Sometimes all you need to do is update contexts to match a legitimate change you've made to your system, but read the errors to make sure that SELinux isn't alerting you of suspicious or malicious activity. Pay close attention to SELinux errors.Be on the lookout for uncommon port numbers, and learn to recognize legitimate ports in use on your system.As a general rule, close the ports you're not actually using. Recognize commonly exploited ports and services.Once you've run the netstat command, you can take steps to secure your system by ensuring that only services that you actively use are listening on your network. Free online course: RHEL Technical Overview.Unix 3 STREAM CONNECTED 55196 1721/cupsd /var/run/cups/cups.sock Unix 2 STREAM LISTENING 27251 1/systemd /var/run/cups/cups.sock To display information about a specific service, filter with grep: $ sudo netstat -anlp | grep cups The short version of this common combination is -tulpn. Proto Recv-Q Send-Q Local Address Foreign Addr State PID/Program name For example, to show all listening TCP and UDP ports with process ID (PID) and numerical address: $ sudo netstat -tcp -udp -listening -programs -numericĪctive Internet connections (only servers) The options for netstat are often intuitive. To show only UDP ports, use the -all and -udp options, or -au for short: $ netstat -au | head -n 5 To show only TCP ports, use the -all and -tcp options, or -at for short: $ netstat -at | head -n 5 Proto Recv-Q Send-Q Local Address Foreign Address State This returns a lot of results, so in this example I pipe the output to head to display just the first 15 lines of output: $ netstat -all | head -n 15Īctive Internet connections (servers and established) For example, to show all listening and non-listening connections, use the -all ( -a for short) option. You can use the netstat options above to specify the intended output further. On its own, the netstat command displays all established connections. On a Debian-based system: $ sudo apt-get install net-toolsįor Fedora-based systems: $ dnf install net-tools Use netstat If netstat is not installed on your server, install it with your package manager. Netstat is frequently pre-installed on Linux distributions. Because services running on open ports are often vulnerable to exploitation, practicing regular network monitoring can help you detect suspicious activity early. Netstat and similar network monitoring tools, grouped together in the net-tools package, display information about active network connections. As a beginner, I've discovered that the netstat command provides important insight into my server, both for monitoring and network troubleshooting. However, I believe that understanding how your server connects to other networks and devices is key to establishing a baseline of what's normal for your server, which helps you recognize abnormalities that may suggest a bug or intrusion. There's very good software like Prometheus to help automate the process, and SELinux to help contextualize and protect system access. Service monitoring and port scanning are standard industry practices. I briefly mentioned monitoring network connections for listening ports, and I want to expand on this by using the netstat command for Linux systems. I shared some important first steps to help manage your personal Linux server in a previous article.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |