Best practice - should we turn off any of these ports?

PhilG · Post by **PhilG** » Thu Nov 20, 2014 1:54 pm

Hello:
I had my security guy check to see if we are applying good security practices and had him run a scan against our Nagios XI monitoring server.
He identified the following:
"
For the most part things look good. There are a few open ports that I would question both why they are open and what is using them.
Those ports are:
5666
8400
8402
9998
There are more ports open of course, but they are easily identified (ssh, apache, ntp, etc..)
"
I am noting that it's obvious that we would need to allow for port 5666 for NRPE checks, but what would you suggest to keep and/or close - I'm thinking at least 9998 should be?
Thank you.

Post by **lmiltchev** » Thu Nov 20, 2014 3:46 pm

Yes, tcp port 5666 is for NRPE checks,(usually it's open on the client box that you are monitoring via NRPE). I am not sure about the rest of the ports, but you can probably run nmap against these ports and try to identify what they are used for...

Code: Select all

nmap localhost -p <port number>

for udp ports

Code: Select all

nmap -sU localhost -p <port number>

PhilG · Post by **PhilG** » Thu Nov 20, 2014 5:19 pm

You may freeze this post.

cmerchant · Post by **cmerchant** » Thu Nov 20, 2014 5:29 pm

We'll go ahead and close this thread. Thanks.

Nagios Support Forum

Best practice - should we turn off any of these ports?

Best practice - should we turn off any of these ports?

Re: Best practice - should we turn off any of these ports?

Re: Best practice - should we turn off any of these ports?

Re: Best practice - should we turn off any of these ports?