The release of Fedora Core 30
Recently, I was asked this question on Twitter:
@telecon
https://twitter.com/telecon/status/1123786543527809026
How many ports open on a default install?
That was in response to a tweet about enjoying the install, and the first day of use of Fedora Core 30.
All things being said, this should be a relatively quick/easy test. I’ll start it off by installing a fresh install of Fedora Core 30 on my virtual-system (kvm).
After the install, I took the time, to create a new user, and reboot the system, then tests will begin.
Doing an nmap post install, and post user-creation:
$] <> nmap -p- 192.168.122.224 -Pn
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 12:45 MDT
Nmap scan report for 192.168.122.224
Host is up (0.00020s latency).
All 65535 scanned ports on 192.168.122.224 are closed (64512) or filtered (1023)
Nmap done: 1 IP address (1 host up) scanned in 14.14 seconds
Then, seen from the localhost:
[testuser@localhost-live ~]$ ss -tua
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 0.0.0.0:bootpc 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0:mdns 0.0.0.0:*
udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0:49042 0.0.0.0:*
udp UNCONN 0 0 [::]:mdns [::]:*
udp UNCONN 0 0 [::1]:323 [::]:*
udp UNCONN 0 0 [::]:37380 [::]:*
tcp LISTEN 0 128 127.0.0.1:ipp 0.0.0.0:*
tcp LISTEN 0 128 ]192.168.122.1:40588
tcp LISTEN 0 128 [::1]:ipp [::]:* 
After that was completed, I logged into the system, once again, and enabled sshd.service
[testuser@localhost-live ~]$ sudo systemctl start sshd.service
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for testuser:
[testuser@localhost-live ~]$ sudo systemctl status sshd.service
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor prese>
Active: active (running) since Thu 2019-05-02 13:18:50 MDT; 5s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 2609 (sshd)
Tasks: 1 (limit: 2352)
Memory: 1.9M
CGroup: /system.slice/sshd.service
└─2609 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-p>[testuser@localhost-live ~]$ ss -tua
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 0.0.0.0:bootpc 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0:mdns 0.0.0.0:*
udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0:49042 0.0.0.0:*
udp UNCONN 0 0 [::]:mdns [::]:*
udp UNCONN 0 0 [::1]:323 [::]:*
udp UNCONN 0 0 [::]:37380 [::]:*
tcp LISTEN 0 128 0.0.0.0:ssh 0.0.0.0:*
tcp LISTEN 0 5 127.0.0.1:ipp 0.0.0.0:*
tcp LISTEN 0 128 127.0.0.1:x11-ssh-offset 0.0.0.0:*
tcp ESTAB 0 0 192.168.122.224:ssh 192.168.122.1:40588
tcp LISTEN 0 128 [::]:ssh [::]:*
tcp LISTEN 0 5 [::1]:ipp [::]:*
tcp LISTEN 0 128 [::1]:x11-ssh-offset [::]:* .The default iptables load-out on Fedora 30:
[testuser@localhost-live ~]$ sudo iptables -nL
[sudo] password for testuser:
Chain INPUT (policy ACCEPT)
target prot opt source destination
LIBVIRT_INP all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0
INPUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
LIBVIRT_FWX all -- 0.0.0.0/0 0.0.0.0/0
LIBVIRT_FWI all -- 0.0.0.0/0 0.0.0.0/0
LIBVIRT_FWO all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0
FORWARD_IN_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
FORWARD_IN_ZONES all -- 0.0.0.0/0 0.0.0.0/0
FORWARD_OUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
FORWARD_OUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
LIBVIRT_OUT all -- 0.0.0.0/0 0.0.0.0/0
OUTPUT_direct all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
FWDI_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
FWDO_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_FedoraWorkstation (2 references)
target prot opt source destination
FWDI_FedoraWorkstation_log all -- 0.0.0.0/0 0.0.0.0/0
FWDI_FedoraWorkstation_deny all -- 0.0.0.0/0 0.0.0.0/0
FWDI_FedoraWorkstation_allow all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
Chain FWDI_FedoraWorkstation_allow (1 references)
target prot opt source destination
Chain FWDI_FedoraWorkstation_deny (1 references)
target prot opt source destination
Chain FWDI_FedoraWorkstation_log (1 references)
target prot opt source destination
Chain FWDO_FedoraWorkstation (2 references)
target prot opt source destination
FWDO_FedoraWorkstation_log all -- 0.0.0.0/0 0.0.0.0/0
FWDO_FedoraWorkstation_deny all -- 0.0.0.0/0 0.0.0.0/0
FWDO_FedoraWorkstation_allow all -- 0.0.0.0/0 0.0.0.0/0
Chain FWDO_FedoraWorkstation_allow (1 references)
target prot opt source destination
Chain FWDO_FedoraWorkstation_deny (1 references)
target prot opt source destination
Chain FWDO_FedoraWorkstation_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
IN_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_FedoraWorkstation (2 references)
target prot opt source destination
IN_FedoraWorkstation_log all -- 0.0.0.0/0 0.0.0.0/0
IN_FedoraWorkstation_deny all -- 0.0.0.0/0 0.0.0.0/0
IN_FedoraWorkstation_allow all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
Chain IN_FedoraWorkstation_allow (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW,UNTRACKED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW,UNTRACKED
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1025:65535 ctstate NEW,UNTRACKED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1025:65535 ctstate NEW,UNTRACKED
Chain IN_FedoraWorkstation_deny (1 references)
target prot opt source destination
Chain IN_FedoraWorkstation_log (1 references)
target prot opt source destination
Chain LIBVIRT_FWI (1 references)
target prot opt source destination
Chain LIBVIRT_FWO (1 references)
target prot opt source destination
Chain LIBVIRT_FWX (1 references)
target prot opt source destination
Chain LIBVIRT_INP (1 references)
target prot opt source destination
Chain LIBVIRT_OUT (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination . . . And finally, the last NMAP scan:
$] <> nmap -p- 192.168.122.224 -Pn
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 13:19 MDT
Nmap scan report for 192.168.122.224
Host is up (0.00020s latency).
Not shown: 64511 closed ports, 1023 filtered ports
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 1 IP address (1 host up) scanned in 14.17 secondsSo, to conclude, the default, and @Basic install of Fedora 30, leaves no open ports.
D5 Creation