Saturday, February 04, 2012

Check open ports on Ubuntu Linux


One may want to check open ports on Ubuntu to ensure that there are no services listening that shouldn't be. If we remember, a port is what an application will use to communicate with another application, provide a service, etc. To get an idea of what services are running on a system, we would need to check the open ports on the system.
It is easy for us to install a program which provides a service and then forget about it, so we may have our machine listening on a number of ports waiting for incoming connections. Attackers love when ports are open, as the applications listening on these ports are the easiest targets. In order to ensure that our Ubuntu Linux system (or any other system for that matter) is as secure as possible, we need to be aware of what ports are open and providing what services.
In the tutorial below, we will look at how to check open ports on Ubuntu or other versions of Linux.

Checking open ports on Ubuntu

To check which ports are open on our Ubuntu box, we can issue the command shown below. Note that this should also work for other flavours of Linux as long as they have netstat installed.
Run the following in a terminal:
netstat -anltp | grep "LISTEN"
The typical web server which runs FTP, SSH, and MySQL will have output like:
tcp     0   0 127.0.0.1:3306    0.0.0.0:*   LISTEN   21432/mysqld
tcp     0   0 0.0.0.0:80        0.0.0.0:*   LISTEN   4090/apache2
tcp     0   0 0.0.0.0:22        0.0.0.0:*   LISTEN   7213/sshd
tcp6    0   0 :::21             :::*        LISTEN   19023/proftpd
tcp6    0   0 :::22             :::*        LISTEN   7234/sshd
What the above command does is run the netstat utility with the appropriate flags, then pipes the output to grep which then extracts the lines which contain the word "LISTEN". What we have as the result of that, is a list of the ports that we have open and the names of the processes which are listening on those ports.

Which ports are open to the world

Note that a service may have a port open, but that port may be only listening on the current machine. That is, a port is open, but you will not be able to access it from over the network. This is useful for security as something like a web server should have port 80 open to the world, but the world need not know about (or be able to connect to) port 3306, the port which the MySQL server that powers the website is listening on.
Ideally, if you are running a web server, the only ports that you would want visible on the outside are HTTP port 80 and maybe SSH port 22 since you still need to be able to connect to the web server to run commands.
The ports which have services available to the localhost only, will have the IP address 127.0.0.1 in its local address field. In the example above, that would be:
tcp     0   0 127.0.0.1:3306    0.0.0.0:*   LISTEN   21432/mysqld
As we can see, MySQL is listening on port 3306 on an IP address of 127.0.0.1. This means that only programs on the same machine will be able to connect to the MySQL server.
That is it for this tutorial on checking open ports on Ubuntu Linux. We hope you enjoyed it. Check out the links below for other articles which you may like.

http://www.tutorialarena.com/blog/check-open-ports-on-ubuntu-linux.php

No comments:

Post a Comment

Git get all remote branches

git branch -r \ | grep -v '\->' \ | sed "s,\x1B\[[0-9;]*[a-zA-Z],,g" \ | while read remote; do \ git branc...