opensource

now browsing by tag

 
 

The release of Fedora Core 30

Fedora Core 30

Recently, I was asked this question on Twitter:

@telecon
How many ports open on a default install?

https://twitter.com/telecon/status/1123786543527809026

That was in response to a tweet about enjoying the install, and the first day of use of Fedora Core 30.

All things being said, this should be a relatively quick/easy test. I’ll start it off by installing a fresh install of Fedora Core 30 on my virtual-system (kvm).

After the install, I took the time, to create a new user, and reboot the system, then tests will begin.

Doing an nmap post install, and post user-creation:

$] <> nmap -p- 192.168.122.224 -Pn
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 12:45 MDT
Nmap scan report for 192.168.122.224
Host is up (0.00020s latency).
All 65535 scanned ports on 192.168.122.224 are closed (64512) or filtered (1023)

Nmap done: 1 IP address (1 host up) scanned in 14.14 seconds

Then, seen from the localhost:

[testuser@localhost-live ~]$ ss -tua
Netid           State            Recv-Q           Send-Q                       Local Address:Port                                  Peer Address:Port            
udp             UNCONN           0                0                                  0.0.0.0:bootpc                                     0.0.0.0:*               
udp             UNCONN           0                0                                  0.0.0.0:mdns                                       0.0.0.0:*               
udp             UNCONN           0                0                                127.0.0.1:323                                        0.0.0.0:*               
udp             UNCONN           0                0                                  0.0.0.0:49042                                      0.0.0.0:*               
udp             UNCONN           0                0                                     [::]:mdns                                          [::]:*               
udp             UNCONN           0                0                                    [::1]:323                                           [::]:*               
udp             UNCONN           0                0                                     [::]:37380                                         [::]:*               
tcp             LISTEN           0                128                                127.0.0.1:ipp                                        0.0.0.0:*               
tcp             LISTEN           0                128                              ]192.168.122.1:40588           
tcp             LISTEN           0                128                                   [::1]:ipp                                           [::]:*               
Fedora Core 30
Fedora Core 30

After that was completed, I logged into the system, once again, and enabled sshd.service

[testuser@localhost-live ~]$ sudo systemctl start sshd.service 

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for testuser: 
[testuser@localhost-live ~]$ sudo systemctl status sshd.service
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor prese>
   Active: active (running) since Thu 2019-05-02 13:18:50 MDT; 5s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 2609 (sshd)
    Tasks: 1 (limit: 2352)
   Memory: 1.9M
   CGroup: /system.slice/sshd.service
           └─2609 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-p>
[testuser@localhost-live ~]$ ss -tua
Netid           State            Recv-Q           Send-Q                       Local Address:Port                                  Peer Address:Port            
udp             UNCONN           0                0                                  0.0.0.0:bootpc                                     0.0.0.0:*               
udp             UNCONN           0                0                                  0.0.0.0:mdns                                       0.0.0.0:*               
udp             UNCONN           0                0                                127.0.0.1:323                                        0.0.0.0:*               
udp             UNCONN           0                0                                  0.0.0.0:49042                                      0.0.0.0:*               
udp             UNCONN           0                0                                     [::]:mdns                                          [::]:*               
udp             UNCONN           0                0                                    [::1]:323                                           [::]:*               
udp             UNCONN           0                0                                     [::]:37380                                         [::]:*               
tcp             LISTEN           0                128                                0.0.0.0:ssh                                        0.0.0.0:*               
tcp             LISTEN           0                5                                127.0.0.1:ipp                                        0.0.0.0:*               
tcp             LISTEN           0                128                              127.0.0.1:x11-ssh-offset                             0.0.0.0:*               
tcp             ESTAB            0                0                          192.168.122.224:ssh                                  192.168.122.1:40588           
tcp             LISTEN           0                128                                   [::]:ssh                                           [::]:*               
tcp             LISTEN           0                5                                    [::1]:ipp                                           [::]:*               
tcp             LISTEN           0                128                                  [::1]:x11-ssh-offset                                [::]:*    .

The default iptables load-out on Fedora 30:

[testuser@localhost-live ~]$ sudo iptables -nL
[sudo] password for testuser: 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
LIBVIRT_INP  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
LIBVIRT_FWX  all  --  0.0.0.0/0            0.0.0.0/0           
LIBVIRT_FWI  all  --  0.0.0.0/0            0.0.0.0/0           
LIBVIRT_FWO  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_direct  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_IN_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_IN_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_OUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_OUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
LIBVIRT_OUT  all  --  0.0.0.0/0            0.0.0.0/0           
OUTPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination         
FWDI_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
FWDI_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination         
FWDO_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
FWDO_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_direct (1 references)
target     prot opt source               destination         

Chain FWDI_FedoraWorkstation (2 references)
target     prot opt source               destination         
FWDI_FedoraWorkstation_log  all  --  0.0.0.0/0            0.0.0.0/0           
FWDI_FedoraWorkstation_deny  all  --  0.0.0.0/0            0.0.0.0/0           
FWDI_FedoraWorkstation_allow  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           

Chain FWDI_FedoraWorkstation_allow (1 references)
target     prot opt source               destination         

Chain FWDI_FedoraWorkstation_deny (1 references)
target     prot opt source               destination         

Chain FWDI_FedoraWorkstation_log (1 references)
target     prot opt source               destination         

Chain FWDO_FedoraWorkstation (2 references)
target     prot opt source               destination         
FWDO_FedoraWorkstation_log  all  --  0.0.0.0/0            0.0.0.0/0           
FWDO_FedoraWorkstation_deny  all  --  0.0.0.0/0            0.0.0.0/0           
FWDO_FedoraWorkstation_allow  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FWDO_FedoraWorkstation_allow (1 references)
target     prot opt source               destination         

Chain FWDO_FedoraWorkstation_deny (1 references)
target     prot opt source               destination         

Chain FWDO_FedoraWorkstation_log (1 references)
target     prot opt source               destination         

Chain INPUT_ZONES (1 references)
target     prot opt source               destination         
IN_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
IN_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain INPUT_direct (1 references)
target     prot opt source               destination         

Chain IN_FedoraWorkstation (2 references)
target     prot opt source               destination         
IN_FedoraWorkstation_log  all  --  0.0.0.0/0            0.0.0.0/0           
IN_FedoraWorkstation_deny  all  --  0.0.0.0/0            0.0.0.0/0           
IN_FedoraWorkstation_allow  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           

Chain IN_FedoraWorkstation_allow (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW,UNTRACKED
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:137 ctstate NEW,UNTRACKED
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:138 ctstate NEW,UNTRACKED
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251          udp dpt:5353 ctstate NEW,UNTRACKED
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpts:1025:65535 ctstate NEW,UNTRACKED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpts:1025:65535 ctstate NEW,UNTRACKED

Chain IN_FedoraWorkstation_deny (1 references)
target     prot opt source               destination         

Chain IN_FedoraWorkstation_log (1 references)
target     prot opt source               destination         

Chain LIBVIRT_FWI (1 references)
target     prot opt source               destination         

Chain LIBVIRT_FWO (1 references)
target     prot opt source               destination         

Chain LIBVIRT_FWX (1 references)
target     prot opt source               destination         

Chain LIBVIRT_INP (1 references)
target     prot opt source               destination         

Chain LIBVIRT_OUT (1 references)
target     prot opt source               destination         

Chain OUTPUT_direct (1 references)
target     prot opt source               destination      

. . . And finally, the last NMAP scan:

$] <> nmap -p- 192.168.122.224 -Pn
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 13:19 MDT
Nmap scan report for 192.168.122.224
Host is up (0.00020s latency).
Not shown: 64511 closed ports, 1023 filtered ports
PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 14.17 seconds

So, to conclude, the default, and @Basic install of Fedora 30, leaves no open ports.

Windows Incident Response

Source: Windows IR

IR
Here’s a really good…no, I take that back…a great blog post by Sean Mason on “IR muscle memory”.  Take the time to give it a read, it’ll be worth it, for no other reason than because it’s valuable advice.  Incident response cannot be something that you talk about once and never actually do; it needs to be part of muscle memory.  Can you detect an incident, and if so, how does your organization react?  Or, if you receive an external notification of a security incident, how does your organization respond?
Read more at Windows IR