Home > Support > HOWTO List > Linux > Ports

Working with Linux howtos

Securing Your Server: Is Your Port Showing?

Want to harden the security on your server?  The first thing you should do is shut down any public services that you don't need.

To see the ports on which you are accepting connections (sshd, http, ftp, etc) , run "netstat -l" (-l for ports that are listening). 

You should be interested in both what ports are open, and on what addresses is your server listening.  e.g. listening on the localhost address is usually pretty harmless.  But you'd want to make sure that anything listening on a public (or *) IP address is supposed to be publicly accessible

If you see a port number that you don't recognise, run lsof | grep theportnumber.  This will tell you the process listening on this port.

The xinetd daemon controls a number of services (like FTP, pop3, et al.).  If you don't want them running a) shutdown xinetd or b) configure that service by editing the appropriate file in /etc/xinet.d/ and setting "disable = yes".

Tip: To quickly find enabled services, run: grep -i disable /etc/xinetd.d/* | grep -i no

NMap

Want to perform a security scan on your server?

Download and install nmap from Insecure.org.  e.g. rpm -Uvfh "http://nmap.org/dist/nmap-4.76-1.i386.rpm" Then run it against your server: nmap yourservername.com.  It will scan the most commonly used port numbers on your server and alert you to open ports.  Like this:

Port       State       Service
21/tcp     open        ftp
22/tcp     open        ssh
25/tcp     open        smtp
80/tcp     open        http