Hi there

I've just installed a fresh Debian 6 on a Linode and an nmap shows:

PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
1720/tcp open H.323/Q.931

I've tried the following to close port 111:

# update-rc.d portmap remove
update-rc.d: using dependency based boot sequencing
insserv: Service portmap has to be enabled to start service nfs-common
insserv: exiting now!
update-rc.d: error: insserv rejected the script header

As you can see, it doesn't like it. Also the service on port 1720 seems to be running and I'm not sure what needs to be killed to stop that.

Any advise would be great. Thanks!

Is that running nmap from the linode itself or an outside source? If it's outside it may show things that aren't really open, for example my isp says ftp is open regardless of what ip I scan.

Anyway to see what's really listening run

netstat -lpntu

it will list the port, ip address and process that is listening.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

It was from an outside source. The output from the netstat command was:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1362/portmap
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1715/sshd
tcp        0      0 0.0.0.0:50815           0.0.0.0:*               LISTEN      1374/rpc.statd
tcp6       0      0 :::22                   :::*                    LISTEN      1715/sshd
udp        0      0 0.0.0.0:68              0.0.0.0:*                           1498/dhclient
udp        0      0 0.0.0.0:111             0.0.0.0:*                           1362/portmap
udp        0      0 178.79.158.162:123      0.0.0.0:*                           1629/ntpd
udp        0      0 127.0.0.1:123           0.0.0.0:*                           1629/ntpd
udp        0      0 0.0.0.0:123             0.0.0.0:*                           1629/ntpd
udp        0      0 0.0.0.0:702             0.0.0.0:*                           1374/rpc.statd
udp        0      0 0.0.0.0:34511           0.0.0.0:*                           1374/rpc.statd
udp6       0      0 fe80::fcfd:b2ff:fe4:123 :::*                                1629/ntpd
udp6       0      0 ::1:123                 :::*                                1629/ntpd
udp6       0      0 :::123                  :::*                                1629/ntpd

Shall I just kill process 1362 or will that cause problems? I can't see any mention of port 1720 there though for that one. I'm not sure why ports which are closed would be showing as open though.

Randomly killing a process can cause problems, it looks like you have nfs enabled, are you using it? If not you will want to try

update-rc.d nfs-common remove
update-rc.d portmap remove

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

For both of these the following response was given:

update-rc.d: using dependency based boot sequencing

I'm not sure what this means; is it something to do with the way Linodes are set up? I've never seen this with a vanilla debian before.

It's how debian now deals with boot sequences the old style is the /etc/rc scripts ran in order of name i.e 00_xxx then 01_xxx, this made dependancy tracking a pain.

Now assuming all your init scripts have proper lsb information then they can state what they depend on if they depend on something then that must be enabled and start before the script that depends on it.

If you reboot your linode then run netstat -lpntu again you shouldn't see those services anymore.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

That reboot worked a treat; port 111 is closed and the portmap service isn't running anymore. Unfortunately, the '1720/tcp open H.323/Q.931' is still showing in a standard nmap and this isn't showing up in the netstat command. Any ideas how to remove this?

Where are you running nmap from? If netstat says it isn't listening, it isn't listening. It's likely some other network device between you and your Linode that's configured to transparently proxy traffic on that port.

Bingo! Thanks a lot to both of you