hi all

i ran nmap on my server i got the following output:


Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on (*.*.*.*):
(The 1530 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop-3
143/tcp open imap2
443/tcp open https
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql


Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds





my questions is do i really need to have all of them running? .. if not how to stop each one ..

another thing ..

my sites use mysql .. but i don't need it to be listening .. because i won't connect to it remotely .. how to stop that?

thanks

You probably need most of these running, but you could use a firewall to block access to 3306 if you do not allow access to mysql except via localhost.

If you do netstat -l and netstat -nl you can see which services are running and what ports they listen on.

A lot depends on

Is this box just for your own sites?
Are you a hosting provider and what services you provide.
Are you running Ensim, Plesk or Plain RH?


21/tcp open ftp
Needed if you are providing incoming ftp services.

22/tcp open ssh
Needed if you want to log into your server with ssh

25/tcp open smtp
Needed if you provide INCOMING email (not needed for outgoing)

53/tcp open domain
ONLY needed if you are running your own DNS servers. If you don't know what that means you DON'T need it.

80/tcp open http
Needed to provide web access to web sites (apache web server)

110/tcp open pop-3
Needed to provide email access to clients using pop3 protocol

143/tcp open imap2
Needed to provide email access to clients using imap protocol

443/tcp open https
Keep running if you are hosting websites via Apache

465/tcp open smtps
Support incoming email using SSL (encrypted communication)

993/tcp open imaps
Needed to provide email access to clients using imap protocol over SSL. Recommended over plain imap for security

995/tcp open pop3s
Needed to provide email access to clients using pop3 protocol over SSL. Recommended over plain pop3 for security

3306/tcp open mysql
Provides access to mysql databases. Should be FIREWALLED to the Internet in most cases or shutdown if not used.


UNLESS you are a hosting provider, most of these services should be shutdown or firewalled to the rest of the Internet.

If this server is ONLY for your own sites:

21/tcp open ftp
Shutdown and use SCP (File transfer over SSH) WinSCP recommended.

22/tcp open ssh
Keep running but firewall off to just your IP addresses

25/tcp open smtp
Should probably shutdown SENDMAIL and use your own ISP for incoming email.

53/tcp open domain
Shutdown unless you are running your own Nameservers.

80/tcp open http
Keep running if you are hosting websites.

110/tcp open pop-3
Shutdown. Forward local mail to your isp accounts or use POP3S

143/tcp open imap2
Shutdown. Forward local mail to your isp accounts or use IMAPS

443/tcp open https
Keep running if you are hosting web sites

465/tcp open smtps
Should probably shutdown SENDMAIL and use your own ISP for incoming email.

993/tcp open imaps
Shutdown. Forward local mail to your isp accounts or firewall for just your access.

995/tcp open pop3s
Shutdown. Forward local mail to your isp accounts or firewall for just your access.

3306/tcp open mysql
Shutdown or firewall off if you are running mysql sites


General rules with security for LISTENING services:

SHUTDOWN everything that you don't understand or don't know if you need (other than SSH).

THEN turn back on those things that you KNOW are REQUIRED to get things working.

FIREWALL off everything you can i.e. If only YOU need access than DON'T leave it open to the rest of the Internet.

MAKE SURE everything is patched and up to date. Subscribe to the Redhat Network.

Hope this helps.