Hi there,
Currently, I setup some iptables rules according to:
https://maas.io/docs/how-to-enhance-maas-security
However, I have seen some other ports open which are not listed on the documentation ( or haven’t found it )
- ports 7911 is open
What is it running?
root 3485250 0.0 0.0 105460 11224 ? Sl Aug15 0:43 /snap/maas/36593/usr/sbin/dhcpd -f -4 -pf /var/snap/maas/common/maas/dhcp/dhcpd.pid -cf /var/snap/maas/common/maas/dhcpd.conf -lf /var/snap/maas/common/maas/dhcp/dhcpd.leases enp1s0f1
If DHCP is provided by an external service, you must open the port on the external server.
- ports 5239 and 5249 are open to the world
What is it running?
processes:
root 3484665 0.4 0.0 653148 97224 ? Sl Aug15 399:54 python3 /snap/maas/36593/bin/rackd
root 3484666 1.3 0.1 1124244 156604 ? Sl Aug15 1341:42 python3 /snap/maas/36593/bin/regiond
According to Internet, these are ports exposing metrics for prometheus
ref - https://maas.lab.linuxcontainers.org/MAAS/docs/cli/how-to-set-up-maas-metrics.html
- ports 3128 and 8000 are open to the world
What is it running?
process:
snap_da+ 3485162 0.0 0.4 644060 595700 ? Sl Aug15 5:27 squid -N -d 5 -f /var/snap/maas/36593/proxy/maas-proxy.conf
According to Internet, these are ports used by the maas-proxy
The maas proxy is used by the machines as a form of cache when running APT
So, now that I have listed the ports above, Should I filter just within the internal network(s), or what services/ports should I leave exposed to the internet?
Thanks