Why should ports be secured ?
Open ports are via which a hacker determines what daemons your server is running, and whether or not, your system can be exploited or not. Port scan is the first thing that is done to fingerprint your OS and determine what is running. Open ports behave like open windows in your house. The more closed and armoured windows you have, the less thempting to thieves. Open ports in the server work in the same way, the more they are, the more tempting they become.
--------------------------------------------------------------------------------
Note:
Though closing ports seem a good idea, some exploits, or updates might reset the ports back
redhat, fedora, debian, freebsd
The ports of your server is controlled by the file /etc/services.
Additional ports are controlled by the file /etc/rpc. It is safe to move/rename the /etc/rpc file
Then, backup your services file.
Now, from your favourite editor, edit your services file.
As an example, in all the CPanel and Plesk servers that I monitor, the /etc/services is:
Tip:
When you suspect that your server is compromised, be sure to check /etc/services. Sometimes, you will find a line that will allow the attacker to connect directly to a port in your system and get shell without authentication.
Open ports are via which a hacker determines what daemons your server is running, and whether or not, your system can be exploited or not. Port scan is the first thing that is done to fingerprint your OS and determine what is running. Open ports behave like open windows in your house. The more closed and armoured windows you have, the less thempting to thieves. Open ports in the server work in the same way, the more they are, the more tempting they become.
--------------------------------------------------------------------------------
Note:
Though closing ports seem a good idea, some exploits, or updates might reset the ports back
redhat, fedora, debian, freebsd
The ports of your server is controlled by the file /etc/services.
Additional ports are controlled by the file /etc/rpc. It is safe to move/rename the /etc/rpc file
Code:
mv /etc/rpc /etc/rpc-moved
Code:
cp /etc/services /etc/services.originalNow, from your favourite editor, edit your services file.
As an example, in all the CPanel and Plesk servers that I monitor, the /etc/services is:
Code:
echo 7/tcp
echo 7/udp
ftp-data 20/tcp
ftp 21/tcp
ssh 22/tcp
smtp 25/tcp mail
domain 53/tcp
domain 53/udp
http 80/tcp www www-http
pop3 110/tcp pop-3
imap 143/tcp imap2
https 443/tcp
smtps 465/tcp
syslog 514/udp
imaps 993/tcp
pop3s 995/tcp
rndc 953/tcp
rndc 953/udp
mysql 3306/tcpTip:
When you suspect that your server is compromised, be sure to check /etc/services. Sometimes, you will find a line that will allow the attacker to connect directly to a port in your system and get shell without authentication.
