregistry    1099/udp
      kazaa        1214/tcp
      kazaa        1214/udp
      nessus        1241/tcp            # Nessus vulnerability
      nessus        1241/udp            #  assessment scanner
      lotusnote    1352/tcp    lotusnotes    # Lotus Note
      lotusnote    1352/udp    lotusnotes
      ms-sql-s    1433/tcp            # Microsoft SQL Server
      ms-sql-s    1433/udp
      ms-sql-m    1434/tcp            # Microsoft SQL Monitor
      ms-sql-m    1434/udp
      ingreslock    1524/tcp
      ingreslock    1524/udp
      datametrics    1645/tcp    old-radius
      datametrics    1645/udp    old-radius
      sa-msg-port    1646/tcp    old-radacct
      sa-msg-port    1646/udp    old-radacct
      kermit        1649/tcp
      kermit        1649/udp
      groupwise    1677/tcp
      groupwise    1677/udp
      l2f        1701/tcp    l2tp
      l2f        1701/udp    l2tp
      radius        1812/tcp
      radius        1812/udp
      radius-acct    1813/tcp    radacct        # Radius Accounting
      radius-acct    1813/udp    radacct
      msnp        1863/tcp            # MSN Messenger
      msnp        1863/udp
      unix-status    1957/tcp            # remstats unix-status server
      log-server    1958/tcp            # remstats log server
      remoteping    1959/tcp            # remstats remoteping server
      cisco-sccp    2000/tcp            # Cisco SCCP
      cisco-sccp    2000/udp
      search        2010/tcp    ndtp
      pipe-server    2010/tcp    pipe_server
      nfs        2049/tcp            # Network File System
      nfs        2049/udp            # Network File System
      gnunet        2086/tcp
      gnunet        2086/udp
      rtcm-sc104    2101/tcp            # RTCM SC-104 IANA 1/29/99
      rtcm-sc104    2101/udp
      gsigatekeeper    2119/tcp
      gsigatekeeper    2119/udp
      gris        2135/tcp        # Grid Resource Information Server
      gris        2135/udp
      cvspserver    2401/tcp            # CVS client/server operations
      cvspserver    2401/udp
      venus        2430/tcp            # codacon port
      venus        2430/udp            # Venus callback/wbc interface
      venus-se    2431/tcp            # tcp side effects
      venus-se    2431/udp            # udp sftp side effect
      codasrv        2432/tcp            # not used
      codasrv        2432/udp            # server port
      codasrv-se    2433/tcp            # tcp side effects
      codasrv-se    2433/udp            # udp sftp side effect
      mon        2583/tcp            # MON traps
      mon        2583/udp
      dict        2628/tcp            # Dictionary server
      dict        2628/udp
      f5-globalsite    2792/tcp
      f5-globalsite    2792/udp
      gsiftp        2811/tcp
      gsiftp        2811/udp
      gpsd        2947/tcp
      gpsd        2947/udp
      gds-db        3050/tcp    gds_db        # InterBase server
      gds-db        3050/udp    gds_db
      icpv2        3130/tcp    icp        # Internet Cache Protocol
      icpv2        3130/udp    icp
      isns        3205/tcp            # iSNS Server Port
      isns        3205/udp            # iSNS Server Port
      iscsi-target    3260/tcp
      mysql        3306/tcp
      mysql        3306/udp
      nut        3493/tcp            # Network UPS Tools
      nut        3493/udp
      distcc        3632/tcp            # distributed compiler
      distcc        3632/udp
      daap        3689/tcp            # Digital Audio Access Protocol
      daap        3689/udp
      svn        3690/tcp    subversion    # Subversion protocol
      svn        3690/udp    subversion
      suucp        4031/tcp            # UUCP over SSL
      suucp        4031/udp
      sysrqd        4094/tcp            # sysrq daemon
      sysrqd        4094/udp
      sieve        4190/tcp            # ManageSieve Protocol
      epmd        4369/tcp            # Erlang Port Mapper Daemon
      epmd        4369/udp
      remctl        4373/tcp        # Remote Authenticated Command Service
      remctl        4373/udp
      f5-iquery    4353/tcp            # F5 iQuery
      f5-iquery    4353/udp
      ipsec-nat-t    4500/udp            # IPsec NAT-Traversal [RFC3947]
      iax        4569/tcp            # Inter-Asterisk eXchange
      iax        4569/udp
      mtn        4691/tcp            # monotone Netsync Protocol
      mtn        4691/udp
      radmin-port    4899/tcp            # RAdmin Port
      radmin-port    4899/udp
      rfe        5002/udp            # Radio Free Ethernet
      rfe        5002/tcp
      mmcc        5050/tcp    # multimedia conference control tool (Yahoo IM)
      mmcc        5050/udp
      sip        5060/tcp            # Session Initiation Protocol
      sip        5060/udp
      sip-tls        5061/tcp
      sip-tls        5061/udp
      aol        5190/tcp            # AIM
      aol        5190/udp
      xmpp-client    5222/tcp    jabber-client    # Jabber Client Connection
      xmpp-client    5222/udp    jabber-client
      xmpp-server    5269/tcp    jabber-server    # Jabber Server Connection
      xmpp-server    5269/udp    jabber-server
      cfengine    5308/tcp
      cfengine    5308/udp
      mdns        5353/tcp            # Multicast DNS
      mdns        5353/udp
      postgresql    5432/tcp    postgres    # PostgreSQL Database
      postgresql    5432/udp    postgres
      freeciv        5556/tcp    rptp        # Freeciv gameplay
      freeciv        5556/udp
      amqps        5671/tcp            # AMQP protocol over TLS/SSL
      amqp        5672/tcp
      amqp        5672/udp
      amqp        5672/sctp
      ggz        5688/tcp            # GGZ Gaming Zone
      ggz        5688/udp
      x11        6000/tcp    x11-0        # X Window System
      x11        6000/udp    x11-0
      x11-1        6001/tcp
      x11-1        6001/udp
      x11-2        6002/tcp
      x11-2        6002/udp
      x11-3        6003/tcp
      x11-3        6003/udp
      x11-4        6004/tcp
      x11-4        6004/udp
      x11-5        6005/tcp
      x11-5        6005/udp
      x11-6        6006/tcp
      x11-6        6006/udp
      x11-7        6007/tcp
      x11-7        6007/udp
      gnutella-svc    6346/tcp            # gnutella
      gnutella-svc    6346/udp
      gnutella-rtr    6347/tcp            # gnutella
      gnutella-rtr    6347/udp
      sge-qmaster    6444/tcp    sge_qmaster    # Grid Engine Qmaster Service
      sge-qmaster    6444/udp    sge_qmaster
      sge-execd    6445/tcp    sge_execd    # Grid Engine Execution Service
      sge-execd    6445/udp    sge_execd
      mysql-proxy    6446/tcp            # MySQL Proxy
      mysql-proxy    6446/udp
      babel        6696/udp            # Babel Routing Protocol
      ircs-u        6697/tcp        # Internet Relay Chat via TLS/SSL
      afs3-fileserver 7000/tcp    bbs        # file server itself
      afs3-fileserver 7000/udp    bbs
      afs3-callback    7001/tcp            # callbacks to cache managers
      afs3-callback    7001/udp
      afs3-prserver    7002/tcp            # users & groups database
      afs3-prserver    7002/udp
      afs3-vlserver    7003/tcp            # volume location database
      afs3-vlserver    7003/udp
      afs3-kaserver    7004/tcp            # AFS/Kerberos authentication
      afs3-kaserver    7004/udp
      afs3-volser    7005/tcp            # volume managment server
      afs3-volser    7005/udp
      afs3-errors    7006/tcp            # error interpretation service
      afs3-errors    7006/udp
      afs3-bos    7007/tcp            # basic overseer process
      afs3-bos    7007/udp
      afs3-update    7008/tcp            # server-to-server updater
      afs3-update    7008/udp
      afs3-rmtsys    7009/tcp            # remote cache manager service
      afs3-rmtsys    7009/udp
      font-service    7100/tcp    xfs        # X Font Service
      font-service    7100/udp    xfs
      http-alt    8080/tcp    webcache    # WWW caching service
      http-alt    8080/udp
      puppet        8140/tcp            # The Puppet master service
      bacula-dir    9101/tcp            # Bacula Director
      bacula-dir    9101/udp
      bacula-fd    9102/tcp            # Bacula File Daemon
      bacula-fd    9102/udp
      bacula-sd    9103/tcp            # Bacula Storage Daemon
      bacula-sd    9103/udp
      xmms2        9667/tcp    # Cross-platform Music Multiplexing System
      xmms2        9667/udp
      nbd        10809/tcp            # Linux Network Block Device
      zabbix-agent    10050/tcp            # Zabbix Agent
      zabbix-agent    10050/udp
      zabbix-trapper    10051/tcp            # Zabbix Trapper
      zabbix-trapper    10051/udp
      amanda        10080/tcp            # amanda backup services
      amanda        10080/udp
      dicom        11112/tcp
      hkp        11371/tcp            # OpenPGP HTTP Keyserver
      hkp        11371/udp
      bprd        13720/tcp            # VERITAS NetBackup
      bprd        13720/udp
      bpdbm        13721/tcp            # VERITAS NetBackup
      bpdbm        13721/udp
      bpjava-msvc    13722/tcp            # BP Java MSVC Protocol
      bpjava-msvc    13722/udp
      vnetd        13724/tcp            # Veritas Network Utility
      vnetd        13724/udp
      bpcd        13782/tcp            # VERITAS NetBackup
      bpcd        13782/udp
      vopied        13783/tcp            # VERITAS NetBackup
      vopied        13783/udp
      db-lsp        17500/tcp            # Dropbox LanSync Protocol
      dcap        22125/tcp            # dCache Access Protocol
      gsidcap        22128/tcp            # GSI dCache Access Protocol
      wnn6        22273/tcp            # wnn6
      wnn6        22273/udp
      
      # Local services
      Ultima modifica di formiano; 08-06-2017, 21: 16.

      Commenta


      • #4
        Mi spiace deluderti, nonostante l'hastag anteposto a telnet, la stessa rimane comunque aperto!!

        Commenta


        • #5
          Tre cose... uno passa per la sezione PRESENTATI AL FORUM!

          Due... la risposta del terminale
          opendroid@opendroid-System-Product-Name:~$ telnet 192.168.1.121Trying 192.168.1.121...
          telnet: Unable to connect to remote host: Connection refused
          opendroid@opendroid-System-Product-Name:~

          Tre... se usi la OPD lo puoi disattivare da telecomando.....

          Commenta

          annuncio

          Comprimi
          Ancora nessun annuncio.
          Sto operando...
          X