Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Best practice - should we turn off any of these ports?

https://support.nagios.com/forum/viewtopic.php?t=30207

Page 1 of 1

Best practice - should we turn off any of these ports?

Posted: Thu Nov 20, 2014 1:54 pm
by PhilG
Hello:
I had my security guy check to see if we are applying good security practices and had him run a scan against our Nagios XI monitoring server.
He identified the following:
"
For the most part things look good. There are a few open ports that I would question both why they are open and what is using them.
Those ports are:
5666
8400
8402
9998
There are more ports open of course, but they are easily identified (ssh, apache, ntp, etc..)
"
I am noting that it's obvious that we would need to allow for port 5666 for NRPE checks, but what would you suggest to keep and/or close - I'm thinking at least 9998 should be?
Thank you.

Re: Best practice - should we turn off any of these ports?

Posted: Thu Nov 20, 2014 3:46 pm
by lmiltchev
Yes, tcp port 5666 is for NRPE checks,(usually it's open on the client box that you are monitoring via NRPE). I am not sure about the rest of the ports, but you can probably run nmap against these ports and try to identify what they are used for...

Code: Select all

nmap localhost -p <port number>
for udp ports

Code: Select all

nmap -sU localhost -p <port number>

Re: Best practice - should we turn off any of these ports?

Posted: Thu Nov 20, 2014 5:19 pm
by PhilG
You may freeze this post.

Re: Best practice - should we turn off any of these ports?

Posted: Thu Nov 20, 2014 5:29 pm
by cmerchant
We'll go ahead and close this thread. Thanks.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited