Security for a first timer

yggdrasil list yggdrasil.lists at gmail.com
Mon Sep 6 00:17:21 UTC 2004 

There are other services and daemons that you can turn off to improve
boot times and just manage the basic clutter.


On Sun, 05 Sep 2004 18:58:23 -0500, John Thompson
<johnthompson at new.rr.com> wrote:
> Greg Lobring wrote:
> 
> > While I am fairly adept at making sure the services on my Windows box
> > are only the ones I need, I am not so learned for Linux. I use my
> > Fedora pc for email (Ximian), surfing (Firefox/Mozilla) and chatting
> > (Gaim). I am not using it as a mail server, ftp server, ssh server, or
> > file server of any sort. So my question is, what should/should not be
> > running to cut down on security risks? I think I was successful on not
> > running sendmail, but what else? Here are the  current results from
> > chkconfig --list, any of these that I would be well off  to disable?
> 
> Is this a stand-alone machine not acting as a server/gateway/whatever
> for other machines on a LAN?
> 
> > ntpd            0:off   1:off   2:off   3:off   4:off   5:off   6:off
> > network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
> > psacct          0:off   1:off   2:off   3:off   4:off   5:off   6:off
> > iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
> > snmptrapd       0:off   1:off   2:off   3:off   4:off   5:off   6:off
> > mdmpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
^^^^^^^
Multi-path support (ie RAID), no need if you don't have a RAID array.

> > portmap         0:off   1:off   2:off   3:on    4:on    5:on    6:off
>    ^^^^^^^
> If you're not using NFS you don't need this.
> 
> > rpcidmapd       0:on    1:off   2:off   3:on    4:off   5:on    6:on
> > yum             0:off   1:off   2:off   3:off   4:off   5:off   6:off
> > readahead_early 0:off   1:off   2:off   3:off   4:off   5:on    6:off
> > messagebus      0:off   1:off   2:off   3:on    4:on    5:on    6:off
> > smartd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
> > anacron         0:off   1:off   2:on    3:on    4:on    5:on    6:off
> > rhnsd           0:off   1:off   2:off   3:on    4:on    5:on    6:off
^^^^^^^
Daemon for response to the up2date. If you only use yum or apt, can be disabled.

> > kudzu           0:off   1:off   2:off   3:on    4:on    5:on    6:off
> > isdn            0:off   1:off   2:on    3:on    4:on    5:on    6:off
^^^^^^^
If you aren't using isdn, no need for the services for that.

> > crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
> > sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
^^^^^^^^
Since you aren't won't be accessing this PC remotely, no need for this.

> > syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off
> > nfslock         0:off   1:off   2:off   3:on    4:on    5:on    6:off
>    ^^^^^^^
> If you're not using NFS you don't need this.
> 
> > rawdevices      0:off   1:off   2:off   3:on    4:on    5:on    6:off
> > nfs             0:off   1:off   2:off   3:off   4:off   5:off   6:off
>    ^^^
> Looks like nfs is disabled already.  May as well disable the rest of the
> NFS stuff.
> 
> > acpid           0:off   1:off   2:off   3:on    4:on    5:on    6:off
> > rpcgssd         0:on    1:off   2:off   3:on    4:off   5:on    6:on
>    ^^^^^^^
> More NFS stuff it doesn't appear you need.
> 
> > vncserver       0:off   1:off   2:off   3:off   4:off   5:off   6:off
> > saslauthd       0:off   1:off   2:off   3:off   4:off   5:off   6:off
> > microcode_ctl   0:off   1:off   2:off   3:on    4:on    5:on    6:off
^^^^^^^^^
Only needed if you run an Intel chip.

> > sendmail        0:off   1:off   2:off   3:off   4:off   5:off   6:off
> > autofs          0:off   1:off   2:off   3:on    4:on    5:on    6:off
> > readahead       0:off   1:off   2:off   3:off   4:off   5:on    6:off
> > netplugd        0:off   1:off   2:off   3:off   4:off   5:off   6:off
> > cpuspeed        0:off   1:on    2:on    3:on    4:on    5:on    6:off
> > gpm             0:off   1:off   2:on    3:on    4:on    5:on    6:off
> > random          0:off   1:off   2:on    3:on    4:on    5:on    6:off
> > irqbalance      0:off   1:off   2:off   3:on    4:on    5:on    6:off
> > lisa            0:off   1:off   2:off   3:off   4:off   5:off   6:off
> > xinetd          0:off   1:off   2:off   3:on    4:on    5:on    6:off
> > mdmonitor       0:off   1:off   2:on    3:on    4:on    5:on    6:off
^^^^^^^
Multi-path service. Used with a RAID array.

> > winbind         0:off   1:off   2:off   3:off   4:off   5:off   6:off
> > cups            0:off   1:off   2:on    3:on    4:on    5:on    6:off
> > pcmcia          0:off   1:off   2:on    3:on    4:on    5:on    6:off
Only needed on a laptop.

> > rpcsvcgssd      0:on    1:off   2:off   3:on    4:off   5:on    6:on
>    ^^^^^^^^^^
> More NFS stuff.
> 
> > irda            0:off   1:off   2:off   3:off   4:off   5:off   6:off
> > netfs           0:off   1:off   2:off   3:on    4:on    5:on    6:off
>    ^^^^^
> If you're not mounting Windows SMB or Netware filesystems, you don't
> need this.
> 
> > xfs             0:off   1:off   2:on    3:on    4:on    5:on    6:off
> > apmd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
Only needed on a laptop.

> > netdump         0:off   1:off   2:off   3:off   4:off   5:off   6:off
> > snmpd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
> > atd             0:off   1:off   2:off   3:on    4:on    5:on    6:off
> > xinetd based services:
> >         echo-udp:       off
> >         time:   off
> >         time-udp:       off
> >         daytime-udp:    off
> >         echo:   off
> >         ktalk:  off
> >         chargen:        off
> >         rsync:  off
> >         cups-lpd:       off
> >         daytime:        off
> >         sgi_fam:        on
> >         chargen-udp:    off
> >         services:       off
> >
> >
> 
> --
> 
> -John (john at os2.dhs.org)
> 
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>

More information about the fedora-list mailing list