Automating Regular Open Port Scans on Linux Servers

Maintaining the security of your Linux server is paramount, and regular open port scans play a crucial role in this process. Open ports can expose your server to malicious attacks, making it essential to monitor and manage them effectively. In this article, we will explore how to automate open port scans on Linux servers, using tools like nmap and scheduling them with cron.

Understanding Open Ports

An open port is a network port that is active and accepting incoming packets. While some open ports are necessary for legitimate services, others can potentially serve as entry points for unauthorized users. Regular scanning helps identify unnecessary open ports and keep your server secure.

Tools for Port Scanning

The most widely used tool for scanning open ports is nmap. It is a powerful utility that can be used to discover hosts and services on a computer network, thereby creating a "map" of the network.

Installing Nmap

To install nmap, use the package manager specific to your Linux distribution:

For Debian/Ubuntu:
bash
sudo apt update
sudo apt install nmap

For CentOS/Fedora:
bash
sudo yum install nmap

For Arch Linux:
bash
sudo pacman -S nmap

Creating a Basic Port Scan Script

Once nmap is installed, you can create a simple shell script to automate the scanning of open ports.

1. Create a new script file:
   bash
   nano port_scan.sh

2. Add the following content to the script:

   bash

   TARGET="localhost"

   OUTPUT_FILE="/var/log/nmap/portscan$(date +%F_%T).log"

   nmap -sS -p- $TARGET > $OUTPUT_FILE

   echo "Port scan completed for $TARGET on $(date)" >> $OUTPUT_FILE

3. Save the file and exit the editor.

4. Make your script executable:
   bash
   chmod +x port_scan.sh

Scheduling the Script with Cron

To ensure the script runs at regular intervals, we can use cron. The cron daemon allows you to schedule tasks to be executed automatically at specific intervals.

Editing the Crontab

1. Open the crontab configuration file:
   bash
   crontab -e

2. Add a new line to schedule the script. For example, to run the script every day at 2 AM, add:
   bash
   0 2 * /path/to/your/script/port_scan.sh

   This line breaks down as follows:

   • 0 – The minute when the script will run (0 minutes).
   • 2 – The hour when the script will run (2 AM).
   • * * * – Represents every day, every month, and every weekday.

3. Save the changes and exit.

Viewing the Results

Open the log file specified in the script output (e.g., /var/log/nmap/port_scan_YYYY-MM-DD_HH:MM:SS.log) to review the results of your port scans. You can monitor this log manually or set up alerts based on specific conditions if abnormalities are detected.

Advanced Features

While this setup serves basic needs, you can expand your scanning capabilities with selective scanning, include service enumeration, or integrate with monitoring solutions like Nagios or Zabbix. Additionally, consider using a tool like fail2ban to block IPs that appear suspicious based on the results of your port scans.

Conclusion

Automating regular open port scans on Linux servers helps in proactively identifying vulnerabilities and securing your infrastructure. By following the steps outlined in this article, you should be able to set up a basic scanning solution that runs automatically, allowing you to focus on other critical tasks while maintaining oversight of your server’s security.

Additional Resources

• Nmap Official Documentation
• CronHowto – Community Wiki

Implement these practices today to enhance your server’s security posture and ensure a safer environment for your applications and services. Happy scanning!