I did a new install with Centos 7 ( minimal from I believe they spun up for me). From a base install and did yum update then installed wget and perl and ran the virtualmin install script.
Everything went super. I usually run these in environments where I control the router so I pay little attention to the open ports after a fresh install of virtualmin.
Since this install is on a VPS and is completely open to the world, after doing nmap I found all these ports open.
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
110/tcp open pop3
113/tcp closed ident
143/tcp open imap
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
2000/tcp open cisco-sccp
2222/tcp open EtherNetIP-1
5060/tcp open sip
10000/tcp open snet-sensor-mgmt
20000/tcp open dnp
I’m curious to know why would some of these be open? specifically - SIP:5060, dnp:20000, EtherNetIP-1:2222, cisco-sccp:2000
I don’t recall setting up anything about telecommunications or want to have these services on the server.
My only focus is to have a web server and mail (httpd, PHP, Mysql, postfix / Dovecot)
I am new to firewalld so I will have to learn how to shutdown some of these ports open for no reason that I can explain.
If someone can comment about fail2ban with firewalld being a good idea I’d also appreciate it.
Thanks for any feedback.