Results 1 to 7 of 7

Thread: unnecessary services

  1. #1
    Senior Member
    Join Date
    Oct 2001
    Posts
    193

    unnecessary services

    I currently have a pc with Mandrake 9.1 installed. Nothing has been modified aside from the usual desktop tweaking and firewall config. My question is this, What services would I need to keep running and what services can I disable. I would like to get more security and speed out of the pc. Are there any links to sites offering service explanations and purpose? Thanks.
    [shadow]Prepare ship for ludicrous speed![/shadow]

  2. #2
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I don't know of any sites off the top of my head, but I do know that on redhat 9 it has ssh and sendmail start up every boot, and I'm pretty sure that you don't need those unless you want to be able to access your machine remotely. As for sendmail, I haven't been able to get it to work except from the localhost. If I try to use it from another host I can't do it. I've tried port scans and it always shows that port 25 is closed. I guess it is a local service and not open to the world. But you can disable those if they start up like they do in redhat.

    edit
    found this:
    On my Mandrake 8.2 system (9.1 should be similar), I have these load upon boot:

    devfsd
    harddrake
    internet
    keytable
    kheader
    linuxconf
    network
    random
    sound
    syslog
    xfs

    If you install new hardware, you may want to temporarily have "kudzu", as well.

    I wouldn't just go and disable everything but those but at least it some sort of guideline.


  3. #3
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Not really familiar enough with Mandrake, but there is a generic process you can go through:

    ps -eaf

    Review the daemons listed there, try to identify all of them and what they do.

    For the ones that you know what they are and what they do, ask yourself do you
    need to run it. If not, go to your startup scripts and disable that one.

    If you don't know what it is, try to do a 'man <service>' to learn more about it. If that
    doesn't help, or there is no man page available for the service, kill it off and test things
    out (open new windows, load programs, surf the web, etc). If you don't notice anything
    obviously wrong, go ahead and disable it (you can always go back and turn it back on).

    Sighup'ing those processes might cause your box to lockup, but a quick reboot should
    fix it (because you haven't stopped it from loading at boot yet).

    Through doing that, I was able to go to a blank inetd.conf file (actually all commented out) and a netstat profile of one service, and a very short process list.

    14 processes, 1 port listening, with the added benefit of understanding what those were used for.

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  4. #4
    Senior Member
    Join Date
    Jul 2001
    Posts
    461
    There are lots of services which do not strictly speaking need to be running in most default installs.

    as root, run

    chkconfig --list > somefilename

    That will save a list all services and their status, i.e. running or not, in each run level. If you post that list here, I or someone else can tell you the ones which you probably do not need(depending on when you post, I may or may not be around, but someone could help you).

    I do not know what mandrake installs by default, but redhat does have quite a few services which are not needed in a default install. Of course this depends on what you are going to be using, if you do not use nfs for file sharing inside your network, you could certainly turn off portmap, nfs, nfslock, if you are not sharing files from your machine with windows computers via samba, you could turn off smbd and nmbd, are you not using a web server, turn off httpd. Not going to serve ftp to folks, turn of wu-ftpd or vsftpd(redhat default now) depending on which one is installed. It all really depends on what is installed. Post the list, someone can help you go through it.

    h3r3tic:
    In order for sendmail to listen for connections from other machines, you most likely need to change the configuration

    find the file sendmail.mc (probably in /etc/mail at least that is where it is on redhat)
    save a copy of it then edit the following line

    DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

    by removing the "Addr=127.0.0.1," from it.

    save your changes, then, after backing up sendmail.cf run

    m4 sendmail.mc > sendmail.cf

    making sure of course that you are pointing to the correct file locations, those files are both in the same directory by default, so, no worries if you are running from that directory(on redhat anyway).

    Then restart sendmail and it should accept connections from other machines, assuming that your firewall is not preventing it.

    MAKE SURE THAT YOU READ UP ON HOW TO PREVENT SPAMMERS FROM USING YOUR MACHINE AS A RELAY BEFORE ENABLING THIS THOUGH.

  5. #5
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    Thanks IchNiSan, If I enabled sendmail it would be for my local network not for the whole internet. As of now I'm not using it, but a while back I was trying to use it from a different machine and it didn't work, now I know why. If I ever decide to use it again I'll definitely try that. Thanks again.

  6. #6
    I also believe services "running" and services "listening" are two seperate issues. I use:

    netstat -tap|grep LISTEN

    to see what services are actually listening on ports. I consider those first as primary security risks.

    Other services running but not listening can be killed (obviously) to conserve system resources.

    A prime example is X11. When we use the GUI, X11 will be running (again obviously.) However, if you use the above command, depending on your flavor/version of linux, you may also find it listening.

    Since we don't want to share our GUI with the world, we can prevent it from listening on a port.

    Point being, I think this can be broken down into two areas:

    1. A running process that is not needed. Once identified can be shut off.

    2. A running process that IS needed, but needs to be stopped from listening.

    .: Aftiel

  7. #7
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    You should also checkout sockstat, it will show open/listening sockets and what is associated
    with it. Very much like the command suggested by Aftiel, but with a little nicer output.

    -- spurious
    Get OpenSolaris http://www.opensolaris.org/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •