Change port number with “semanage”
For the security purpose we change some default port number in Linux box.
- For example all know SSH default port is 22 which is easily identify or targeted by any HACKER on the network so we simply change port number 22 to anything else.
- But when SELinux enabled, you can’t start service on other port number.
- You can see default port number with bellow command.
[root@feenixdv77 ~]# semanage port -l
SELinux Port Type Proto Port Number
afs3_callback_port_t tcp 7001
afs3_callback_port_t udp 7001
afs_bos_port_t udp 7007
afs_fs_port_t tcp 2040
afs_fs_port_t udp 7000, 7005
afs_ka_port_t udp 7004
afs_pt_port_t udp 7002
afs_vl_port_t udp 7003
agentx_port_t tcp 705
agentx_port_t udp 705
amanda_port_t tcp 10080-10083
amanda_port_t udp 10080-10082
amavisd_recv_port_t tcp 10024
- grep ssh port number from list.
[root@feenixdv77 ~]# semanage port -l |grep ssh
ssh_port_t tcp 22
- Here we can see default port is 22. Now we want to change default port for ssh as 2022.
[root@feenixdv77 ~]# semanage port -a -t ssh_port_t -p tcp 2022
ValueError: Port tcp/2022 already defined
- For cross check, again grep port information.
[root@feenixdv77 ~]# semanage port -l |grep ssh
ssh_port_t tcp 2022, 22
- Now we can run ssh service on both port number 22 and 2022
- Same for HTTP/ Apache web service
[root@feenixdv77 ~]# semanage port -a -t http_port_t -p tcp 81