To get a list of listening network ports (TCP and UDP sockets), you can run the following command:
# netstat -tulp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:auth *:* LISTEN 2328/xinetd
tcp 0 0 localhost.localdomain:smtp *:* LISTEN 2360/sendmail: acce
tcp 0 0 *:ssh *:* LISTEN 2317/sshd
From the output you can see that xinetd, sendmail, and sshd are listening. On all newer Red Hat Linux distributions sendmail is configured to listen for local connections only. Sendmail should not listen for incoming network connections unless the server is a mail or relay server. Running a port scan from another server will confirm that (make sure that you have permissions to probe a machine):
# nmap -sTU
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2004-12-10 22:51 CST
Interesting ports on jupitor (172.16.0.1):
(The 3131 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
113/tcp open auth
Nmap run completed -- 1 IP address (1 host up) scanned in 221.669 seconds
#
Note that the above nmap command can take a while. If you remove the UDP port scan (without the option "-U"), then nmap will finish the port scan immediately. If you run it on the local machine it will also complete very fast. Also note that nmap might not show all listening network sockets if a firewall is being used to block ports. From the output above you can see that the xinetd daemon is listening on port auth (port 113) for IDENT (for more information on this service, see below). You can also see that sendmail is not listening for remote incoming network connections, see also Securing Sendmail.
Another method to list all of the TCP and UDP sockets to which programs are listening is lsof:
# lsof -i -n | egrep 'COMMAND|LISTEN|UDP'
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 2317 root 3u IPv6 6579 TCP *:ssh (LISTEN)
xinetd 2328 root 5u IPv4 6698 TCP *:auth (LISTEN)
sendmail 2360 root 3u IPv4 6729 TCP 127.0.0.1:smtp (LISTEN)
#
0 comments:
Post a Comment