Because Linux is open source, so that behind Linux powerful, always some undesirable places, in order to achieve one of the most secure Linux degree, but also to continue to be done on the configuration of Linux.
Therefore, the general should pay attention to a host of bug fixes package, firewalls settings, turn off the risk of the service (port) and a daily log analysis.
Here again we have to say something about port security issues
What is the port
A host port can be divided into advanced port monitoring port and random access to the so-called host listening port is opened which services, then the service will enable a port to listen for client requests on Linux systems. For example FTP server, will open port 21, the port will remain enabled until the FTP service is shut down. the so-called advanced port random access is a Linux host to request service, Linux hosts need to enable a port for external connection, the port number is How much? Linux will be randomly drawn and an unused port above 1024 to connect.
Therefore, the data transfer server / Client is actually transferred between the port and the port.
Total number of ports, which is reserved port
Port Number 1-65535 is composed, so there will be 65,535 ports. Generally, only root can open a port 1-1023 within these ports are special Tuan port for reserved for system use. As for the more than 1024 ports, in addition to the system as a random access connectivity needs than can also be used to monitor the use of the service.
If the program 1-1023 port invasion, indicating that the intruder has root privileges because only root can open a port 1-1023 within this time we should pay attention to the security of the host.
Remain in the Linux port and its corresponding service is in fact already have a table that is / etc / services file, you can use netstat -n numerically display the connection status, use netatst -tl can display the current service is listening name. / etc / services file is set to start certain ports port when an important basis.
To understand the so-called port security and services for the relationship: the real impact of network security is not a port, but a start port services.
So the real harm is certain unsafe services rather than open ports. Basically, if not necessary, turn off some of the less than the port, and the version of the service to be continuously updated.
How to view the port
1. The host needs to know the current number of open ports?
2. Understand the service port with a corresponding file is that? / Etc / services
Description See host port most commonly used commands:
netstat: Check your program to detect ports on the machine, there is no danger
nmap: On the machine to detect its own special testing procedures may be illegal
Close or start a port
To open or close a port, only one service can be turned on or off. So, when After detecting port, the next step is to find out the port corresponding to the service, the service turned off, the port will be switched off.
The method of service is set to start at boot
If the text log, the run-level language interface is 3, so we can find the start parameters for the service in /etc/rc.d/rc3.d where S is to the beginning of the file. If you do not start some services, we the corresponding service files (files beginning with S) can be deleted.
Under normal circumstances do not need to manually delete the file, Linux provides us with general procedures to be completed:
To all of Linux is not the default service shut down? Because the system had a lot of services are certain to start, otherwise it becomes unsafe.
Here are some no open port, but it is necessary for the system services that do not close.
atd: Regular order mentioned, implementation tasks only once reservation, be sure to start
cron: Regular order mentioned in the command loop is executed, be sure to start
iptables: firewall, however, start it
keytables: Sets the alpha format on the keyboard, of course, need to read, otherwise how to control
network: Network features
random: Fast stored in the system then the time to image file, the system is very important, because in the boot, the system return quickly returned to the state prior to shutdown
syslog: in the system log file mentioned, is a very important document, be sure to start
xinetd: Server Manager super deamon, is one of the services that must be started
xfs: If you are using run-level graphical interface, this must start
Close all open ports
In Bahrain Linux, it will be shut down unnecessary programs or services, the most important thing is to open ports to close, when necessary. If you assume that the server, open these ports can be individually turned on.
1. What services start ntsysv set the boot
Generally only choice: atd, cron, iptables, keytables, network, random, syslog, xinetd, xfs (if any graphical interface)
3. Check the number of currently active ports