Does my office/lab server need to be providing these services?

0 votes
1 answer
50 views
                          I'm trying to figure out what services my university Ubuntu 22.04 computer needs to provide to other machines.  I often ssh into this machine and other computers in my lab use it as an NFS server.  I can't think of any other services the machine needs to provide, however.  As a result, I'm trying to harden the computer by shutting down unnecessary services. Unfortunately given my knowledge of linux services and ports, I'm not sure which are necessary or not.

If I run $ netstat -A inet --listening

    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State
    tcp        0      0 0.0.0.0:37725           0.0.0.0:*               LISTEN
    tcp        0      0 localhost:domain        0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:sunrpc          0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:nfs             0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:8787            0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:42757           0.0.0.0:*               LISTEN
    tcp        0      0 localhost:51144         0.0.0.0:*               LISTEN
    tcp        0      0 localhost:17603         0.0.0.0:*               LISTEN
    tcp        0      0 localhost:17600         0.0.0.0:*               LISTEN
    tcp        0      0 localhost:12546         0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:56703           0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:56607           0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:db-lsp          0.0.0.0:*               LISTEN
    tcp        0      0 localhost:44911         0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:58017           0.0.0.0:*               LISTEN
    tcp        0      0 localhost:ipp           0.0.0.0:*               LISTEN
    tcp        0      0 localhost:32997         0.0.0.0:*               LISTEN
    udp        0      0 0.0.0.0:17500           0.0.0.0:*
    udp        0      0 0.0.0.0:53815           0.0.0.0:*
    udp        0      0 0.0.0.0:55047           0.0.0.0:*
    udp        0      0 0.0.0.0:57529           0.0.0.0:*
    udp        0      0 localhost:domain        0.0.0.0:*
    udp        0      0 0.0.0.0:sunrpc          0.0.0.0:*
    udp        0      0 localhost:864           0.0.0.0:*
    udp        0      0 0.0.0.0:33798           0.0.0.0:*
    udp        0      0 0.0.0.0:35842           0.0.0.0:*
    udp        0      0 0.0.0.0:36165           0.0.0.0:*
    udp        0      0 0.0.0.0:mdns            0.0.0.0:*
    udp        0      0 0.0.0.0:40000           0.0.0.0:*
    udp        0      0 0.0.0.0:43526           0.0.0.0:*


Because I was recently used to amplify a DNS attack, I've stopped the sunrpc service for the moment.  My understanding is that I need that service as part of NFS (but my understanding could easily be wrong).  

1) Based on my needs, which, if any of these services do I need to be providing to other machines.

2) Of those that I do need to provide, besides fail2ban for ssh connections, what steps do I need to take to harden my machine?

This may be an overly broad or naive set of questions, if so any insight will still be greatly appreciated.
                        
Asked by mikemtnbikes (241 rep)
Feb 22, 2024, 06:50 PM
Last activity: Feb 23, 2024, 08:02 AM
Does my office/lab server need to be providing these services?

Related Questions
