Here are a few useful one liners for Linux Security. View current packet filtering rules. (i.e. what can and can’t access your computer.
$ iptables -L
On older distros, iptables may not be in place. Try ipchains. A good reference and tools on iptables can be found at www.iptablesrocks.org.
Identity open ports on your installation using the Network exploration tool and security scanner.
$ nmap -p 1-65535 localhost
On my computer this returned
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2006-06-11 12:22 EST
Interesting ports on lamda.arabx (127.0.0.1):
(The 65525 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
631/tcp open ipp
901/tcp open samba-swat
8005/tcp open unknown
32769/tcp open unknown
34315/tcp open unknown
That’s a cause for a bit of concern. Will need to look into that more.
Looking into more detail, I know what runs samba-swat but let’s confirm.
$ fuser -n tcp 901
This provides a confirmation and the Process id of the process using this port. A more susync output would be.
$ ps -ef | grep `fuser -n tcp 901 | tail -1 | cut -d: -f2` | grep -v grep
This gives me.
root 3356 1 0 Jun10 ? 00:00:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
Which is exactly right, Samba Swat (the web interface for Samba) which you access at http://localhost:901 is configured using xinetd.
Now to investigate some ports I didn’t know were open.