After installation port 5355 opens
Hello,
I have a VPS with Almalinux8.9 and I make a fresh installation with target lts cPanel. {CPANEL=lts} version 118.0.11 and Mariadb version 10.6.
I have 2 questions:
1st - After the installation finished I see that mariadb listen on port 0.0.0.0:3306 {global}. I must go manually and add the bind-address to 127.0.0.1 to listen local. That is normal on fresh installation? I remember past installations that from the beginning listen to local. Also I must run /usr/bin/mariadb-secure-installation after to secure the mariadb or cPanel secure by default as the past?
2nd- After the fresh installation I see one port open that I don't know if it's ok to disable or not!
The port listen both TCP | UDP at 5355 and seems coming from systemd-resolved service.
I can go to /etc/systemd/resolved.conf and add LLMNR=0 and restart the service with systemctl restart systemd-resolved.service and seems the port not listening anymore at 0.0.0.0:5355.
But is that ok? I have also csf firewall and I don't allow connections to this port.
Almalinux8 with cPanel fresh installation open port 5355 why?
Any help is highly appreciated! I want to setup that VPS with security standards and functionality and that port seems "strange" for me.
Any help is highly appreciated!
Thank you.
-
Hey there! The port 3306 option seems normal to me, but I'm not familiar with port 5355. CSF doesn't include that port in their default list, and there is no reason from a cPanel perspective that you need to leave that port open.
0 -
Hello cPRex,
From this post among others I read:
Disabling systend-resolved if it is enabled...2023-08-01 14:03:04 100 [37484] (DEBUG) : - ssystem (BEGIN]: systemctl disable - -now systend-resolved 2023-08-01 14:03:04 100 [37484] (DEBUG) : Removed /etc/systend/system/dbus-org.freedesktop.resolvel.service. 2023-08-01 14:03:04 100 [374841 (DEBUG): Removed /etc/systend/system/multi-user.target.wants/systend-resolved.service. 2023-08-01 14:03:04 100 [37484] (DEBUG): ssystem END] 2023-08-01 14:03:04 509 37484] ( INFO): Validating whether the system can look up domains. 2023-08-01 14:03:04 516 [37484] (DEBUG): Testing httpupdate.cpanel.net. 2023-08-01 14:03:44 518 [37484] (ERROR): 2023-08-01 14:03:44519 [37484] (ERROR): The system cannot resolve the httpupdate.cpanel.net domain. Check the /etc/resolv.conf file. The system has terminated the insta llation process. My resolv.conf file now reads: nameserver 1.1.1.1 nameserver 8.8.8.8 and nothing on the computer resolves anymore. . Am I missing something in the DNS configuration?
In my system with minimal Almalinux8.9 the installation of cPanel (also LTS and stable version) not seems to disable systemd-resolved.service as the above incident!
What happened here? I'm confused...
When I install the cPanel every time (I tried 4 times already with different options) the cPanel script installs systemd-resolved.service ! That service listen on port 5355! Why do that? Please also talk to the developers or test it by install cPanel test to KVM with almalinux 8.9.
Can please answer these 2 questions for me please?
1st - After the installation finished I see that mariadb listen on port 0.0.0.0:3306 {global}. That is normal on fresh installation?
I must run /usr/bin/mariadb-secure-installation after to secure the mariadb or cPanel make that for me?
2nd- After the fresh installation I see one port open that I don't know if it's ok to disable or not?
The port listen both TCP | UDP at 5355 and seems coming from systemd-resolved service that cPanel script installs and enable it through initial setup.
Thank you!
0 -
1 - Yes, that is normal.
1a - there is no need to run that secure-installation command on a cPanel system
2 - you can close that port if you want.
0
Please sign in to leave a comment.
Comments
3 comments