CategoryComputingTips > SecurityCompTips
Linux Security Tips
Finding open ports
netstat -vae --inet|grep LISTEN|less
which should give results like:
tcp 0 0 *:printer *:* LISTEN root 40595
which shows a process is running as root and listening on all IPs on the printer port.
Find out the port number/name
/etc/services lists the most popular so you can just grep it.
printer 515/tcp spooler # line printer spooler pcrd 5151/tcp # PCR-1000 Daemon
So printer is port 515 on TCP.
What program is listening on that port?
# netstat -nap --inet| grep port_number tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN 12764/lpd Waiting
So it's process 12764 that's listening on that port and it happens to be called lpd.
Or you can use fuser:
# fuser -n tcp port_number_or_name printer/tcp: 12764
How can I secure my machine?
Well there are lots of answers but the most classic are:
- Know what you are running on your machine that should have an open port and ensure that those are the only ports open. Otherwise go on a search and destroy to find any ports that are open but shouldn't be.
- If you're not meant to be serving stuff to the world then don't. Install a firewall if you have stuff that should for instance only be visible locally or only to a certain network/IP.
- Follow mailing lists such as bugtraq and distribution specific ones such as redhatwatch-list and debian-security-announce etc.
If your distribution has an automated upgrade facility like Debian's apt-get then use it!
