Re: Open ports in Debian
Hi Rutger,
> PORT STATE SERVICE
> 22/tcp open ssh
> 25/tcp open smtp
> 80/tcp open http
> 111/tcp open rpcbind
> 113/tcp open auth
> 903/tcp open iss-console-mgr
Before starting nmap, use netstat.
You can find out which program uses which port with
netstat -tulpen
for your internet connected box, leave just the port open that you really
need. E.g. ssh (port 22) for remote administration, web-server (port 80),
etc..
Maybe it tells that inetd has ports 111 and 113 open. Just stop inetd and see,
that all the needed functionality is still given. If yes, remove the related
inetd packet or remove the startup scripts with
update-rc.d -f name-of-startup-script remove
For your port 25 mailserver: If you just need to send emails (with queueing),
try configure it to listen on localhost only.
ssh: you can configure the ssh daemon to listen on port xxxxx instead of 22.
This 'hides' it a bit (ok, a lot) - typical port scans just check the typical
ports. You should still use a random password with more than 8 chars.
http: there is much documentation about securing webservers (e.g. apache).
You can check your webserver configuartion for security holes with a program
called 'nikto' (from remote).
As a thing of favour, you can set up a firewall with iptables.
You should also keep your software upto-date.
Of course there still is the chance to be hacked. It might help to install
chkrootkit and rkhunter which regularly check for infected files.
After all I am not an admin nor a security expert. These guys would have tons
of other hints and advices. There are also some howtos about securing a box.
Have fun,
Tim
Reply to: