Once you have secured your Linux box and implemented a good packet firewall, you need to TEST it to make sure you didn't miss anything. To do this, I recommend that you either port scan yourself from an unprivileged IP address or have a buddy do it for you.
The following instructions is on how to install Nmap and run it to check your host.
- Download the newest version of nmap from Section 5
- Uncompress it (tar xzvf nmap-*.tgz)
- cd into the new nmap directory and run "./configure"
- Nmap will now configure itself
- Now just run "make" and then "make install"
- That's it! Nmap is installed! Now, nmap supports over 10 different port scans and running each one takes a while. So, I recommend that you setup this little script to ease the pain:
scan-it
--
#!/bin/sh
echo -e "\nPort Scanning $1 - TCP connect\n"
./nmap -sT $1
echo -e "\nPort Scanning $1 - SYN\n"
./nmap -sS $1
echo -e "\nPort Scanning $1 - FIN\n"
./nmap -sF $1
echo -e "\nPort Scanning $1 - Xmas\n"
./nmap -sX $1
echo -e "\nPort Scanning $1 - Null\n"
./nmap -sN $1
echo -e "\nPort Scanning $1 - UDP\n"
./nmap -sU $1
echo -e "\nPort Scanning $1 - Ident\n"
./nmap -I $1
echo -e "\n\n\nNmap done.\n\n"
--
- Next, make it executable by running "chmod 700 scan-it"
- Finally, to run a scan, just type in:
scan-it <ip>
Where <ip> is the IP address you want to scan. Once you start the scan, it will take a while so just relax and wait a while.
NOTE: Be warned:
- Nmap 2.0x port scans will CRASH Cisco IOS 11.3/x / 12.0.x routers that have SYSLOG enabled.
- If you implemented a IPCHAINS/IPFWADM rule set that logs failed connections, your logs will get MASSIVE. Many of NMAP's port scans scan all 65,535 ports. Now:
65,535 ports * 7 = 458,745 lines in your SYSLOG files!