[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

solaris ports closing command

Posted on 2009-05-13
17
Medium Priority
?
2,223 Views
Last Modified: 2013-12-27
in one of our Solaris servers, some ports are open.

what is the command to find which ports are open ?

i want to close some ports, what is the command to close the ports?
0
Comment
Question by:ramavenkatesa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
17 Comments
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 668 total points
ID: 24373252
Solaris does not have an internal Firewall such as the IPTables for Linux that comes built in. So the only way to close a port is to shutdown the application that listens to that port.

To see what ports are currently in listen state you'll need to issue this coomand:

netstat -an | more

The ports having the state of "listen" are the ports that are open.

Also you can do a portscan using nmap. nmap is a port-scanner and is available for Windows/ Linux/unix/Solaris and MAC. You can download it for any platform of you choose from here:

http://nmap.org/download.html

Cheers,
K.

0
 

Author Comment

by:ramavenkatesa
ID: 24373265
some ports are not being used by any application, but they are open. i need to close them. how shd i do?
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24373292
In fact no ports will b open unless a listener application listens to them. Will you please post your

netstat -an

output here?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:ramavenkatesa
ID: 24373362
i have attached the file
sample.txt
0
 

Author Comment

by:ramavenkatesa
ID: 24373436
netstat -an | grep LISTEN |grep -v UNIX --- > does this give me ports which are being listened?

say, the SA has opened a port for FTP : now that port needs to be closed.

0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24373473
What version of oslaris do you use? If IT is 10 you have lsof to see what application listens what ports. Bout these ports > 5000 are gnerally used for NFS.
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24373479
> netstat -an | grep LISTEN |grep -v UNIX

You don't need to exclude Unix like that netstart suports it:

netstat -anf inet | grep LISTEN

0
 

Author Comment

by:ramavenkatesa
ID: 24373486
i use solaris 10
0
 

Author Comment

by:ramavenkatesa
ID: 24373497
If IT is 10 you have lsof to see what application listens what ports.   -- what is lsof ?
0
 
LVL 30

Assisted Solution

by:Kerem ERSOY
Kerem ERSOY earned 668 total points
ID: 24373549
lsof will show you what file uses what ports
a comand like:

lsof -i4 -n

will show you what application listens what port in a format such as:

# lsof -i4 -n
COMMAND     PID    USER   FD   TYPE DEVICE SIZE NODE NAME
syslogd    3225    root    9u  IPv4   7035       UDP *:syslog
named      3259   named   20u  IPv4   7132       UDP 127.0.0.1:domain
named      3259   named   21u  IPv4   7133       TCP 127.0.0.1:domain (LISTEN)
named      3259   named   22u  IPv4   7134       UDP 192.168.1.4:domain
named      3259   named   23u  IPv4   7135       TCP 192.168.1.4:domain (LISTEN)
named      3259   named   24u  IPv4   7136       UDP 10.0.0.1:domain
named      3259   named   25u  IPv4   7137       TCP 10.0.0.1:domain (LISTEN)
named      3259   named   26u  IPv4   7138       UDP *:60420
named      3259   named   28u  IPv4   7140       TCP 127.0.0.1:rndc (LISTEN)
named      3259   named   30u  IPv4 983724       UDP *:32328
named      3259   named   32u  IPv4 983728       UDP *:18163
named      3259   named   33u  IPv4 983737       UDP *:8821
named      3259   named   50u  IPv4 983764       UDP *:27146

0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24373570
@ ramavenkatesa:

> say, the SA has opened a port for FTP : now that port needs to be closed.

What do you mean by that ?
0
 

Author Comment

by:ramavenkatesa
ID: 24373594
one month back, we could not do ftp : as the port was closed.

then we opened the port. now, i need to close the port

i am sorry if i am unable to tell u properly
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24373655
No problem. I had thought that you mind about nowing what appliction uses what port.

If all you want  to do is to disable the ftp use this command:

/usr/sbin/svcadm disable ftp
or
inetadm -d ftp

To re-enable use:
/usr/sbin/svcadm enable ftp
or
inetadm -e ftp
0
 

Author Comment

by:ramavenkatesa
ID: 24373682
also, there are some ports 4045 , 32783, 32789 , 6789  -- these are not being used by any application. they are open. How to close these ports?
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24373805
AS I told you first of all you need to determine what application opens them and stop the application that uses the ports. This is why I've suggested you use lsof. D1d you check if it is available on your sytem ? If not go here and download it:

http://www.sunfreeware.com/
0
 
LVL 9

Assisted Solution

by:svs
svs earned 332 total points
ID: 24420798
Just a note: Solaris 10 does have a built-in firewall -- it's called IPFilter.
0
 
LVL 13

Expert Comment

by:Rowley
ID: 24426872
if you dont want to install lsof you can download and run a handy script called pcp. Download and instructions here: http://www.unix.ms/pcp/
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question