How to disable FTP port (Debian)? - nginx

I am newbie in Debian. I have open FTP port (21) on Debian 6 (http server of the system is Nginx). How I can stop or disable the port via service or somehow yet? The command /etc/init.d/proftpd stop is not working, it shows in console bash: /etc/init.d/proftpd: No such file or directory because proftpd is absent.

Inputing this command netstat -tnlp, you can find which process is running on port 21.
Then you can some work by youself.

If you are to lazy to stop the service from running you can write an iptables rule
sbin/iptables -A INPUT -p tcp --destination-port {PORT-NUMBER-HERE} -j DROP

Start by checking if your port is listening
sudo ss -tulnp | grep LISTEN
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
tcp LISTEN 0 5 127.0.0.1:29754 0.0.0.0:* users:(("vpnagentd",pid=960,fd=4))
tcp LISTEN 0 128 0.0.0.0:17500 0.0.0.0:* users:(("dropbox",pid=3129583,fd=48))
tcp LISTEN 0 50 0.0.0.0:445 0.0.0.0:* users:(("smbd",pid=923696,fd=48))
tcp LISTEN 0 128 127.0.0.1:17600 0.0.0.0:* users:(("dropbox",pid=3129583,fd=67))
tcp LISTEN 0 128 127.0.0.1:17603 0.0.0.0:* users:(("dropbox",pid=3129583,fd=75))
tcp LISTEN 0 50 0.0.0.0:139 0.0.0.0:* users:(("smbd",pid=923696,fd=49))
tcp LISTEN 0 32 0.0.0.0:53 0.0.0.0:* users:(("dnsmasq",pid=1276,fd=7))
tcp LISTEN 0 32 0.0.0.0:21 0.0.0.0:* users:(("vsftpd",pid=1230,fd=3))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=43857,fd=3))
tcp LISTEN 0 128 127.0.0.1:631 0.0.0.0:* users:(("cupsd",pid=3138801,fd=7))
tcp LISTEN 0 128 [::]:17500 [::]:* users:(("dropbox",pid=3129583,fd=47))
tcp LISTEN 0 2 *:3389 *:* users:(("xrdp",pid=1306,fd=11))
tcp LISTEN 0 50 [::]:445 [::]:* users:(("smbd",pid=923696,fd=46))
tcp LISTEN 0 50 [::]:139 [::]:* users:(("smbd",pid=923696,fd=47))
tcp LISTEN 0 32 [::]:53 [::]:* users:(("dnsmasq",pid=1276,fd=9))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=43857,fd=4))
tcp LISTEN 0 2 [::1]:3350 [::]:* users:(("xrdp-sesman",pid=1295,fd=7))
tcp LISTEN 0 128 [::1]:631 [::]:* users:(("cupsd",pid=3138801,fd=6))
So, you see in port 21 you have service vsftpd listening.
You can check the status:
sudo service vsftpd status
● vsftpd.service - vsftpd FTP server
Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-07-19 09:42:45 EDT; 2 months 15 days ago
Main PID: 1230 (vsftpd)
Tasks: 1 (limit: 38363)
Memory: 972.0K
CPU: 7ms
CGroup: /system.slice/vsftpd.service
└─1230 /usr/sbin/vsftpd /etc/vsftpd.conf
Now, you can block the port with the firewall (for example you can use ufw), or stop the service
$ sudo service vsftpd stop
$ sudo service vsftpd status
● vsftpd.service - vsftpd FTP server
Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Mon 2022-10-03 10:55:50 EDT; 9s ago
Process: 1230 ExecStart=/usr/sbin/vsftpd /etc/vsftpd.conf (code=killed, signal=TERM)
Main PID: 1230 (code=killed, signal=TERM)
CPU: 7ms
Oct 03 10:55:50 Tuxy systemd[1]: Stopping vsftpd FTP server...
Oct 03 10:55:50 Tuxy systemd[1]: vsftpd.service: Succeeded.
Oct 03 10:55:50 Tuxy systemd[1]: Stopped vsftpd FTP server.
So, in summary. Install ufw. Unblock only ports you are going to use (ssh, etc). Start only the services you are going to use. (sudo service *** start/stop)
good luck

Related

Mosquitto: Starting in local only mode but can't fix

My Rpi4 running my home automation recently upgraded itself from mosquitto version 1.6.12 to 2.0.8 and as a consequence it was starting in local only mode.
Done some digging about but still can't get it all working again, mainly used this previous helpful question Mosquitto: Starting in local only mode but my devices still can't connect.
From my mosquiito log I see
1614386087: mosquitto version 2.0.8 starting
1614386087: Config loaded from /etc/mosquitto/mosquitto.conf.
1614386087: Opening ipv4 listen socket on port 1883.
1614386087: Opening ipv6 listen socket on port 1883.
1614386087: mosquitto version 2.0.8 running
The service shows this
:~$ sudo systemctl status mosquitto
* mosquitto.service - Mosquitto MQTT Broker
Loaded: loaded (/lib/systemd/system/mosquitto.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2021-02-27 00:34:47 GMT; 10h ago
Docs: man:mosquitto.conf(5)
man:mosquitto(8)
Process: 375 ExecStartPre=/bin/mkdir -m 740 -p /var/log/mosquitto (code=exited, status=0/SUCCESS)
Process: 398 ExecStartPre=/bin/chown mosquitto: /var/log/mosquitto (code=exited, status=0/SUCCESS)
Process: 404 ExecStartPre=/bin/mkdir -m 740 -p /var/run/mosquitto (code=exited, status=0/SUCCESS)
Process: 411 ExecStartPre=/bin/chown mosquitto: /var/run/mosquitto (code=exited, status=0/SUCCESS)
Main PID: 419 (mosquitto)
Memory: 1.5M
CGroup: /system.slice/mosquitto.service
`-419 /usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
Feb 27 00:34:47 Vero4K systemd[1]: Starting Mosquitto MQTT Broker...
Feb 27 00:34:47 Vero4K mosquitto[419]: 1614386087: Loading config file /etc/mosquitto/conf.d/calz.conf
Feb 27 00:34:47 Vero4K systemd[1]: Started Mosquitto MQTT Broker.
In my calz.conf file I have
listener 1883
allow_anonymous true
But my local version of Domoticz (runs on the same box) shows this in it's logs
Error: Plugin: Connection Exception: 'resolve: Host not found (authoritative)' connecting to '127.0.0.1:1883'
Error: (ShellyMQTT) Failed to connect to: 127.0.0.1:1883, Description: resolve: Host not found (authoritative)
And all my Tasmota devices now show
14:49:38 MQT: Attempting connection...
14:49:38 MQT: Connect failed to 192.168.1.19:1883, rc -2. Retry in 120 sec
I can see the port open as well
sudo netstat -tulpn | grep LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 361/vsftpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 729/sshd
tcp 0 0 0.0.0.0:37015 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:36666 0.0.0.0:* LISTEN 608/kodi.bin
tcp 0 0 0.0.0.0:36667 0.0.0.0:* LISTEN 608/kodi.bin
tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN 375/mosquitto
tcp 0 0 0.0.0.0:49472 0.0.0.0:* LISTEN 763/rpc.statd
tcp 0 0 0.0.0.0:9090 0.0.0.0:* LISTEN 608/kodi.bin
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/init
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 608/kodi.bin
tcp6 0 0 :::22 :::* LISTEN 729/sshd
tcp6 0 0 :::49079 :::* LISTEN 763/rpc.statd
tcp6 0 0 :::36666 :::* LISTEN 608/kodi.bin
tcp6 0 0 :::36667 :::* LISTEN 608/kodi.bin
tcp6 0 0 :::1883 :::* LISTEN 375/mosquitto
tcp6 0 0 :::49919 :::* LISTEN -
tcp6 0 0 :::9090 :::* LISTEN 608/kodi.bin
tcp6 0 0 :::111 :::* LISTEN 1/init
tcp6 0 0 :::8080 :::* LISTEN 608/kodi.bin
/etc/mosquitto/mosquitto.conf
# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
pid_file /var/run/mosquitto/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
Any ideas?
Your problem is not that Mosquitto is not listening, it's that your devices are trying to resolve a hostname of 127.0.0.1:1883
I suspect you have entered the host:port combination into fields that should
Only contain a hostname/IP address
You probably should NOT be entering 127.0.0.1 as this always points to the device it is entered on and you should be entering the IP address the broker is actually running on.
Think I sorted it in the end, bizarre combination of things...
Updating Mosquito required the listener port and anonymous part but for some reason my Raspberry Pi on reboot had switch across to an guest network and gained a new IP so nothing was ever going to get to it :(
I realised when the port was listening and couldn't get to it then the same for everything else like kodi, ssh etc. I happened to be on the console for it as it was more convenient at the time, If I had tried to SSH to it that would of failed too.

drive_auth() function not creating gargle-oauth token on password submission

R v3.6.2
RStudio Desktop v1.2.5033
R package 'googledrive' v1.0.0
I have written an R script that uploads csv files to a googlesheets account. In order to avoid having to automate this, I have used the drive_auth() function to refresh the OAuth token. Code is simply:
drive_auth(
email = "email#gmail.com",
path = NULL,
scopes = "https://www.googleapis.com/auth/drive",
cache = gargle::gargle_oauth_cache(),
use_oob = gargle::gargle_oob_default(),
token = NULL
)
drive_upload(file, overwrite=TRUE, type="spreadsheet")
On both a mac and a Windows OS machine, this then opens a default browser that asks for login details. When these are correctly entered, the script now has permissions to upload / edit files and googledrive functions subsequently work. It creates an authority token in the file path:
Home/Users/.R/garle/gargle-oauth
However, when attempting to do this on a new laptop that will be used as a server, I am met with the following error messages:
Error: can't get Google credentials.
Are you running googlesheets in a non-interactive session? Consider:
* sheets_deauth() to prevent the attempt to get credentials.
* call 'sheets_auth()' directly with all necessary specifics.
On inspection of the gargle-oauth folder, it has not created an OAuth token, as it did automatically with other machines on the entering of google login details.
I re-ran the programme on the other windows machine after deleting the OAuth token and it worked fine, creating the token again from scratch. I cannot pinpoint the reason why this token is not being created in this instance.
I've since solved this and I'm going to post an answer in case anyone is in a similar problem and comes across this post during a google search.
When initialising a connection with googledrive, the package uses the default port of 1410. It was unable to establish a connection with google because a zombie process was using this port.
To kill this process, open up the windows command prompt (or command line on a mac) as admin and enter the netstat command:
C:\Users>netstat -ano|findstr "PID :1410"
This will (if anything is running on this port) return:
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:1410.0.0.0:0 LISTENING 18264
That number at the bottom right is the process PID, enter that into the following command to kill the process:
taskkill /pid 18264 /f
When running any R googledrive functions, you should now be able to authorise your code to interact with your google account and it will create an OAuth token to save you having to go through this again.
I confirm that this problem also got me on Ubuntu. I resolved it by finding and killing the process on port 1410 (which was also listening on 40167):
me#me:/internal$ netstat -tulpn
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN 894/node
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:1410 0.0.0.0:* LISTEN 21011/R
tcp 0 0 127.0.0.1:40197 0.0.0.0:* LISTEN 21011/R
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::25 :::* LISTEN -
tcp6 0 0 :::443 :::* LISTEN -
tcp6 0 0 :::1917 :::* LISTEN 1277/node /home/ult
tcp6 0 0 :::3838 :::* LISTEN -
tcp6 0 0 ::1:6379 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
udp 0 0 127.0.0.53:53 0.0.0.0:* -
me#me:/internal$ kill -HUP 21011

NGINX Amazon EC2 keeps loading through 80 port is allowed

I'm trying to host ubuntu 18.4 server on aws ec2 instance.
]
Though I've allowed 80 port but when i tryto see on browser using my public ip it wont loading but it suppose to show nginx welcome screen.
netstat -tuanp | grep 80
output
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 16912/nginx: master
tcp6 0 0 :::80 :::* LISTEN 16912/nginx: master
My nginx is running perfectly . Here is the status
My browser showing:
This site can’t be reached my_public_ip took too long to respond.
Please Help!

Cannot connect to Wordpress docker container.on google cloud platform

Ok so I have read the other connecting to docker container questions and mine does not seem to fit any of the other ones. So here it goes. I have installed docker and docker compose. I built the Wordpress site on a my home machine and am not trying to migrate it to GCP. I got a micro instance and installed everything on there and as far as I can tell everything is up and running as it should be. But when I go to log into the site from the web browser I get -
**This site can’t be reached
xx.xxx.xx.xx refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED**
these are the ports opened up in my .yml file
- "8000:80"</b>
- "443"</b>
- "22"</b>
I have also tried 8080:80 and 80:80 to no availe
and when I check docker port it shows
80/tcp -> 0.0.0.0:32770</br>
80/tcp -> 0.0.0.0:8000</br>
22/tcp -> 0.0.0.0:32771</br>
443/tcp -> 0.0.0.0:443</br>
and when I check netstat from localhost and from another machine I get
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:17600 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:17603 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:17500 0.0.0.0:* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 ::1:631 :::* LISTEN -
tcp6 0 0 :::17500 :::* LISTEN -
udp 0 0 0.0.0.0:49953 0.0.0.0:* -
udp 22720 0 0.0.0.0:56225 0.0.0.0:* -
udp 52224 0 127.0.1.1:53 0.0.0.0:* -
udp 19584 0 0.0.0.0:68 0.0.0.0:* -
udp 46080 0 0.0.0.0:17500 0.0.0.0:* -
udp 214144 0 0.0.0.0:17500 0.0.0.0:* -
udp 35072 0 0.0.0.0:5353 0.0.0.0:* -
udp 9216 0 0.0.0.0:5353 0.0.0.0:* -
udp 0 0 0.0.0.0:631 0.0.0.0:* -
udp6 0 0 :::44824 :::* -
udp6 16896 0 :::5353 :::* -
udp6 3840 0 :::5353 :::*
-
when I run docker ps I get:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
1c25a8707960 wordpress:latest "docker-entrypoint.s…" 37 minutes ago Up 37 minutes 0.0.0.0:443->443/
tcp, 0.0.0.0:32771->22/tcp, 0.0.0.0:8000->80/tcp, 0.0.0.0:32770->80/tcp wp-site_wordpress_1
96f3c136c746 mysql:5.7 "docker-entrypoint.s…" 37 minutes ago Up 37 minutes 3306/tcp
wp-site_wp-db_1
Also I have both http and https open on my google cloud firewall.
So if I am listening on port 80 and have it mapped to 8000(the port I was connecting to the container on on my dev machine) I do not understand why I can not get to the WP site in the browser. Any help would be greatly appreciated. Also I think I included everything needed for this question. If there is anything else I will be more than happy to post it .
Ok so after a lot of tries I finally figured it out. In the yml file I needed to take out port -"80" and change -"8000:80" to -"80:80" and then remove the old containers and rebuild them.

Shiny-server installation: Server not responding on port 3838

I installed the shiny-server on a Ubuntu 16.04.1 and according to the console output it is active and running:
systemctl status shiny-server
● shiny-server.service - ShinyServer
Loaded: loaded (/etc/systemd/system/shiny-server.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2016-08-24 18:17:09 CEST; 15h ago
Process: 13175 ExecStartPost=/bin/sleep 3 (code=exited, status=0/SUCCESS)
Main PID: 13179 (shiny-server)
Tasks: 7
Memory: 28.5M
CPU: 158ms
CGroup: /system.slice/shiny-server.service
├─13174 /bin/bash -c /opt/shiny-server/bin/shiny-server --pidfile=/var/run/shiny-server.p
└─13179 /opt/shiny-server/ext/node/bin/shiny-server /opt/shiny-server/lib/main.js --pidfi
lines 1-11/11 (END)
Then I opened the port 3838 as stated in the installation guide:
netstat -ntlp | grep LISTEN
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:3838 0.0.0.0:* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
3838/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
3838/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
Howevever if I try to access my server over the port 3838 in a browser, I don't get any response from the server and the site stays blank and eventually times out.
Any ideas what I might be missing?
Apparently there was some problem with the port 3838 on my server. Although the console output above states that it is open and listed as "LISTEN", it still didn't work. When I changed the default port for my shiny-server in the configuration file (/etc/shiny-server/shiny-server.conf) to 80, it suddently worked:
# Define a top-level server which will listen on a port
server {
# Instruct this server to listen on port 3838
listen 80;
...

Resources