Measure the test taker's knowledge about port security in Linux.

Linux system security is guaranteed in many aspects. Here we mainly introduce the knowledge of Linux port security, which involves the setting of Linux ports. Here we summarize some things from the Internet, now let's share it with you. Here, we usually need to pay attention to the vulnerability fixing of the host, setting the firewall, closing the dangerous Service (port), and daily log analysis.

What is a port?

The ports of a host can be divided into listener ports and random advanced ports. the so-called listening port is what services are enabled by the host, so this service will enable a port in Linux to listen to client requests. for example, the FTP Server opens port 21, which is enabled until the FTP service is disabled. the so-called random access to the advanced port is Linux to request services to a host, the Linux host needs to enable a port for external connection, then what is the port number? Linux will randomly connect to an unused port with a port number greater than 1024.

Therefore, the data transfer between the server and Client is actually the transfer between the port and the port.

Total number of ports and reserved ports
 
The port number is composed of 1-65535, so there will be ports. generally, only the root user can enable Ports 1-. These ports are special ports used for retained to the system. for ports larger than 1024, in addition to random access to the system as a connection requirement, it can also be used for service listening.

If the program on Port 1-is intruded, it indicates that the attacker has the root permission because only root can enable the port on Port 1-. In this case, you must pay attention to host security.

In Linux, the reserved port and the corresponding service already have a table, that is, the/etc/services file. You can use netstat-n to display the connection status in numerical mode, use netatst-tl to display the name of the service currently being monitored. the/etc/services file is also an important basis for setting ports when some ports are started.

You need to understand the relationship between the so-called port and service for security: What really affects security is not the port, but the service that starts the port.

Therefore, the real danger is that some insecure services are not open ports. Basically, if there is no need, some unused ports will be closed and the service version will be updated continuously.

How to view ports

1. How many ports are currently enabled on the host?

2. What is the file corresponding to the service and port? /Etc/services

This section describes the most common commands used to view host ports:

Netstat: Check the port of your program on the local machine, no danger

Nmap: detects itself with special detection programs on the local machine and may violate the law.

Close or start a port

To enable or disable a port, you only need to enable or disable a service. therefore, after detecting the port, find the service corresponding to the port and turn it off.

How to enable the Service at startup

If you log on as a text user, the run-level of the text interface is 3, so you can log on to the/etc/rc. in d/rc3.d, you can find the Service Startup parameter, which is a file starting with S. if you do not want to start some services, delete the files corresponding to the services (Files starting with S.

In general, you do not need to manually delete files. Linux generally provides us with a program to complete:

Ntsysv

Setup

Is it necessary to disable all the default services in Linux? Because the system has many services that must be started, otherwise it becomes insecure.

The following lists some services that are completely unavailable but are required by the system. Do not close these services.
Atd: As mentioned in routine commands, make sure to start the scheduled task only once.
Cron: As mentioned in routine commands, the commands executed cyclically must be started.
Iptables: firewall. Start it anyway.
Keytables: Set the letter format on the keyboard, of course, you need to read, otherwise how to control
Network: network functions
Random: it is very important for the system to quickly save the system to the image file within the immediate time, because after the system is started, the system returns to the status before shutdown.
Syslog: it has been mentioned in the system log file. It is a very important file and must be started.
Xinetd: super deamon, a server processor, is one of the services that must be started.
Xfs: if you use the run-level GUI, this must be enabled

Close all open ports
 
After Linux is installed, it is necessary to close unnecessary programs or services. The most important thing is to close the open ports first and enable them when necessary. if you want to assume the server, you can enable these ports one by one.

1. Use ntsysv to set which services are started at startup

Generally, only atd, cron, iptables, keytables, network, random, syslog, xinetd, and xfs are selected)

2. Restart

Reboot

3. Check the number of ports currently enabled

Netstat-

All related knowledge about Linux port security is described here.

1. Linux security command 1)
2. Solve Linux garbled characters
3. This article introduces a Linux boot guide encryption method.
4. Introduction to Linux Log Files
5. Comprehensive Analysis of Linux clock