Nmap suggests the following ports are open: 25/tcp open smtp 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 631/tcp open ipp 901/tcp open samba-swat 2049/tcp open nfs
I run a desktop email client that uses smtp apart from that I do not know why rest of the above services are open. it even had SSH listening on 22, changed the port # and also changed PermitRootLogin to no in /etc/ssh/sshd_config after looking at the following output: also installed gufw and set it to deny as default. root@computer:/home/user# grep -ir "Failed password" /var/log/* /var/log/auth.log.1:Aug 14 13:50:37 computer sshd[3553]: Failed password for root from 60.242.242.121 port 56631 ssh2 /var/log/auth.log.1:Aug 15 22:13:10 computer sshd[5129]: Failed password for invalid user admin from 190.24.225.223 port 22792 ssh2 root@computer:/home/user# grep -ir BREAK-IN /var/log/* /var/log/auth.log.1:Aug 15 22:13:08 computer sshd[5129]: reverse mapping checking getaddrinfo for corporat190-24225223.sta.etb.net.co[190.24.225.223] failed - POSSIBLE BREAK-IN ATTEMPT! how can I find out if this system has been compromised? what are the steps I need to take to secure it? -- Kind regards, Yudi
