Lesson 10

Date: 4/2/2014

Basics of Linux Security

Linux for Engineering and IT Applications

Port scanning

After unnecessary ports are closed and firewall implemented, the system should be scanned from a remote host with NMAP. To scan the TCP ports, for example on 192.168.5.38:

nmap -sT -O  192.168.5.38

The output may look like the following:

Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-04-05 20:56 EDT
Interesting ports on node18.linux.class (192.168.5.38):
(The 1653 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE
22/tcp    open  ssh
111/tcp   open  rpcbind
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
513/tcp   open  login
514/tcp   open  shell
919/tcp   open  unknown
953/tcp   open  rndc
2049/tcp  open  nfs
32772/tcp open  sometimes-rpc7
MAC Address: 00:10:5A:0A:B3:E8 (3com)
Device type: general purpose
Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.4.18 - 2.6.7
Uptime 8.143 days (since Mon Mar 28 16:30:58 2005)

To scan the UDP ports, for example on 192.168.5.38:

nmap -sU -v  192.168.5.38

Nessus is an extension of NMAP; it provides vulnerability details and security advises.

Exercise
Scan the TCP ports on smbhost from your desktop:

nmap -sT -O  192.168.122.42

Scan the UDP ports on smbhost from your desktop:

nmap -sU -v  192.168.122.42

Fundamentals of Linux security
How systems get compromised
Trojan script exercise
Stack overflow
Package upgrades and verification
Open Ports List exercise
Closing Ports
TCP Wrappers exercise
IP filtering firewalls (iptables)
Building iptables rules
Simple iptables script
NAT table
NAT script
Exercises with iptables
Port scanning exercises
GNU Privacy Guard
GPG exercises
Logs
System Integrity checks
GNUtar exercises
References
Take me to the Course Website