Kategorie: Linux

Verification of listening ports in linux systems

The Internet has not been a safe place for a long time, it is worth seeing for whom we leave the door open and what it leads to. Ports are such an equivalent of doors in computer networks.

When we know what applications we use, we'll then know what to add to our own iptables firewall rules or UDP whitelist:

How to do it?

On most systems, the command is sufficient:

netstat -l

How to read it?

At first it seems like an Italian pasta dish, but it is enough to take a closer look that the result of this command is a mine of knowledge

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 *:ssh                   *:*                     LISTEN     
tcp        0      0 *:40833                 *:*                     LISTEN     
tcp        0      0 localhost:27017         *:*                     LISTEN     
tcp        0      0 localhost:mysql         *:*                     LISTEN     
tcp        0      0 *:sunrpc                *:*                     LISTEN     
tcp        0      0 *:46834                 *:*                     LISTEN     
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN     
tcp6       0      0 [::]:43937              [::]:*                  LISTEN     
tcp6       0      0 [::]:57793              [::]:*                  LISTEN     
tcp6       0      0 [::]:sunrpc             [::]:*                  LISTEN     
udp        0      0 localhost:608           *:*                                
udp        0      0 *:674                   *:*                                
udp        0      0 *:59774                 *:*                                
udp        0      0 *:bootpc                *:*                                
udp        0      0 *:sunrpc                *:*                                
udp        0      0 *:41251                 *:*                                
udp6       0      0 [::]:674                [::]:*                             
udp6       0      0 [::]:43086              [::]:*                             
udp6       0      0 [::]:40189              [::]:*                             
udp6       0      0 [::]:sunrpc             [::]:*                             
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     7424585  /tmp/mongodb-27017.sock
unix  2      [ ACC ]     STREAM     LISTENING     24344048 /run/user/1000/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     7467947  /run/user/1002/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     7459911  /run/user/1001/systemd/private
unix  2      [ ACC ]     SEQPACKET  LISTENING     7951     /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     7885     /run/systemd/journal/stdout
unix  2      [ ACC ]     STREAM     LISTENING     7931     /run/lvm/lvmetad.socket
unix  2      [ ACC ]     STREAM     LISTENING     7952     /run/lvm/lvmpolld.socket
unix  2      [ ACC ]     STREAM     LISTENING     13305    /var/lib/lxd/unix.socket
unix  2      [ ACC ]     STREAM     LISTENING     13303    /run/uuidd/request
unix  2      [ ACC ]     STREAM     LISTENING     13304    /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     13306    /run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     13307    /run/snapd.socket
unix  2      [ ACC ]     STREAM     LISTENING     13308    /run/snapd-snap.socket
unix  2      [ ACC ]     STREAM     LISTENING     14766    @ISCSIADM_ABSTRACT_NAMESPACE
unix  2      [ ACC ]     STREAM     LISTENING     24019    /run/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     42459    /var/run/mysqld/mysqld.sock
unix  2      [ ACC ]     STREAM     LISTENING     45141    /run/rpcbind.sock

After this result, we can conclude that this system is running MySQL and MongoDB.

You have MySQL:

tcp        0      0 localhost:mysql         *:*                     LISTEN

MySQL uses the port by default 3306 and it is quite a known application for many years, so the application immediately tells us that it is the port used by MySQL instead of the port number

Do you have MongoDB:

tcp        0      0 localhost:27017         *:*                     LISTEN

Mongo is less known and much younger, this is where the port is displayed to us 27017.

We can also use netstat -ln, then we will get a list of all ports without detecting what is what.

Both apps have localhost: in front of the port so they only listen locally, that is, they cannot be accessed from outside via the network. It is a safe solution because it is better not to give strangers access to our database, even if it is password-protected.
For example, if we allow access from outside, it may turn out in the future that there is a loophole that allows you to log in without a password and we will forget about the update and the problem is ready.

Here we can see an SSH server listening on a standard port:

tcp        0      0 *:ssh                   *:*                     LISTEN

It is exposed outside, but SSH is a proven application and somehow we also have to get to the server, so do not worry too much as long as we have a long and randomly generated password or log in with a pair of keys (public and private).

We also have a curiosity at the bottom:

unix  2      [ ACC ]     STREAM     LISTENING     42459    /var/run/mysqld/mysqld.sock

It is a port, but not really. It is a socket (plug) which allows the application to connect not via a standard network address but via a file. Some applications support connecting through UNIX sockets, and here's an example of that. These files are not exposed to the world in any way, they are a good solution to connect services on one server with different users because you can change user permissions to this resource like any other file on the disk.

It does not work!

If we do not have such a command in the system as netstat, you need to install the package net-tools.
In the case of Debian and derivatives e.g.. Ubuntu just execute these commands to install it:

apt-get update
apt-get install net-tools

Sufficient for CentOS and other RHEL derivatives:

yum install net-tools

Related entries:

  • Install Audacity audio editor on Ubuntu 20.04
  • Resolved issue with smarty_lazy_cache 'does not exist
  • Installation IonCube Loader system Centos 8
  • PhpMyAdmin - time change import database
  • Nvidia drivers in Ubuntu

    • Linux

    Zostaw komentarz
    Udostępnij
    Opublikowane przez
    Linux
    Tagi: Linuxnasłuchiwanychportssystemsverification
    3 years temu

    Recent posts

    KeePass2 2.52 w Ubuntu 22.04

    The guide below describes how to install KeePass on Ubuntu. Całość wykonamy za pomocą kilku poleceń

    2 years temu

    Installing Master PDF editor in Ubuntu 22.04

    Master PDF Editor is a comprehensive PDF program, which includes many features. Oprócz tworzenia i edycji

    2 years temu

    iotop - memory monitoring

    Iotop jest prostym narzędziem dla systemów Uniksowych umożliwiającym monitorowanie użycia dowolnego nośnika pamięci flash/hdd/ssd w

    2 years temu

    Run multiple commands in one cron job

    You can separate two or more commands with semicolons (;), Semicolon (;): służy do oddzielania

    2 years temu

    Changing the exif data of a photo in the Linux terminal

    Poniższy poradnik opisuje w jaki sposób za pomocą konsoli możemy dokonać edycji danych zdjęcia exif.

    2 years temu

    Installing Rocket.Chat Server on Rocky Linux 8

    The following guide describes how to install Rocket.Chat on Rocky Linux 8 Całość bardzo prosto zainstalujemy

    2 years temu