|
View Full Version : Cobalt RaQ - necessary open ports?
onlysuccess 06-27-2001, 12:57 PM Hi All,
I hope I posted this is the right forum. :-)
I was just curious what ports might be open on an "out-of-the-box" Cobalt RaQ4i server. We recently got one of these from a ded. server provider and I've been put in charge of security. It has all of the latest and greatest patches installed, SSH (telnet disabled), and WebMin (to monitor sys logs, processes, etc. easily). Anon FTP is also disabled, but POP3 and IMAP are running. Also, we are NOT running any DNS on this box (but is disabling it from the GUI enough?). We do all of our DNS stuff with zoneedit.com, rather than on the box itself.
So, what ports can I expect to see open on the Cobalt RaQ4i and what ports/services actually NEED to be running? Also, how do I go about closing any usused or not needed open ports/services -- through WebMin perhaps??? Step-by-step would be nice as I'm really new to this server admin. stuff.
Thanks a million for your help!
Sincerely,
Chris Skidmore
Hy,
if you only do some basic webserving pop, smtp and imap you need the following ports (i hope im right) :
22 - SSH
25 - SMTP
(53 - DNS Hostname lookups ??)
80 - HTTP
110 - POP3
143 - IMAP
And then the port where webmin is installed. Usually simething round about 10000.
If you wish to be a little bit more secure then get ipchains, portsentry and logcheck. They will make your system a little bit more secure and will mail you if there are any security problems.
Ok in detail :
1. IPCHains is a packet filter, which is good to work with if you use portsentry.
2. Portsentry is a tool which detects portscans and then start a command to stop the portscan. One way is to block the IP of the scanner via IPChains
3. Logcheck is a tool which goes through your logfiles and mail you every not good thing. Everything which went bad into the logfiles. Like portscans, sendmail problems, wrong logins by users....
I don't have the URL's of this tools here but if you make a search in google.com you should find them.
Greetings
Oliver
Tim Greer 06-28-2001, 05:11 AM Don't forget port 443 (or any other's if required for a service you run), of course, CJCS's post was a good suggestion and that will help secure it.
Personally, the only ports I have on my site's server, is:
21 - SecureFTP (SSLFTP)
22 - SSH
23 - Telnet (you don't have to use it, it's not insecure, it just lacks encryption). Telnet is a good idea to leave on, in case something goes haywire with SSH -- it does happen.
25 - SMTP port
53 - DNS (BIND/named)
80 - Web server port (usually)
110 - POP3 port
??? - Nonsecure (nonSSL) FTP port
443 - Web server SSL port.
Of course, the above poster mentioned most of these already. Also, you obviously said you don't need or care for some of these, such as DNS, etc.
Mike the newbie 06-28-2001, 06:53 AM Originally posted by Tim_Greer
...
23 - Telnet (you don't have to use it, it's not insecure, it just lacks encryption). Telnet is a good idea to leave on, in case something goes haywire with SSH -- it does happen.
I leave the telnet port unblocked, but I turn telnet off in the control panel, and use ssh. Telenet has no known problems, emphasis on known.
If ssh has a problem, I can turn telnet back on via the control panel and use it.
So far, knock on wood, ssh has been trouble free.
Port 81 for the cobalt admin interface!!!!!!!!!!!!!!
At least on my Raq, the cobalt control panel runs through port 81 when using SSL.
Tim Greer 06-28-2001, 08:05 AM Originally posted by Mike the newbie
I leave the telnet port unblocked, but I turn telnet off in the control panel, and use ssh. Telenet has no known problems, emphasis on known.
If ssh has a problem, I can turn telnet back on via the control panel and use it.
So far, knock on wood, ssh has been trouble free.
Yes, SSH is pretty stable.. but things can happen. I don't use a control panel, and if I did, I'd not allow root access directly anyway, although I suppose I could use sudo and have another user be able to turn on a service. True that it doesn't have any known problems (telnet), and that it surely has in the past, as have many, including SSH, but I have had SSH go nuts on a few systems over the years. I've had to rely on telnet a couple of times due to that... mainly I only enable it when I know I'll be testing something custom with SSH.. I do that sort of thing a lot. :-)
Hy,
yes it`s correct you need port 81, too if you want to use the cobalt admin interface. But IMHO you should search another tool, where you do not need to run apache as root to manage your server.
I think thats the biggest security hole you can produce on an webserver. But thats my private Opinion.
Greetings
O. Schlag
|