One of the first things you should do after a fresh operating system install is see what services are running and remove any unneeded services from the system startup process. You could use a port scanner such as Nmap and run it against the host.
First steps of any hacker will do is to perform a reconnaissance on your system. Thus, you need to make sure you take a step faster than the hacker do.
Nmap can be fooled if the system is using firewall rules. With proper firewall rules, a service can be completely invisible to Nmap unless certain criteria (such as the source IP address) also match.
When you have shell access to the server itself, it is usually more efficient to find open ports using programs that were installed with the operating system. One option is netstat, a program that will display various network-related information and statistics.
To get a list of listening ports and their owning processes under Linux, run this command:
Open Port Audit Script
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1679/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:* 1766/dhclient
For most other Unix-like operating systems, you can use the lsof utility. lsof is short for “list open files” and, as the name implies, it allows you to list files that are open on a system, in addition to the processes and PIDs that have them open.
Since sockets and files work the same way under Unix, lsof can also be used to list open sockets. This is done with the -i command-line option.
To get a list of listening ports and the processes that own them using lsof, run this command:
UNIX> lsof -i -n | egrep 'COMMAND|LISTEN'
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
named 1127 named 20u IPv4 0xeb401dc0 0t0 TCP *:domain (LISTEN)
inetd 1133 root 4u IPv4 0xeb401ba0 0t0 TCP *:imap (LISTEN)
inetd 1133 root 5u IPv4 0xeb401980 0t0 TCP *:imaps (LISTEN)
sshd 1138 root 3u IPv4 0xeb401760 0t0 TCP *:ssh (LISTEN)
sendmail 1141 root 4u IPv4 0xeb41b7e0 0t0 TCP *:smtp (LISTEN)
sendmail 1141 root 5u IPv4 0xeb438fa0 0t0 TCP *:submission (LISTEN)
Next» Securing Network With Firewall (Packet Filtering)