System Package Manager for Linux
Start the KDE Desktop in Linux
The Task at Hand
In my college course "Introduction To Linux Administration", we were presented with the task of answering five questions related to packages on a Linux server, network monitoring, and port scanning of common ports.
KPackage – Package Manage
What Packages Are On My Server?
The first question was "How do we find out what packages are installed on our Linux server?
It seems that most students were listing the command prompt dpkg –l | less to get a list of packages installed on the server. I personally prefer the “visual” method of doing things, so I chose to figure it out using the GUI (Graphic User Interface) using the KDE Desktop environment. So here’s what I did…
Once logged into the KDE environment, I selected System, and then KPackage – Package Manager as shown below. Then the Package Manager shows all of the packages that are installed on my server. This is very similar to the concept of the Control Panel’s Add/Remove feature in Microsoft Windows 95 through Windows 7.
What to Get Rid Of:
As one who prefers the convenience of a GUI, I personally enjoy having access to all of the fun and nifty “toys” that are included in a GUI like the KDE. However, in a server situation, the purpose of the server is not to have fun, but to serve up whatever it is that the server is intended to serve up. Be that files, applications, web pages, email, or what have you, the idea is that the only thing the server should be running is what it absolutely needs to do its job as a server. This means that all Games, Extra Editors, Graphic design products, Sound and Video programs, etc. would have to go; especially the games.
The netStat Command:
What is the netStart command, and what are some of the parameters you can use with the netStart command?
The netstat program is a network activity management system. It allows you to manage, track and report on how the network is interacting with your system through the ports that carry data in and out of your server. It is currently installed on our VM and could easily be installed or updated using “Sudo apt-get install netstat.exe”.
Some of the common parameters you can use with netstat are…
- -a Show ALL ports
- -t Show ports listening/connected to TCP
- -u Show ports listening/connected to UDP
- -r To display the routing table
…and many more.
The nMap Command:
Nmap is a utility that is not installed on our VM, and is used by both administrators and hackers to scan the ports of a host computer to see what vulnerabilities there might be. As I described in an older post, a port can have one of three different states when a scanner or other program comes poking around. If the port is OPEN, then a hacker is inevitably going to walk right in. If the port is CLOSED, the hacker might walk away, but may also try to break the door down to see what he/she can get to. However, if the port is STEALTH, then it’s as though the port doesn’t even exist, because it just ignores the request coming in, and refuses to send back any signal. This mode would most likely cause the intruder to move on to the next port (or host).
The powerful feature of nmap, is its ability to use multiple methods of scanning in order to circumvent a firewall thereby gaining access to the system by connecting to its ports, and subsequently, its listening applications.
Although in this class we don’t have any need for such a utility, if you wanted to install it, you would use the command… sudo apt-get install nmap.
Some Standard Ports
There are about 65,535 internet ports on a computer. That’s a lot of potential doors and windows that an intruder can use to get at your stuff. However, the first 1,023 ports are of certain concern because those are the common ports used most for applications that listen for connection requests in order to make use of network services. Here are a few of the most common ports…
- 21 FTP – File Transfer Protocol
- 23 Telnet Services
- 25 SMTP – Outgoing Email
- 80 HTTP – Hypertext Transfer Protocol for the World Wide Web
- 110 POP3 – Incoming Email
- 113 IDENT – Identification Protocol used for Authentication Services
- 139 NetBIOS – for file sharing activities
- 443 HTTPS – Hypertext Transfer Protocol over the (SSL) Secure Socket Layer
The reason these “common” ports pose a threat is mainly because they are common. They are so well known (especially by hackers), and used by the most common applications that we all use, that they become tasty morsels for a hacker to nibble at.