document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-03-03 01:10:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #25168 from hwlife/20220201-View-your-Linux-server-s-network-connections-with-netstat.md

Browse Source 
Translating
This commit is contained in:
Xingyu.Wang 2022-04-09 11:05:40 +08:00 committed by GitHub
commit 88ee54d9d9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 33 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
sources/tech/20220201 View your Linux server-s network connections with netstat.md → translated/tech/20220201 View your Linux server-s network connections with netstat.md
View File

@ -2,43 +2,45 @@
[#]: via: "https://opensource.com/article/22/2/linux-network-security-netstat"
[#]: author: "Sahana Sreeram https://opensource.com/users/sahanasreeram01gmailcom"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: translator: "hwlife"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
View your Linux server's network connections with netstat
使用 netstat 查看你的 Linux 服务器网络连接
======
The netstat command provides important insight into your Linux server,
both for monitoring and network troubleshooting.
netstat 命令对你的 Linux 服务器提供了监测和网络故障排除这两个重要的观察手段。
![A rack of servers, blue background][1]
I shared some important first steps to help manage your personal Linux server in a [previous article][2]. I briefly mentioned monitoring network connections for listening ports, and I want to expand on this by using the `netstat` command for Linux systems.
在 [之前的文章中][2],我分享了一些重要的首要步骤来管理你的个人 Linux 服务器。我简要的提到了使用监听端口来监测网络连接,并且我想通过 Linux 系统的 `netstat` 命令来扩展开讲讲。
Service monitoring and port scanning are standard industry practices. There's very good software like [Prometheus][3] to help automate the process, and [SELinux][4] to help contextualize and protect system access. However, I believe that understanding how your server connects to other networks and devices is key to establishing a baseline of what's normal for your server, which helps you recognize abnormalities that may suggest a bug or intrusion. As a beginner, I've discovered that the `netstat` command provides important insight into my server, both for monitoring and network troubleshooting.
Netstat and similar network monitoring tools, grouped together in the [net-tools package][5], display information about active network connections. Because services running on open ports are often vulnerable to exploitation, practicing regular network monitoring can help you detect suspicious activity early.
服务监测和端口扫描是标准的行业惯例。有类似 [Prometheus][3] 协助过程自动化,[SELinux][4] 协助上下文和保护系统访问权限。然而,我相信了解怎样使你的服务器连接到其他网络和设备是建立正常服务器基准的关键,能够帮助你认识到可能提示错误和入侵等异常情况。作为一个初学者,我已经掌握了 `netstat` 命令对我的服务器提供了监测和网络故障排除这两个重要的观察手段。
### Install netstat
Netstat is frequently pre-installed on Linux distributions. If netstat is not installed on your server, install it with your package manager. On a Debian-based system:
在 [net-tools 软件包][5] 里Netstat 和相似的一些网络监测工具被收集在一起,用来显示关于活动连接的信息。因为服务运行在开放的端口经常会被利用,定期日常网络监测能够帮助你及早探测到可以的活动。
### 安装 netstat
Nestat 在 Linux 发行版上经常是预装软件。如果 netstat 没有在你的服务器上安装,用你的包管理器安装它。下面是在基于 Debian 的系统上:
```
`$ sudo apt-get install net-tools`
```
For Fedora-based systems:
在基于 Fedora 的系统上:
```
`$ dnf install net-tools`
```
### Use netstat
On its own, the `netstat` command displays all established connections. You can use the `netstat` options above to specify the intended output further. For example, to show all listening and non-listening connections, use the `--all` (`-a` for short) option. This returns a lot of results, so in this example I pipe the output to `head` to display just the first 15 lines of output:
### 使用 netstat
就其本身而言, `netstat` 命令显示了全部建立成功的连接。你可以使用 `netstat` 的参数指定进一步预定的输出。举个例子,要显示所有监听和非监听的连接,使用 `--all` (`-a` 为简写)的参数。这将返回许多结果,所以在例子中我用管道符输出给 `head` 命令来显示输出的前15行消息
```
@ -62,8 +64,7 @@ tcp        0      0 10.0.1.222:52730        syd09s23-in-f3.1e:https E
```
To show only TCP ports, use the `--all` and `--tcp` options, or `-at` for short:
要只显示 TCP 端口,使用 `--all``--tcp` 参数,或者简写成 `-at`
```
@ -77,7 +78,7 @@ tcp        0      0 *:16001         *:*              LISTEN
```
To show only UDP ports, use the `--all` and `--udp` options, or `-au` for short:
要只显示 UDP 端口,使用 `--all``--udp` 参数,或者简写成 `-au`
```
@ -92,7 +93,7 @@ udp        0      0 *:bootpc          
```
The options for netstat are often intuitive. For example, to show all listening TCP and UDP ports with process ID (PID) and numerical address:
netstat 命令参数常常是简单易懂的。举个例子,要显示带有全部进程 ID (PID) 和数字地址的监听 TCP 和 UDP 的端口:
```
@ -121,9 +122,9 @@ udp6       0      0 :::5353            :::*                
```
The short version of this common combination is `-tulpn`.
这个常用组合简写版本是 `-tulpn`
To display information about a specific service, [filter with `grep`][6]:
要显示一个指定服务的信息,[使用 `grep` 命令过滤][6]
```
@ -137,19 +138,19 @@ unix  3      [ ]         STREAM     CONNECTED     55196    1721/cu
```
### Next steps
### 下一步骤
Once you've run the `netstat` command, you can take steps to secure your system by ensuring that only services that you actively use are listening on your network.
一旦你运行了 `netstat` 命令,你可以在你的网络确认你活动的服务正在监听来确保你的系统安全,进而采取措施。
1. Recognize commonly exploited ports and services. As a general rule, close the ports you're not actually using.
2. Be on the lookout for uncommon port numbers, and learn to recognize legitimate ports in use on your system.
3. Pay close attention to SELinux errors. Sometimes all you need to do is update contexts to match a legitimate change you've made to your system, but read the errors to make sure that SELinux isn't alerting you of suspicious or malicious activity.
1. 认识普遍被利用的端口和服务。一般来说,关闭你没有实际使用的端口。
2. 留意不常见的端口号,认识了解在你系统上使用的合法端口。
3. 密切注意 SELinux 错误。有时你需要更新全部上下文去匹配你对系统做的合法更改, 但是阅读错误警告能够确保 SELinux 没有提醒你可疑或者恶意的活动。
如果你发现一个端口正在运行一个可以的服务,或者你只是简单的想要关闭你不再使用的端口,你可以遵从以下这些步骤通过防火墙规则手动拒绝端口访问:
If you find that a port is running a suspicious service, or you simply want to close a port that you no longer use, you can manually deny port access through firewall rules by following these steps:
If you're using `firewall-cmd`, run these commands:
如果你在使用 `firewall-cmd` ,运行这些命令:
```
@ -160,25 +161,24 @@ $ sudo firewall-cmd runtime-to-permanent
```
If you're using UFW, run the following command:
如果你在使用 UFW运行以下的命令
```
`$ sudo ufw deny <port number>`
```
Next, stop the service itself using `systemctl`:
下一步,使用 `systemctl` 来停止这个服务:
```
`$ systemctl stop <service>`
```
### Learn netstat
### 理解 netstat
Netstat is a useful tool to quickly collect information about your server's network connections. Regular network monitoring is important an important part of getting to know your system, and it helps you keep your system safe. To incorporate this step into your administrative routine, you can use network monitoring tools like netstat or ss, as well as open source port [scanners such as Nmap or sniffers like Wireshark][7], which allow for [scheduled tasks][8].
Netstat 是一个快速收集你的服务器网络连接信息的有效工具。定期网络监测是了解你的系统的重要组成部分,也对帮助你保持你的系统安全有着重要意义。将这一步纳入你的日常管理中,你可以使用类似 netstat 或者 ss ,以及 [Nmap 开源端口扫描器 或者像 Wireshark 嗅探器][7] ,它们都允许设定 [计划任务][8]。
As servers house larger amounts of personal data, it's increasingly important to ensure the security of personal servers. By understanding how your server connects to the Internet, you can decrease your machine's vulnerability, while still benefiting from the growing connectivity of the digital age.
作为服务器存储了大量的个人数据,确保个人服务器的安全日益重要。通过理解你的服务器怎样连接到互联网,你可以降低你的机器的风险,同时你仍可以在数字时代大量的连接中获得益处。
--------------------------------------------------------------------------------
@ -186,7 +186,7 @@ via: https://opensource.com/article/22/2/linux-network-security-netstat
作者:[Sahana Sreeram][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
译者:[hwlife](https://github.com/hwlife)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出