Alwina's open source efforts

|

Specialized in FreeBSD and CentOS

Closing ports in CentOS

October 19th, 2010 at 5:49

Recently I found too many open ports on my remote CentOS server. You can use the excellent program nmap to do a portscan. The following command gave me insight to my open ports from a client.

nmap -sS 1.1.1.1

You should replace 1.1.1.1 with the remote IP of your server.
The result:

Starting Nmap 5.00 ( http://nmap.org ) at 2010-10-18 22:59 CEST
Interesting ports on static.129.213.4.46.clients.your-server.de (46.4.213.129):
Not shown: 991 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
111/tcp open rpcbind
135/tcp filtered msrpc
5900/tcp open vnc
5901/tcp open vnc-1
5902/tcp open vnc-2
5903/tcp open vnc-3
5904/tcp open unknown

For maximum security all unnecessary ports should be closed down. You can do this with the following steps.

1. login to your server

ssh root@1.1.1.1

Replace 1.1.1.1 with the remote IP of your server

2. start tool for CentOS firewall settings

system-config-securitylevel-tui

3. adjust firewall settings


I usually enable the firewall but disable SELLinux. This fine-grained security mechanism adds to security but is difficult to use and error-prone. The next step is to customize the settings.


I enabled SSH, HTTP, HTTPS and cleared the setting under “Other ports”.

Juist press the button OK 2x and your are ready.

4. recheck open ports on your clients

nmap -sS 1.1.1.1

The result:

Starting Nmap 5.00 ( http://nmap.org ) at 2010-10-19 06:04 CEST
Interesting ports on static.88-198-27-6.clients.your-server.de (88.198.27.6):
Not shown: 997 filtered ports
PORT    STATE  SERVICE
22/tcp  open   ssh
80/tcp  closed http
443/tcp closed https

Job done, ready.

Tags: , , , ,

One Response to “Closing ports in CentOS”

  1. Homepage Says:

    … [Trackback]…

    [...] Read More here: alwina.org/?p=479 [...]…