Home >Operation and Maintenance >Linux Operation and Maintenance >How to set up a CentOS system to disable unnecessary network ports and services

How to set up a CentOS system to disable unnecessary network ports and services

PHPz
PHPzOriginal
2023-07-05 10:06:063089browse

How to set up the CentOS system to disable unnecessary network ports and services

1. Introduction
In the Linux system, network ports and services are key components for the computer to communicate with the outside world. However, not all network ports and services are necessary, and some may even present security risks. Therefore, it is very important for servers running CentOS systems to disable unnecessary network ports and services. This article will explain how to disable unnecessary network ports and services through simple settings.

2. Disable unnecessary ports

  1. Check the currently open ports
    First, we need to check the currently open ports of the system. Run the following command in the terminal:

    netstat -tuln | grep LISTEN

    This command will display all currently listening ports. Note that all ports can only be viewed with root privileges. Based on the output results, identify unnecessary ports.

  2. Disable unnecessary ports
    To disable unnecessary ports, we need to edit the system’s firewall configuration file. Run the following command in the terminal to edit the firewall configuration file:

    vi /etc/sysconfig/iptables

    In the file, there is one rule for each port that is allowed access. Find the rule corresponding to the port you want to disable, and add a # symbol before the line to make the line a comment. For example, to disable port 80, change the following rule:

    -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

    to:

    # -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

    Save and close the file.

  3. Restart the firewall
    After editing the firewall configuration file, we need to restart the firewall for the changes to take effect. Run the following command in the terminal:

    service iptables restart

    In this way, the disabled port will no longer be open to the outside world, thus improving the security of the server.

3. Disable unnecessary services
In addition to disabling unnecessary ports, we also need to disable unnecessary services. For CentOS systems, we can use the system's own service management tool to disable services.

  1. View currently running services
    First, we need to view the currently running services. Run the following command in the terminal:

    service --status-all

    This command will display all currently running services. Note that all services can only be viewed with root privileges. Based on the output results, identify unnecessary services.

  2. Disable unnecessary services
    To disable unnecessary services, we need to use the chkconfig command. Run the following command in the terminal to disable the service:

    chkconfig <service_name> off

    where 228f6100813b78cf4e67a226afdd5874 is the name of the service to be disabled. For example, to disable the Apache service, run the following command:

    chkconfig httpd off

    After running the above command, the service will no longer run automatically at system startup.

  3. Stop the currently running service
    If a service is currently running, we also need to stop it. Run the following command in the terminal to stop the service:

    service <service_name> stop

    where 228f6100813b78cf4e67a226afdd5874 is the name of the service you want to stop. For example, to stop the Apache service, run the following command:

    service httpd stop

    The service will stop running immediately.

4. Summary
By disabling unnecessary network ports and services, we can improve the security of the CentOS system and reduce potential security risks. When disabling a port, we need to edit the firewall configuration file and restart the firewall for the changes to take effect. When disabling a service, we need to use the chkconfig command to disable the service and stop the currently running service as needed. I hope the methods provided in this article can help you protect the security of your CentOS server.

The above is the detailed content of How to set up a CentOS system to disable unnecessary network ports and services. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn