F35 Server network setup

I’m no sysadmin, so please bear with me.

I’d need your advice on basic system settings and network security policy before I move onto storage configuration and connect any external storage disks.

Server version: F35 ARM Server
HW for test: R Pi 3B+

After I update the system for the first time, I recall there are hundreds of services updated in Cockpit. Services are activated by default without realizing it. I ran the following command in the Cockpit terminal. Not sure which are unwanted services that are exposed.

$ ss -ltpn
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 5 127.0.0.1:4330 0.0.0.0:*
LISTEN 0 511 127.0.0.1:6379 0.0.0.0:*
LISTEN 0 4096 0.0.0.0:5355 0.0.0.0:*
LISTEN 0 64 127.0.0.1:34417 0.0.0.0:* users:((“cockpit-bridge”,pid=24082,fd=9))
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:44321 0.0.0.0:*
LISTEN 0 128 0.0.0.0:44322 0.0.0.0:*
LISTEN 0 128 0.0.0.0:44323 0.0.0.0:*
LISTEN 0 5 [::1]:4330 [::]:*
LISTEN 0 511 [::1]:6379 [::]:*
LISTEN 0 4096 [::]:5355 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:44321 [::]:*
LISTEN 0 128 [::]:44322 [::]:*
LISTEN 0 4096 :9090 :
LISTEN 0 128 [::]:44323 [::]:

I’m not sure if I can do all config in Cockpit’s graphical interface (network-manager)??

I don’t mind using the command line/script for fine-grained control. The built-in terminal in Cockpit is really handy.

Are the results of ss -ltpn above nothing to worry about?

Hi there, you may try to run the command as root or with sudo in order to get all processes listed.

sudo ss -ltpn

“127.0.0.X” is an IPv4 Loopback interface. Should not be accessible from the outside.
“::1” is an ipv6 loopback interface.
“0.0.0.0” basically means “every” IP, can be the internet


“0.0.0.0:22 0.0.0.0:*” means that the sshd is listening on port 22 on every interface and basically accepts traffic from every IP and every port.

This however just is the basic service configuration.
Your firewall still may block those connections.

1 Like

Thanks for that.

firewall daemon is active by default as I checked it with
sudo firewall-cmd --state

I found the post-installation tasks in here;
https://docs.fedoraproject.org/en-US/fedora-server/sysadmin-postinstall/