LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-17-2007, 08:53 AM   #1
glenn69
Member
 
Registered: Jul 2003
Location: Chicagoland
Distribution: ArchLinux
Posts: 261

Rep: Reputation: 32
Should port 80 be open ?


I ran a port scanner and noticed that all common ports were closed except port 80.

What I know about port 80 is it is used for HTTP...right?

So, is having port 80 open a necessary evil to browse the web?

Thanks
 
Old 04-17-2007, 09:00 AM   #2
m2acis
LQ Newbie
 
Registered: Jan 2006
Location: Latvia, Riga
Distribution: Slackware, Ubuntu
Posts: 18

Rep: Reputation: 0
Depends on machine where you found it. If this is your local machine which is connected to unsafe network (such as Internet) then I'd suggest closing it - it won't hurt you.
 
Old 04-17-2007, 09:04 AM   #3
glenn69
Member
 
Registered: Jul 2003
Location: Chicagoland
Distribution: ArchLinux
Posts: 261

Original Poster
Rep: Reputation: 32
Will closing port 80 shutdown my ability to connect to the internet, or does it merely shut down any requests from the internet coming into my computer?
 
Old 04-17-2007, 09:07 AM   #4
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Port 80 is what a web server has open. Not a browser. Check if you have the apache2 webserver running.
You can close port 80. When you browse, you connect to the web server's port 80, but the return is on another port. Also, even if it didn't use a different port, it would be an established connection which the firewall or nat router would allow.
 
Old 04-17-2007, 09:47 AM   #5
sparc86
Member
 
Registered: Jul 2006
Location: Joinville, Brazil
Distribution: Debian, CentOS
Posts: 301

Rep: Reputation: 31
Use #netstat -l
and you're gonna see all the listening services. Then just drop apache, if you actually have it.
 
Old 04-17-2007, 10:35 AM   #6
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
When you run a portscan, ports shown as "open" are services your machine is providing. In other words, it seems likely that you have a webserver running on your machine.
 
Old 04-18-2007, 03:03 AM   #7
m2acis
LQ Newbie
 
Registered: Jan 2006
Location: Latvia, Riga
Distribution: Slackware, Ubuntu
Posts: 18

Rep: Reputation: 0
Try this:
Code:
ps ax|grep apache
If it prints something like this
Code:
 4564 ?        Ss     0:00 /usr/sbin/apache2 -k start -DSSL
 4625 ?        S      0:00 /usr/sbin/apache2 -k start -DSSL
 4626 ?        S      0:00 /usr/sbin/apache2 -k start -DSSL
 4627 ?        S      0:00 /usr/sbin/apache2 -k start -DSSL
 4628 ?        S      0:00 /usr/sbin/apache2 -k start -DSSL
 4629 ?        S      0:00 /usr/sbin/apache2 -k start -DSSL
17989 ?        S      0:00 /usr/sbin/apache2 -k start -DSSL
then you should also disable apache service. Why waste system resources?

1. To disable apache (or any other unwanted service) from starting at system boot I use (as root):
Code:
update-rc.d -f apache2 remove
or as normal user
Code:
sudo update-rc.d -f apache2 remove
In both cases "apache2" is the name of service startup file found in "/etc/init.d". "update-rc.d" will remove symlinks to this startup file from directories /etc/rc<n>.d.

2. To stop apache service immediatly do
Code:
/etc/init.d/apache2 stop
Do both steps to disable apache service from now on and only second step to disable service till next boot.
 
Old 04-18-2007, 06:19 PM   #8
glenn69
Member
 
Registered: Jul 2003
Location: Chicagoland
Distribution: ArchLinux
Posts: 261

Original Poster
Rep: Reputation: 32
Here is what my output looked like :

glenn@glenn-desktop:~$ ps ax| grep apache
5268 pts/0 R+ 0:00 grep apache

I don't think it's running...is it??
 
Old 04-18-2007, 09:08 PM   #9
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by glenn69
Here is what my output looked like :

glenn@glenn-desktop:~$ ps ax| grep apache
5268 pts/0 R+ 0:00 grep apache

I don't think it's running...is it??
your output would indicate that it is NOT running... however, as was said by Matir, for a port to be "open" it needs a service listening on it... so something else should be listening on your port 80 (unless the scanner you used is malfunctioning)... you can see what is listening on your box with something like this (as root):
Code:
netstat -pantu | grep LISTEN
you can check your current local firewall config like this (also as root):
Code:
iptables -nvL
if netstat doesn't show anything listening on port 80, i'd consider a quick troubleshoot of the port scanner... you could start by trying with a different port scanner, for example...
 
Old 04-19-2007, 07:16 AM   #10
sparc86
Member
 
Registered: Jul 2006
Location: Joinville, Brazil
Distribution: Debian, CentOS
Posts: 301

Rep: Reputation: 31
#telnet 127.0.0.7 80

It brings connection? If yes, your port is opened. Easy as hell. :-)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
port 25 filtered despite firewall having port 25 open ille.pugil42 Linux - Security 8 03-09-2007 01:51 AM
best port scanner To scan open port in a network tanveer Linux - Security 8 01-21-2007 09:19 PM
cannot SFTP to SUSE 9.2 box, port 22 open, can putty in though using same port. jgrady Linux - Networking 6 03-29-2005 09:44 AM
Open a Port in RH 8.0 alany Linux - General 1 12-01-2002 12:10 AM
firewall.rc.config says :"open port 8080" but nmap says port is closed saavik Linux - Security 2 02-14-2002 01:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:37 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration