#pragma section-numbers off

CategoryComputingTips > SecurityCompTips

== Linux Security Tips ==

=== Finding open ports ===

{{{
netstat -vae --inet|grep LISTEN|less
}}}

which should give results like:

{{{
tcp        0      0 *:printer               *:*                     LISTEN root       40595 
}}}

which shows a process is running as root and listening on all IPs on the printer port.

=== Find out the port number/name ===

/etc/services lists the most popular so you can just grep it.

{{{
printer         515/tcp         spooler         # line printer spooler
pcrd            5151/tcp                        # PCR-1000 Daemon
}}}

So printer is port 515 on TCP.

=== What program is listening on that port? ===

{{{
# netstat -nap --inet| grep port_number
tcp        0      0 0.0.0.0:515             0.0.0.0:*               LISTEN 12764/lpd Waiting
}}}

So it's process 12764 that's listening on that port and it happens to be called lpd.

Or you can use fuser:

{{{
# fuser -n tcp port_number_or_name
printer/tcp:         12764
}}}

=== How can I secure my machine? ===

Well there are lots of answers but the most classic are:
 * Know what you are running on your machine that should have an open port and ensure that those are the only ports open.  Otherwise go on a search and destroy to find any ports that are open but shouldn't be.
 * If you're not meant to be serving stuff to the world then don't.  Install a firewall if you have stuff that should for instance only be visible locally or only to a certain network/IP.
 * Follow mailing lists such as bugtraq and distribution specific ones such as redhatwatch-list and debian-security-announce etc.
 * If your distribution has an automated upgrade facility like Debian's apt-get then use it! :)