Security for a first timer
John Thompson
JohnThompson at new.rr.com
Sun Sep 5 23:58:23 UTC 2004
Greg Lobring wrote:
> While I am fairly adept at making sure the services on my Windows box
> are only the ones I need, I am not so learned for Linux. I use my
> Fedora pc for email (Ximian), surfing (Firefox/Mozilla) and chatting
> (Gaim). I am not using it as a mail server, ftp server, ssh server, or
> file server of any sort. So my question is, what should/should not be
> running to cut down on security risks? I think I was successful on not
> running sendmail, but what else? Here are the current results from
> chkconfig --list, any of these that I would be well off to disable?
Is this a stand-alone machine not acting as a server/gateway/whatever
for other machines on a LAN?
> ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> psacct 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> snmptrapd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> mdmpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off
^^^^^^^
If you're not using NFS you don't need this.
> rpcidmapd 0:on 1:off 2:off 3:on 4:off 5:on 6:on
> yum 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> readahead_early 0:off 1:off 2:off 3:off 4:off 5:on 6:off
> messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> smartd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> rhnsd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> isdn 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off
^^^^^^^
If you're not using NFS you don't need this.
> rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
^^^
Looks like nfs is disabled already. May as well disable the rest of the
NFS stuff.
> acpid 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> rpcgssd 0:on 1:off 2:off 3:on 4:off 5:on 6:on
^^^^^^^
More NFS stuff it doesn't appear you need.
> vncserver 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> microcode_ctl 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> sendmail 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> readahead 0:off 1:off 2:off 3:off 4:off 5:on 6:off
> netplugd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off
> gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> random 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> irqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> lisa 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> winbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> pcmcia 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> rpcsvcgssd 0:on 1:off 2:off 3:on 4:off 5:on 6:on
^^^^^^^^^^
More NFS stuff.
> irda 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
^^^^^
If you're not mounting Windows SMB or Netware filesystems, you don't
need this.
> xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> apmd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> netdump 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> snmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> xinetd based services:
> echo-udp: off
> time: off
> time-udp: off
> daytime-udp: off
> echo: off
> ktalk: off
> chargen: off
> rsync: off
> cups-lpd: off
> daytime: off
> sgi_fam: on
> chargen-udp: off
> services: off
>
>
--
-John (john at os2.dhs.org)
More information about the fedora-list
mailing list