Sign in Subscribe
Linux

Linux Up Skill - Day 9

David Buhlman

2 min read
Linux Up Skill - Day 9
Photo by Sigmund / Unsplash

Lesson nine of the Linux Up Skill Challenge “Diving into networking.” This will be interesting, let’s see how rusty my networking skills are these days. There’s no list of tasks today so we’ll just go through the lesson as it works through things.

The lesson expects ports 22 and 80 to be open to the world at this point since we have SSH and Apache running. I’m on board so far. A couple of tools to use. The first is ss which has replaced netstat. Good to know I would have jumped right to netstat. The second is nmap which I am familiar with but from a GUI and not command line. So there is some learning to happen here. First thing they have us do is runss -ltpn. This produces:

david@linux-up-skill:~$ ss -ltpn State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 511 *:80 *:* LISTEN 0 128 [::]:22 [::]:*

Next we are going to install nmap. sudo apt install nmap. Done! Now to run nmap:

david@linux-up-skill:~$ nmap localhost Starting Nmap 7.80 ( https://nmap.org ) at 2022-06-20 15:27 EDT Nmap scan report for localhost (127.0.0.1) Host is up (0.000088s latency). Not shown: 998 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds

Exactly what I would expect to see from nmap here. Moving into firewalls. It starts by talking about iptables and then moves into the newer nftables. The remainder of the lesson looks like it will be using ufw instead. First it has me check sudo iptables -L which produces the expected result of having no firewalling currently. Now we install ufw with sudo apt install ufw. But as I thought ufw is showing already installed. I was pretty sure it is installed by default with Ubuntu now. Perhaps it is not on the cloud images?

Now we allow SSH but disallow HTTP. sudo ufw allow ssh and sudo ufw deny http. Then we enable the firewall with sudo ufw enable. Then we check things again with sudo iptables -L. Now I get a large output as expected. Now the lesson wants us to allow HTTP so we run sudo ufw allow http and then sudo ufw enable. Easy enough.