October 24th, 2003, 10:44 PM
I currently have a pc with Mandrake 9.1 installed. Nothing has been modified aside from the usual desktop tweaking and firewall config. My question is this, What services would I need to keep running and what services can I disable. I would like to get more security and speed out of the pc. Are there any links to sites offering service explanations and purpose? Thanks.
[shadow]Prepare ship for ludicrous speed![/shadow]
October 24th, 2003, 10:48 PM
I don't know of any sites off the top of my head, but I do know that on redhat 9 it has ssh and sendmail start up every boot, and I'm pretty sure that you don't need those unless you want to be able to access your machine remotely. As for sendmail, I haven't been able to get it to work except from the localhost. If I try to use it from another host I can't do it. I've tried port scans and it always shows that port 25 is closed. I guess it is a local service and not open to the world. But you can disable those if they start up like they do in redhat.
On my Mandrake 8.2 system (9.1 should be similar), I have these load upon boot:
If you install new hardware, you may want to temporarily have "kudzu", as well.
I wouldn't just go and disable everything but those but at least it some sort of guideline.
October 24th, 2003, 10:57 PM
Not really familiar enough with Mandrake, but there is a generic process you can go through:
Review the daemons listed there, try to identify all of them and what they do.
For the ones that you know what they are and what they do, ask yourself do you
need to run it. If not, go to your startup scripts and disable that one.
If you don't know what it is, try to do a 'man <service>' to learn more about it. If that
doesn't help, or there is no man page available for the service, kill it off and test things
out (open new windows, load programs, surf the web, etc). If you don't notice anything
obviously wrong, go ahead and disable it (you can always go back and turn it back on).
Sighup'ing those processes might cause your box to lockup, but a quick reboot should
fix it (because you haven't stopped it from loading at boot yet).
Through doing that, I was able to go to a blank inetd.conf file (actually all commented out) and a netstat profile of one service, and a very short process list.
14 processes, 1 port listening, with the added benefit of understanding what those were used for.
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
October 24th, 2003, 11:30 PM
There are lots of services which do not strictly speaking need to be running in most default installs.
as root, run
chkconfig --list > somefilename
That will save a list all services and their status, i.e. running or not, in each run level. If you post that list here, I or someone else can tell you the ones which you probably do not need(depending on when you post, I may or may not be around, but someone could help you).
I do not know what mandrake installs by default, but redhat does have quite a few services which are not needed in a default install. Of course this depends on what you are going to be using, if you do not use nfs for file sharing inside your network, you could certainly turn off portmap, nfs, nfslock, if you are not sharing files from your machine with windows computers via samba, you could turn off smbd and nmbd, are you not using a web server, turn off httpd. Not going to serve ftp to folks, turn of wu-ftpd or vsftpd(redhat default now) depending on which one is installed. It all really depends on what is installed. Post the list, someone can help you go through it.
In order for sendmail to listen for connections from other machines, you most likely need to change the configuration
find the file sendmail.mc (probably in /etc/mail at least that is where it is on redhat)
save a copy of it then edit the following line
by removing the "Addr=127.0.0.1," from it.
save your changes, then, after backing up sendmail.cf run
m4 sendmail.mc > sendmail.cf
making sure of course that you are pointing to the correct file locations, those files are both in the same directory by default, so, no worries if you are running from that directory(on redhat anyway).
Then restart sendmail and it should accept connections from other machines, assuming that your firewall is not preventing it.
MAKE SURE THAT YOU READ UP ON HOW TO PREVENT SPAMMERS FROM USING YOUR MACHINE AS A RELAY BEFORE ENABLING THIS THOUGH.
October 24th, 2003, 11:49 PM
Thanks IchNiSan, If I enabled sendmail it would be for my local network not for the whole internet. As of now I'm not using it, but a while back I was trying to use it from a different machine and it didn't work, now I know why. If I ever decide to use it again I'll definitely try that. Thanks again.
November 19th, 2003, 07:56 PM
I also believe services "running" and services "listening" are two seperate issues. I use:
netstat -tap|grep LISTEN
to see what services are actually listening on ports. I consider those first as primary security risks.
Other services running but not listening can be killed (obviously) to conserve system resources.
A prime example is X11. When we use the GUI, X11 will be running (again obviously.) However, if you use the above command, depending on your flavor/version of linux, you may also find it listening.
Since we don't want to share our GUI with the world, we can prevent it from listening on a port.
Point being, I think this can be broken down into two areas:
1. A running process that is not needed. Once identified can be shut off.
2. A running process that IS needed, but needs to be stopped from listening.
November 21st, 2003, 05:06 AM
You should also checkout sockstat, it will show open/listening sockets and what is associated
with it. Very much like the command suggested by Aftiel, but with a little nicer output.
Get OpenSolaris http://www.opensolaris.org/