我意识到一些奇怪的事情,或者说一些我无法理解的事情。我注意到我的日志中有人试图对 mysql 进行身份验证。我对我的服务器进行了 nmap T4 操作,可以看到 mysql 已打开。Firewalld 读取显示这些东西默认不打开,我自己也没有打开它。
nmap T4
PORT STATE SERVICE
17/tcp filtered qotd
19/tcp filtered chargen
22/tcp open ssh
25/tcp filtered smtp
70/tcp filtered gopher
80/tcp open http
82/tcp filtered xfer
139/tcp filtered netbios-ssn
143/tcp open imap
366/tcp filtered odmr
389/tcp filtered ldap
407/tcp filtered timbuktu
416/tcp filtered silverplatter
427/tcp filtered svrloc
443/tcp open https
445/tcp filtered microsoft-ds
465/tcp open smtps
512/tcp filtered exec
543/tcp filtered klogin
587/tcp open submission
631/tcp filtered ipp
648/tcp filtered rrp
668/tcp filtered mecomm
726/tcp filtered unknown
749/tcp filtered kerberos-adm
912/tcp filtered apex-mesh
3000/tcp open ppp
**3306/tcp open mysql**
5000/tcp open upnp
5222/tcp open xmpp-client
5280/tcp open xmpp-bosh
10000/tcp open snet-sensor-mgmt
20000/tcp open dnp
当我做firewall-cmd --list-all
[root@virtual ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client ftp http https imap imaps pop3 pop3s smtp smtps ssh
ports: 587/tcp 53/tcp 20/tcp 2222/tcp 10000-10100/tcp 20000/tcp 1025-65535/tcp 53/udp 5222/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="54.36.148.123" drop
rule family="ipv4" source address="54.36.148.0/22" drop
rule family="ipv4" source address="5.188.84.0/22" reject
rule family="ipv4" source address="217.171.146.0/23" reject
rule family="ipv4" source address="198.12.120.0/25" reject
rule family="ipv4" source address="185.143.172.0/22" reject
rule family="ipv4" source address="176.128.0.0/11" reject
[root@virtual ~]#
firewall-cmd --get-active-zones
(我认为我实际上不必这样做,因为firewall-cmd --list-all
应该向我展示所有活动的,对吧?)
public
interfaces: eth0
有人知道为什么 mysql 会这样完全开放吗?我安装的包或应用程序是否打开了此功能?它为什么没有列在我的活跃公众中?
我有点担心要使用什么命令才能将其关闭为公共。我在所有应用程序上使用 localhost,但我不想将其共享为公共。通常我会这样做:
firewall-cmd --zone=public --remove-service=mysql --permanent
但由于它不在公共场所,所以这不起作用,我应该这样做:
firewall-cmd --remove-port=3306/tcp
这应该会选择默认区域并关闭端口,但我担心它会关闭 localhost
任何人若发现此处有其他错误,请随时发表评论。
谢谢
我的环境 Centos7 带有 Virtualmin
答案1
您的防火墙处于“打开”状态,因为有人决定允许几乎所有端口。请注意,允许的端口包括:
1025-65535/tcp
您应该删除它,并将其替换为您所需的该范围内的任何端口实际上需要向世界开放。(看起来有些已经指定了,但你应该仔细检查你真正需要什么。)
firewall-cmd --add-port=<number>/<protocol> # repeat as necessary
firewall-cmd --remove-port=1025-65535/tcp # add first, then remove this, to
# prevent service interruption
firewall-cmd --runtime-to-permanent # after verifying everything works