How to close port in linux

How to close ports in Linux?

it show that 23/tcp port is closed. Which of them is true? I want to close this port on my whole system, how can I do it?

they are both true. TCP ports aren’t associated with hosts. they are associated with network interfaces. the difference is subtle but important. interfaces are often the same as hosts, but not always. in this case (as stated in answers) localhost is accessing the lo (loopback) interface. the IP Address is accesing your real interface, probably eth0 or wlan0 or somesuch.

5 Answers 5

Nmap is a great port scanner, but sometimes you want something more authoritative. You can ask the kernel what processes have which ports open by using the netstat utility:

me@myhost:~$ sudo netstat -tlnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1004/dnsmasq tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 380/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 822/cupsd tcp6 0 0 . 22 . * LISTEN 380/sshd tcp6 0 0 ::1:631 . * LISTEN 822/cupsd

The options I have given are:

  • -t TCP only
  • -l Listening ports only
  • -n Don’t look up service and host names, just display numbers
  • -p Show process information (requires root privilege)

In this case, we can see that sshd is listening on any interface ( 0.0.0.0 ) port 22, and cupsd is listening on loopback ( 127.0.0.1 ) port 631. Your output may show that telnetd has a local address of 192.168.1.1:23 , meaning it will not answer to connections on the loopback adapter (e.g. you can’t telnet 127.0.0.1 ).

There are other tools that will show similar information (e.g. lsof or /proc ), but netstat is the most widely available. It even works on Windows ( netstat -anb ). BSD netstat is a little different: you’ll have to use sockstat(1) to get the process information instead.

Once you have the process ID and program name, you can go about finding the process and killing it if you wish to close the port. For finer-grained control, you can use a firewall (iptables on Linux) to limit access to only certain addresses. You may need to disable a service startup. If the PID is «-» on Linux, it’s probably a kernel process (this is common with NFS for instance), so good luck finding out what it is.

Note: I said «authoritative» because you’re not being hindered by network conditions and firewalls. If you trust your computer, that’s great. However, if you suspect that you’ve been hacked, you may not be able to trust the tools on your computer. Replacing standard utilities (and sometimes even system calls) with ones that hide certain processes or ports (a.k.a. rootkits) is a standard practice among attackers. Your best bet at this point is to make a forensic copy of your disk and restore from backup; then use the copy to determine the way they got in and close it off.

Читайте также:  Tp link 821n linux driver

Источник

How to Find and Close Open Ports in Linux

Network and Server administration is one of the key areas in which Linux is actually preferred to any other operating system. Hence most data center admins are well versed with the Linux command line.

There can be scenarios when certain ports on a server, which were required to be closed, are open and causing unexpected traffic on the server.

Today, we will learn how to find and close an open port in Linux.

Finding Open Ports in Linux

For finding the open ports, we will make use of the ss command, which is preinstalled in most common Linux distributions and it is now the replacement for the previously very popular netstat command.

Let’s run the ss command with the following syntax, to get all listening TCP sockets:

Here, the ‘t’ stands for TCP and the ‘l’ stands for Listening sockets.

Find Listening TCP Sockets

Similarly to get all listening UDP ports, run:

Find Listening UDP Sockets

Observe the output. In the ‘State‘ column for UDP, all the ports have state UNCONN, i.e., unconnected. Since we only need the ports which are actively listening, we pipe the output and filter it with the grep command.

We can also combine the TCP and UDP output together.

Find Listening Ports in Linux

Another addition that can be done here is: the argument ‘-n’ . In the output above, the command is resolving the name of the service associated with a port: Eg. HTTP, IPP, etc.

With the argument ‘-n’ it just shows the port number which is listening.

Find Open Ports in Linux

Closing Open Ports in Linux

The manual way to close an open port in Linux is quite tedious and programmatic. Hence, we will use the easier approach: to close the processes which are listening on the port.

We need to call ss with another argument, ‘-p’ to list the process which is using each port (run the command as a sudo user).

$ sudo ss -tulnp | grep LISTEN

Find Process with Port Number

As shown above, the last column lists the ‘users’, i.e., the processes which use the port number. Now you can close the port by terminating the process using it. For example, to close port 80, we have to stop the process ‘Apache2’.

$ sudo service apache2 stop OR $ sudo systemctl stop apache2

Close Open Ports in Linux

Thus, we have successfully closed port 80 and no process is listening on it any longer.

Conclusion

In this article, we learned how to find and close an open port in Linux. Many ports like 22 (SSH), 21 (Telnet), etc. should be kept closed at most times, as these are the ports from which cyber attacks can arise.

Читайте также:  Zero length file linux

Other ports should also be closed when the process of using them is no longer required. Thanks for reading and let us know your thoughts in the comments below!

Источник

How to Close open Ports manually in Ubuntu / Linux

When running any kind of server application like http or ftp server, or doing socket programming, it might so happen that a server program when recompiled/rerun fails to bind to a particular port number because that port number is already in use.

In such a case, you can either restart the system or close the port manually.

To close the port number manually first the process name/id has to be found out that is holding the port open and then use the kill command on that process.

Find pid with lsof — The lsof command can be used to find the pid and command name of the program or application that is currently using the port. Here is a quick example:

$ lsof -i :8888 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME java 8461 enlightened 11u IPv6 138527 0t0 UDP *:8888

In the above example it is seen that port 8888 is being held in use by the command java with pid 8461. Now kill the process by doing any of the following

$ kill 8461 or $ killall -9 8461 or $ killall -9 java

Find process/pid with netstat — The netstat command can also be used to find out which process is holding a certain port number

$ netstat -u -ap (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 *:18347 *:* - udp 0 0 localhost:11211 *:* - udp 0 0 localhost:36254 localhost:36254 ESTABLISHED - udp 0 0 localhost:domain *:* - udp 0 0 *:ipp *:* - udp 0 0 *:42038 *:* - udp 0 0 *:17500 *:* 4090/dropbox udp 0 0 *:mdns *:* - udp 0 0 localhost:58797 localhost:7777 ESTABLISHED 9831/ncat udp 0 0 localhost:42724 localhost:domain ESTABLISHED - udp6 0 0 [::]:46282 [::]:* - udp6 0 0 [::]:mdns [::]:* - udp6 0 0 [::]:9999 [::]:* 11598/java

The port we want to close here is 9999. And netstat shows that the pid is «11598» and command name is «java». Over here we used the -u for udp port. If its a tcp port then the «-u» switch is not needed.

To make the search process easier, simply pipe the output of netstat to grep and look for the exact port number

$ sudo netstat -ap | grep :9050 tcp 0 0 localhost:9050 *:* LISTEN 1613/tor

Once the process id/name is found end it with the kill command.

Find pid with fuser — This is yet another command to find the pid/process holding a certain port number. The sytanx is as follows:

fuser -k -n protocol portno
$ fuser -k -n udp 7777 7777/udp: 11774

Conclusion

The above examples show how to find specific process and its pid that are using a given port number. Once you know the port number you can just kill that process and free the port.

Читайте также:  Линукс зависает намертво что делать

Note that if the process was initially launched with root privileges then you would need root privileges to kill it as well.

A Tech Enthusiast, Blogger, Linux Fan and a Software Developer. Writes about Computer hardware, Linux and Open Source software and coding in Python, Php and Javascript. He can be reached at [email protected] .

Источник

How to Find Open Ports and Close Them in Linux

Troubleshooting networks? Here’s how to find the open ports and close those open ports in the Linux command line.

So you are dealing with a critical server where you have to maintain security at any cost. And closing ports to block unwanted traffic is the first step you’d take.

Find open ports in Linux

In this tutorial, I am going to use the ss command to find open ports.

You can use the -l option with the ss command to get listening ports. But to be more specific, I’m going with -lt to get listening TCP ports:

list listening tcp ports in linux

Similarly, if you want to have a list of both TCP and UDP in the listening state, you can use the given command:

list of both TCP and UDP ports in the listening state

And to get the listening port of each service, you can use -n and for more fine-tuned results, you can always use the grep command:

get listening port of currently running service

Enough of finding open ports, let’s jump to how you can close them.

Close open ports in Linux

To close the port, first, you will need to stop the service and to find the service name, you can use the same ss command with -p option:

sudo ss -tulnp | grep LISTEN

find open ports with service names attactched to it

As you can see, the NGINX is utilizing port number 80. So let’s stop it using the given command:

sudo systemctl stop nginx

As it will enable itself on every boot and you can alter this behavior using the given command:

sudo systemctl disable nginx

For better results, I would recommend changing firewall rules.

Here, I’m going to block port no 80 (used by NGINX) in UFW (which is pre-installed in Ubuntu).

First, let’s check the status of UFW:

check status of ufw

And if it shows inactive , you can use the given command to enable it:

Now, you just have to pair the deny option with the port number :

deny nginx server from ufw

close port no 80

Wrapping Up

This was my take on how you can find and close open ports in Linux. I hope you will find this helpful.

And if you have any queries, let me know in the comments.

Источник

Оцените статью
Adblock
detector