Open ports by default

Hi,

Just two quick questions. What are the ports that are open by default on Manjaro ? Can software installed from AUR or pacman open ports without notifying the user ?

Thanks in advance!

First of all, GNU/Linux is not Microsoft Windows and does not have anything listening on all ports by default, other than what you yourself may have enabled. pamac will periodically check the mirror list via a systemd timer, but other than that, there won’t be much listening ─ especially not on the lower ports, which are the only ones that really matter ─ unless you explicitly enable things like sshd or for instance a web server.

Secondly, as soon as you open up a browser to any website, you are listening on a port. However, that will be an unprivileged port ─ i.e. a port number above 1023.

Thirdly, software from the AUR always comes with a PKGBUILD file, which is a plain text file, and which can thus be inspected for what it’s going to pull in. So when it comes to the AUR, you bear the responsibility over what you install.

The AUR is a community-run platform, and while there have on a few occasions in the past been willful or unwillful insertions of malware on the AUR, they were quickly spotted by the community and removed, with the uploader’s account banned. So for most part, the AUR can be trusted, but it’s always wise to check what you’re installing from there.

4 Likes

That depends on the direction of the traffic but deducting from your question you must be referencing applications which can be abused from outside connections.

On a default Manjaro system

  1. All outgoing traffic is allowed - no restrictions.
  2. No application (e.g. http, smb, ftp, mail) providing external services is enabled.
  3. Some editions comes with a firewall installed but not enabled - others enable the firewall
  4. Some editions comes with Samba installed but not enabled.
  5. The system Python contains the module http.server.

Manjaro provides a safe and sound system with no dubious packages or questionable services and as such you can trust it won’t do anything out the ordinary.

The lecturing

In the end it is your habits and your usage which defines if a system is safe and secure. You will need to continually evaluate if your actions or security habits will pose any risk to your computer system.

Do not install applications when you do not know - to the fullest extent - what the application is doing.

AUR is unsupported.

Yes - that is possible!

I repeat: Do not build and install applications if you do not know - to the fullest extent - what the application is doing.

It is a common misconception that Manjaro endorse the usage of AUR - Manjaro do not support any and all packages built from AUR - period.

If you choose to build packages from AUR - the packages and what they do is your responsibility - and yours alone.

3 Likes

There are easy ways to find out. One of them is: OpenSnitch

1 Like