|
Is my Redhat 9 safe with all this ports Open?
Is my Redhat 9 safe with all this ports Open?
Goodday. I have a Aztech 4 port router a RH9 behind it. I did a NMAP on the Router and i got this results: Interesting ports on adslXXX.dynXXX.pacific.net.sg (210.24.XXX.XXX.): (The 1599 ports scanned but not shown below are in state: closed) Port State Service 80/tcp open http 255/tcp open unknown Are this ports safe or do i have to close them. And i did a NMAP scan on my RH9 Interesting ports on (10.0.0.X): (The 1594 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 80/tcp open http 111/tcp open sunrpc 139/tcp open netbios-ssn 443/tcp open https 901/tcp open samba-swat 6000/tcp open X11 By the way i have amule running, i wonder if the ports are reflected here. Please advise on what uncessary port i have to close to secure my PC . Thanks. Oh yah... Additional info I am also sharing files between my RH9 and Win 2000. :) |
your redhat and windowz are located behind the router. and they connect internet via NAT, right? check your router config if DMZ exist. if there is no DMZ dont worry about these ports. because your computers are already behind a firewall (router) so they cant be accessed from internet easyly. they are already in secure network.
|
For your router port 80 is probably the web interface. In most routers there is an option to turn this interface off for users outside your local network...do that.
As for port 255 I dont know. Maybe look around in your router settings and see if there is a reference to that. Maybe its the routers telnet port? You could turn telnet off if you really want. If you cant find a reference to port 255 email the people who make the router and ask them. For your RH9 box... If you want to ssh into your box keep ssh (port 22) running...if not shut it down. If your not using the box as a web server (port 80) shut down apache (httpd). Shutting down apache will also take care of port 443. If I remember correctly swat is a web gui interface for samba. If you dont use samba shut it down too. Samba is mostly used for windows sharing across networks. It does have other uses. You probably want 6000 open cause most likely your running X11 with gnome or kde on top. Leave everything else, it wont hurt. to see a list of startup scripts look at the chkconfig utility. The scripts are located under /etc/init.d/ And Maxut is right, unless your using port forwarding or have a PC in the DMZ you really dont have much to worry about. |
you have ssh, samba, samba-swat, remote X11 open on your linux system.
you could start by shutting down the services you dont need, if you dont need samba running, its just using up memory. you can use chkconfig to control the rc startup scripts. for example, to turn samba off in rulevels 3/4/5... chkconfig --level 345 smb off to list the services that you have running in whatever runlevels... chkconfig --list and if you do want these services avalible, but only want them avalible to certain networks, you should probably make some adjustments to /etc/hosts.allow and /etc/hosts.deny. so make hosts.deny look like this to deny access to everything... ALL : ALL and hosts.allow to make spesific services avalible... # make all services avalible on 127.0.0.1, [very important!!] ALL : localhost # make sshd avalible to every network. sshd : ALL # make samba avalible on a 192 private net. smb : 192.168. nmb : 192.168. # make the SWAT samba admin util only usable on the private net [good idea] swat : 192.168. |
Just an FYI,
Normally SWAT is configured to only run on the local system and not accross the network. There is a FAQ on the SAMBA site on how to set SWAT up for a secure session. John |
| All times are GMT -5. The time now is 10:34 PM. |