查看系统中开放的端口,关闭不需要的端口和程序,如下例中操作流程: 1. 查看对外开启的端口: [root@mail ~]# nmap 127.0.0.1 #注:此处应该换作公网ip Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2010-04-20 11:06 CST Interesting ports on 127.0.0.1 Not shown: 1668 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 1010/tcp open unknown 2. 对不明端口进行查访 [root@mail ~]# netstat -anlp | grep 1010 tcp 0 0 0.0.0.0:1010 0.0.0.0:* LISTEN 3796/rpc.statd # #[root@mail ~]# lsof -p 3796 # # [root@mail init.d]# which rpc.statd /sbin/rpc.statd [root@mail ~]# rpm -qf /sbin/rpc.statd nfs-utils-1.0.9-40.el5 [root@mail init.d]# ll /etc/init.d/nfs* -rwxr-xr-x 1 root root 4668 Jan 21 2009 /etc/init.d/nfs -rwxr-xr-x 1 root root 3465 Jan 21 2009 /etc/init.d/nfslock [root@mail init.d]# service nfs status rpc.mountd is stopped nfsd is stopped rpc.rquotad is stopped [root@mail ~]# /etc/init.d/nfslock status rpc.statd (pid 3796) is running... 3. 关闭不相干的应用 [root@mail init.d]# service nfslock Usage: /etc/init.d/nfslock {start|stop|status|restart|probe|condrestart} [root@mail init.d]# service nfslock stop Stopping NFS statd: [ OK ] 4. 关闭不相干的服务 [root@mail init.d]# chkconfig --level 345 nfslock off 5. 基本安装centos,这些服务一般使用不到: chkconfig --level 2345 hplip off #涉及hpiod, hpssd, 与打印设备相关 chkconfig --level 2345 nfslock off #涉及到 nfs chkconfig --level 2345 avahi-daemon off #涉及到 zeroconf 协议的设备和服务 chkconfig --level 2345 cups off #涉及到打印 chkconfig --level 2345 portmap off #涉及到 nfs