Here are a few useful one liners for Linux Security. View current packet filtering rules. (i.e. what can and can’t access your computer.
<br /> $ iptables -L<br />
On older distros, iptables may not be in place. Try ipchains. A good reference and tools on iptables can be found at www.iptablesrocks.org .
Identity open ports on your installation using the Network exploration tool and security scanner.
<br /> $ nmap -p 1-65535 localhost<br />
On my computer this returned
<br /> Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2006-06-11 12:22 EST<br /> Interesting ports on lamda.arabx (127.0.0.1):<br /> (The 65525 ports scanned but not shown below are in state: closed)<br /> PORT STATE SERVICE<br /> 22/tcp open ssh<br /> 25/tcp open smtp<br /> 111/tcp open rpcbind<br /> 139/tcp open netbios-ssn<br /> 445/tcp open microsoft-ds<br /> 631/tcp open ipp<br /> 901/tcp open samba-swat<br /> 8005/tcp open unknown<br /> 32769/tcp open unknown<br /> 34315/tcp open unknown<br />
That’s a cause for a bit of concern. Will need to look into that more.
Looking into more detail, I know what runs samba-swat but let’s confirm.
<br /> $ fuser -n tcp 901<br />
This provides a confirmation and the Process id of the process using this port. A more susync output would be.
<br /> $ ps -ef | grep `fuser -n tcp 901 | tail -1 | cut -d: -f2` | grep -v grep<br />
This gives me.
<br /> root 3356 1 0 Jun10 ? 00:00:00 xinetd -stayalive -pidfile /var/run/xinetd.pid<br />
Which is exactly right, Samba Swat (the web interface for Samba) which you access at http://localhost:901 is configured using xinetd.
Now to investigate some ports I didn’t know were open.
