1

I've just installed new ubuntu server and issue netstat -nlpcommand and get the following result:

Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ACC ]     STREAM     LISTENING     8767     883/acpid           /var/run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     6935     1/init              @/com/ubuntu/upstart
unix  2      [ ACC ]     STREAM     LISTENING     7281     377/dbus-daemon     /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     SEQPACKET  LISTENING     7149     315/udevd           /run/udev/control

Should I closed these ports to fix server vulnerability?

Erik
  • 203
  • 2
  • 5
  • 14

1 Answers1

5

The above are local sockets that can accessed by processes running on your system. Which is further restricted by the permissions on the socket.

If the applications listening on those sockets were buggy, they could almost certainly be abused. But on the other hand almost every example you have above is for inter-process communication and you simply cannot close them and still have your system operate normally. Those are all core services required for the normal operation of your system.

A quick google of upstart, udev, and acpid will lead you to information about those services.

For the most part all you have to do for those is leave them at the default security settings, and apply any security updates to your system when they are released for those applications.

Zoredache
  • 130,897
  • 41
  • 276
  • 420