This discussion belongs in the user forum.
I am not sure about the security implications of allowing a local app to
access a database on the same machine.
I am not an expert on IPv6 but those are all localhost to localhost
connections.
Do they have a specific threat in mind?
The usual protection steps are:
1) Not to allow unknown programs to run on the server
2) protect 3306 from external access using the firewall/router
3) Protect SSH access to prevent outside users from accessing the server
or don`t run sshd
4) Use sensible passwords on database access.
5) Intrusion detection (fail2ban, logging)
Closing process to process communication within a server is hardly ever
considered as a security step.
I am not sure that there is any way in Linux to restrict which process
can access a port on localhost aside from connection control (passwords-
4 above) or any way to know what ports the client process will use to
connect to 3306.
I think that the higher numbered ports are dynamically allocated so
closing them will be like playing Wack-A-Mole (close one and the system
will find another one that works) but it could just cause the client to
hang depending on how the code handles a time-out on a connection - wait
forever, throw an exception or try another port.
It would seem that closing them would stop access to the database.
Try it and see but I am pretty sure that the results will be unsatisfactory.
It is hard to see the security issue and the steps above will provide a
high level of security
I hope that this helps.
Ron
On 12/02/2015 5:41 AM, Justin Robinson wrote:
I've been searching the mail archives for some clues as to the purpose of
these dynamically generated 5 digit open ports. Maybe I'm using the wrong
search terms but haven't been able to find a hint.
My client's client wants them closed for security purposes.
My client has been unable to find them in the code or documentation and I
gather they've spent some time looking.
Since it my client's OFbiz code base has been heavy modified, I just ran
OFbiz version 10.04.06 and I just get
tcp6 0 0 127.0.0.1:53161 :::* LISTEN
1000 21364148 11015/java
tcp6 0 0 127.0.0.1:34898 127.0.0.1:39096
ESTABLISHED 1000 22201512 13441/java
tcp6 0 0 127.0.0.1:39096 127.0.0.1:34898
ESTABLISHED 1000 22197002 11015/java
tcp6 0 0 127.0.0.1:58250 127.0.0.1:3306
ESTABLISHED 1000 22225165 13456/java
tcp6 0 0 127.0.0.1:58251 127.0.0.1:3306
ESTABLISHED 1000 22223602 13456/java
tcp6 0 0 127.0.0.1:58246 127.0.0.1:3306
ESTABLISHED 1000 22205538 13456/java
tcp6 0 0 127.0.0.1:58253 127.0.0.1:3306
ESTABLISHED 1000 22225166 13456/java
tcp6 0 0 127.0.0.1:58252 127.0.0.1:3306
ESTABLISHED 1000 22223603 13456/java
The list is similar in that most foreign addresses are the database server.
Does anyone know where I can find the code that opens them and more
importantly what effect closing them might have on OFbiz functionality?
--
Ron Wheeler
President
Artifact Software Inc
email: rwhee...@artifact-software.com
skype: ronaldmwheeler
phone: 866-970-2435, ext 102