Posted January 19Jan 19 You are reading Part 21 of the 57-part series: Harden and Secure Linux Servers. [Level 3]This series covers progressive security measures, from fundamental hardening techniques to enterprise-grade defense strategies. Each article delves into a specific security practice, explaining its importance and providing step-by-step guidance for implementation.To explore more security best practices, visit the main guide for a full breakdown of all levels and recommendations.Each open port on a server represents a potential entry point for attackers. If unnecessary ports are left open, they can be scanned, exploited, or used for unauthorized access. By limiting open ports to only essential services, you reduce the attack surface and increase overall security.Check Open Ports on Your SystemUse the following commands to list all open ports and active services:✅ Using ss (Recommended for modern Linux systems):sudo ss -tuln✅ Using netstat (Older alternative):sudo netstat -tulnp✅ Using lsof to check which services are using ports:sudo lsof -i -P -n-tuln → Lists TCP/UDP ports in listening mode, without resolving names.Look for unexpected open ports that do not belong to required services.1. Disable and Stop Unnecessary Services✅ Identify running services:sudo systemctl list-units --type=service --state=running✅ Stop an unnecessary service immediately:sudo systemctl stop service_name✅ Disable a service to prevent it from starting at boot:sudo systemctl disable service_name(Example: If FTP (vsftpd) is running but not needed, disable it)sudo systemctl stop vsftpd sudo systemctl disable vsftpd2. Restrict Open Ports Using a Firewall (UFW or iptables)✅ Using UFW (Uncomplicated Firewall - Ubuntu/Debian)Allow only essential ports (SSH, HTTP, HTTPS):sudo ufw allow 22 sudo ufw allow 80 sudo ufw allow 443Deny all other connections by default:sudo ufw default deny incomingEnable the firewall:sudo ufw enableVerify firewall rules:sudo ufw status✅ Using iptables (For Advanced Users)Allow SSH, HTTP, and HTTPS only:sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT sudo iptables -A INPUT -j DROPSave iptables rules permanently:sudo iptables-save | sudo tee /etc/iptables.rules3. Monitor and Audit Open Ports Regularly✅ Run periodic port scans using nmap from another machine:sudo nmap -sS -p- server_ip(Scans all open ports on the server to detect unexpected services.)✅ Check listening services after updates or software installations:sudo ss -tuln✅ Review logs to identify unauthorized access attempts:sudo cat /var/log/auth.log | grep "Failed"Best Practices for Port Management🔹 Apply the Principle of Least Privilege (PoLP): Only expose essential ports.🔹 Use firewalls (UFW, iptables, or Firewalld) to enforce strict port rules.🔹 Monitor logs and perform regular security scans to detect unauthorized access.🔹 Use port knocking to further protect SSH access (see Port Knocking section).By limiting open ports and closing unnecessary services, you reduce security risks and protect your Linux server from potential intrusions.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.