Differences between revisions 2 and 3
Revision 2 as of 2002-05-28 12:01:18
Size: 1819
Editor: SimonHuggins
Comment:
Revision 3 as of 2008-02-19 15:39:11
Size: 1819
Editor: localhost
Comment: converted to 1.6 markup
No differences found!

CategoryComputingTips > SecurityCompTips

Linux Security Tips

Finding open ports

netstat -vae --inet|grep LISTEN|less

which should give results like:

tcp        0      0 *:printer               *:*                     LISTEN root       40595 

which shows a process is running as root and listening on all IPs on the printer port.

Find out the port number/name

/etc/services lists the most popular so you can just grep it.

printer         515/tcp         spooler         # line printer spooler
pcrd            5151/tcp                        # PCR-1000 Daemon

So printer is port 515 on TCP.

What program is listening on that port?

# netstat -nap --inet| grep port_number
tcp        0      0 0.0.0.0:515             0.0.0.0:*               LISTEN 12764/lpd Waiting

So it's process 12764 that's listening on that port and it happens to be called lpd.

Or you can use fuser:

# fuser -n tcp port_number_or_name
printer/tcp:         12764

How can I secure my machine?

Well there are lots of answers but the most classic are:

  • Know what you are running on your machine that should have an open port and ensure that those are the only ports open. Otherwise go on a search and destroy to find any ports that are open but shouldn't be.
  • If you're not meant to be serving stuff to the world then don't. Install a firewall if you have stuff that should for instance only be visible locally or only to a certain network/IP.
  • Follow mailing lists such as bugtraq and distribution specific ones such as redhatwatch-list and debian-security-announce etc.
  • If your distribution has an automated upgrade facility like Debian's apt-get then use it! :)

TheEarthWiki: SecurityCompTips (last edited 2008-02-19 15:39:11 by localhost)