[olug] TechRebpublic Tip: Shut Down Unnecessary Services
Jeff Hinrichs
jlh at cox.net
Tue Jul 1 20:48:52 UTC 2003
SHUT DOWN UNNECESSARY SERVICES
By default, most Linux distributions automatically enable a number of
services. However, this is counter to good security practices.
A number of Linux distributions, including Mandrake Linux and Red Hat, use
the chkconfig tool to control what services are running. It's also used to
enable or disable a service by an associated run-level.
# /sbin/chkconfig --help
usage: chkconfig --list [name]
chkconfig --add <name>
chkconfig --del <name>
chkconfig [--level <levels>] <name> <on|off|reset>)
to see those services that are on at run level 5:
# /sbin/chkconfig --list|grep '5:on'
If you see services that you don't want to run, such as smb, nfs, or
portmap, enter this command:
# /sbin/chkconfig <service> off
Replace <service> with the service name that you want to disable. You can
enable services by ending the command with the argument 'on'.
Other distributions use similar tools, so check the documentation for your
particular distribution.
One tool that works on all Linux systems is Netstat. This allows you to see
what services are running and listening to TCP or UDP sockets, what binary
program has opened the socket to listen, and what ports they're listening
to. You can then use this information to determine what services to disable.
Here's an example to list things listening via tcp:
# netstat -l --tcp -p
or via udp:
# netstat -l --udp -p
If you use webmin (www.webmin.com), you can go to: System -> Bootup &
Shutdown. From here you can check the current statuses for services,
restart/stop or start services, tell a service to start or not at boot time
and change the runlevel settings.
Portions of this tip were taken from the Linux Tips email.
(www.TechRepublic.com )
-Jeff
More information about the OLUG
mailing list