Hey guys. I have a few selfhosted systems that are available to the public. Its getting difficult to notice if any wrong port is still open or some web server is out of date. I am looking for a (foss) tool that can reguarly monitor my systems (via their public ip/domain) and notify me if any port that I not specifically allowed (in a config) is open. Additionally it would be cool if it checked all open ports if they provide out of date software (like webservers) or known security issues.
I found nikto, but it feels like its doing only half of what I want. greenbone feels way to bloated for my use case.
Do you know any kind of software that would do something like that?
Proper routers can be used to effectively firewall your services from the net (Cisco/Aruba/Juniper/Fortigate etc). Mikrotik is the cheapest.
For example, on a Mikrotik router in the IP filter rules:
Rule 1 - drop input traffic from a custom blacklist.
Rule 2 - accept input traffic that you want to port forward to your server. Rule 3 - accept established and related traffic (tcp sessions that have passed SYN ACK stage).
Rule 4 - add source IP to blacklist for input traffic that you dont want to port forward to your server. Example: not 443,22 will trigger on all other ports.
This way if someone is scanning your ports they will be blacklisted and then will never get back in even on your open ports. I manage some large networks and our blacklist grows by around 50k IP addresses per week that are just scanning the internet. With a setup like this you don’t have to worry that much about the servers open ports or its firewall. You can also write to the router log all successful requests and their source IPs if you ever want to double check who’s been getting in.