I'm new to linode and very happy thus far.
I've spent the last couple weeks observing/securing my server. I'm pretty new to all of this, so I can't say one way or another whether my server is secure. Each day I learn new things and apply what I can.
One tool I've used as a sanity check from the outside is nmap. I use it to see what ports are open for an observer from the outside.
I'm running Fedora Core 11.
When a user queries my server with the following command:
Code:
nmap -T4 -A -v www.<my-domain-name>.com
the following pertinent data is returned:
...
...
Discovered open port 80/tcp on xx.xx.xxx.xxx
Discovered open port 25/tcp on xx.xx.xxx.xxx
Discovered open port 993/tcp on xx.xx.xxx.xxx
Discovered open port 995/tcp on xx.xx.xxx.xxx
Discovered open port 465/tcp on xx.xx.xxx.xxx
Discovered open port 143/tcp on xx.xx.xxx.xxx
...
...
PORT STATE SERVICE VERSION
22/tcp closed ssh
25/tcp open smtp Exim smtpd 4.69
...
80/tcp open http Apache httpd 2.2.13
113/tcp closed auth
143/tcp open imap Cyrus IMAP4 2.3.16-Fedora-RPM-2.3.16-1.fc11
443/tcp closed https
465/tcp open ssl/smtp Exim smtpd 4.69
|_ SSLv2: server still supports SSLv2
993/tcp open ssl/imap Cyrus imapd
|_ SSLv2: server still supports SSLv2
995/tcp open ssl/pop3 Cyrus pop3sd
|_ SSLv2: server still supports SSLv2
...
I'd like not to broadcast what versions of Exim, Cyrus and Apache I'm using if possible. I would think this info only helps the hacker get in.
Thanks in advance for you help.
Lava
FAQ
Search
Members
Register
Login [ Anonymous ]
