How to install and secure egroupware - Directory UMM
How to install and secure egroupware - Directory UMM
How to install and secure egroupware - Directory UMM
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Conclusion:<br />
Minimum necessary open ports (non-SSL): 22, 80, 443<br />
Maximum necessary open ports (including E-Mail server): 22, 25, 80, 110, 143, 443, 465, 993, 995<br />
Recommended minimum (SSL only, no E-Mail server): 22, 443<br />
Recommended maximum (SSL only, E-Mail server): 22, 25, 443, 993, 995<br />
6.1.1.2 The portscanner<br />
There are several <strong>to</strong>ols available that will allow you <strong>to</strong> check your <strong>install</strong>ation against open ports. One that is<br />
available under both *NIX <strong>and</strong> Windows Is Nmap, which can be found at: http://www.in<strong>secure</strong>.org/nmap.<br />
Install Nmap on your machine <strong>and</strong> check your server against open ports.<br />
6.1.1.3 Output from a portscanner<br />
Here is example output from a Nmap scan against a server. Nmap shows you the ports which are open <strong>to</strong><br />
connect <strong>to</strong> on this server.<br />
[root@server root]# nmap -sV yourserver.com Starting nmap 3.45 ( http://www.in<strong>secure</strong>.org/nmap/ ) at 2003-09-17 00:48 CEST<br />
Interesting ports on xxx.xxx.xx.xxx:<br />
(The 1651 ports scanned but not shown below are in state: closed)<br />
PORT STATE SERVICE VERSION<br />
22/tcp open ssh OpenSSH 3.1p1 (pro<strong>to</strong>col 2.0)<br />
80/tcp open http Apache httpd 1.3.27 ((Unix) (Red-Hat/Linux) mod_ssl/2.8.12<br />
OpenSSL/0.9.6b PHP/4.1.2 mod_perl/1.26)<br />
137/tcp filtered netbios-ns<br />
138/tcp filtered netbios-dgm<br />
139/tcp filtered netbios-ssn<br />
443/tcp open ssl OpenSSL<br />
Nmap run completed -- 1 IP address (1 host up) scanned in 23.000 seconds<br />
6.1.1.4 Disabling unneeded services/servers<br />
If Nmap found services running on your server that you do not need, s<strong>to</strong>p them. After you restart the service<br />
should not au<strong>to</strong>matically start again.<br />
On a Red Hat <strong>install</strong>ation you can use the following comm<strong>and</strong>s <strong>to</strong> s<strong>to</strong>p <strong>and</strong> disable a service:<br />
[root@server home]# service name_from_the_service s<strong>to</strong>p<br />
[root@server home]# chkconfig –level 345 name_from_the_service off<br />
On a Debian-based <strong>install</strong>ation you can use the following <strong>to</strong>ols:<br />
Reiner Jung Install <strong>and</strong> Secure eGroupWare Page 21 of 67