I'm in the process of hardening a new CentOS 5.3 server installation...this is the result of an nmap scan of the system currently:
Starting Nmap 4.11 (
http://www.insecure.org/nmap/ ) at 2009-10-05 23:23 PDT
Machine MIGHT actually be listening on probe port 80
DNS resolution of 1 IPs took 0.12s.
Initiating Connect() Scan at 23:23
Discovered open port 554/tcp
Discovered open port 21/tcp
Discovered open port 443/tcp
Discovered open port 80/tcp
Discovered open port 22/tcp
Discovered open port 8443/tcp
Discovered open port 111/tcp
Discovered open port 7070/tcp
Discovered open port 817/tcp
The Connect() Scan took 3.80s to scan 1680 total ports.
Initiating service scan against 9 services at 23:23
The service scan took 55.33s to scan 9 services on 1 host.
Initiating RPCGrind Scan at 23:24
The RPCGrind Scan took 1.02s to scan 2 ports
Host appears to be up ... good.
Interesting ports:
Not shown: 1664 closed ports
PORT STATE SERVICE VERSION
21/tcp open tcpwrapped
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
80/tcp open http Apache httpd 2.2.3 ((CentOS))
111/tcp open rpcbind 2 (rpc #100000)
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
443/tcp open ssl/http Apache httpd 2.2.3 ((CentOS))
445/tcp filtered microsoft-ds
554/tcp open tcpwrapped
817/tcp open status 1 (rpc #100024)
901/tcp filtered samba-swat
7070/tcp open tcpwrapped
8443/tcp open ssl/http Apache httpd 2.2.3 ((CentOS))
Nmap finished: 1 IP address (1 host up) scanned in 60.847 seconds
System is a web server running a PHP app with a single administrator. I think I only need ports 22/80/443 (before discussing mail services, which are off currently)...welcoming all feedback on how to tighten this up as much as possible. TIA!