Why should ports be secured ?
Open ports are via which a hacker determines what daemons your server is running, and whether or not, your system can be exploited or not. Port scan is the first thing that is done to fingerprint your OS and determine what is running. Open ports behave like open windows in your house. The more closed and armoured windows you have, the less thempting to thieves. Open ports in the server work in the same way, the more they are, the more tempting they become.
Note:
Though closing ports seem a good idea, some exploits, or updates might reset the ports back
redhat, fedora, debian, freebsd
The ports of your server is controlled by the file /etc/services.
Additional ports are controlled by the file /etc/rpc. It is safe to move/rename the /etc/rpc file
Code:
mv /etc/rpc /etc/rpc-moved
Then, backup your services file.
Code:
cp /etc/services /etc/services.original
Now, from your favourite editor, edit your services file.
As an example, in all the CPanel and Plesk servers that I monitor, the /etc/services is:
Code:
echo 7/tcp echo 7/udp ftp-data 20/tcp ftp 21/tcp ssh 22/tcp smtp 25/tcp mail domain 53/tcp domain 53/udp http 80/tcp www www-http pop3 110/tcp pop-3 imap 143/tcp imap2 https 443/tcp smtps 465/tcp syslog 514/udp imaps 993/tcp pop3s 995/tcp rndc 953/tcp rndc 953/udp mysql 3306/tcp
Tip:
When you suspect that your server is compromised, be sure to check /etc/services. Sometimes, you will find a line that will allow the attacker to connect directly to a port in your system and get shell without authentication.
