Home arrow Security arrow Page 6 - Vectors

Linux Services - Security

Many of us who use use security products on our computers religiously are bewildered to find that we still get infected with malware. How does this happen? No matter what we do, our computers are constantly in touch with the vectors that carry malicious software. Thomas Greene explains what this means, and what we can do about it.

  1. Vectors
  2. Common Vectors
  3. Other Vulnerabilities
  4. ďUnsafe at Any SpeedĒ
  5. Defense
  6. Linux Services
  7. Becoming a User
  8. Read, Write, Execute
By: Apress Publishing
Rating: starstarstarstarstar / 3
February 02, 2005

print this article



For Linux users, disabling superfluous services is a good deal easier. There are fewer to worry about and far fewer dependencies among them. For example, Linux users can disable RPC without negative consequences, and they should do so unless they need it for NFS (Network File System) or NIS (Network Information Service). Home network users and home business users are unlikely to be using these services, so itís almost always good to disable RPC.

Unlike Microsoft, most Linux vendors will not install many superfluous services and Web applications by default. But it is important to check the following list in case youíre running a service that you donít need. If youíre using a major, packaged distribution, itís likely that only a few of these services will have been enabled by default.

There are numerous ways to disable services in Linux, though these depend on the particular distribution youíre using. For this reason, it will not be practical to provide screen shots. Essentially, you want to halt the daemon, ensure that the system continues to work normally, and then disable it permanently. An easy way to do this is via a GUI admin interface, but of course these vary by distribution. Usually, there will be an admin utility allowing you to select runlevels for various components, where your services or daemon processes will be displayed and can be enabled, disabled, started, and stopped. Linux is usually very tolerant of having services disabled, but you should stop the daemon first and see how the system behaves before making a commitment. If your machine continues to function normally, you can remove it from all runlevels, and even from your /etc/init.d directory so that it canít start again if you reboot.

Here are the main ones you should look out for:

Apache: This is a fine Web server. Most Linux distributions are filled with more packages than any person could possibly use, and sometimes, due to this embarrassment of riches, servers like Apache can be installed without the userís realizing it. If you donít need a Web server or donít know how to run one securely, you should uninstall it promptly.

Berkeley Internet Name Domain (BIND): This service translates domain names to IP addresses. Unless you are operating a server, you have no use for it. Disabling it will not affect your Internet clients: your ISP will provide BIND or DNS services for you. The daemon is called named and should be disabled.

File Transfer Protocol (FTP): This is a file server. Few home users will have any use for it. The daemons are called wuftpd and proftpd; get rid of them unless you need to make FTP available and know how to secure it.

Line Printer Daemon (LPD): This service allows users to connect to a printer across a network. It is exceptionally insecure and should be disabled with prejudice.

Nessus: This is a vulnerability scanner that runs a daemon process. Itís not terribly dangerous, but there is no point leaving it running when itís not in use, lest others connect to it. I recommend enabling and disabling the nessusd daemon from the command line and leaving it out of your runlevels.

Network Information Service (NIS): This service allows networked machines to share a common interface. It is not so much vulnerable in itself but it requires RPC, which is. Home users should not have any use for it.

Network File System (NFS): This service provides remote access to shared file systems across a network. As with NIS, it is not so much vulnerable in itself but it requires RPC, which is. Home users should not have any use for it.

Postfix: This is a fairly reliable mail server. Few home users need a mail server or know how to run one securely, so this should be disabled, but not uninstalled. Some mail clients may require it to be present, though not running.

Remote Procedure Call (RPC): Sometimes called sunrpc or portmap, this should be disabled except when NIS or NFS are in use. Any daemon with rpc or portmap in the name is a good candidate for disabling.

Rlogin: This service accepts remote logins. It is only slightly more secure than Telnet and should be disabled. Use SSH or Webmin if you need to log in to your machine remotely.

Samba: This is a file and print sharing service that offers Windows compatibility. Itís unnecessary on most home machines. Computers used primarily to contact the Internet should not be offering such services unless they have to, though Samba can be quite useful in an office if you know how to run it securely.

Secure Shell (SSH): This service accepts remote logins. You should disable the SSH daemon (sshd) unless you need to connect remotely to your computer. If you do connect remotely, SSH is the most secure method and should always be preferred to Telnet and rlogin. Disabling the SSH daemon will not cause any problems when using an SSH client.

Sendmail: This is a mail server. You probably donít need a mail server, so uninstall it. If you do need a mail server, you should still uninstall Sendmail and replace it with Postfix, which is more secure. Some e-mail clients may require Postfix to be installed, though not running, so disabling it is better than uninstalling it.

Simple Network Management Protocol (SNMP): This service allows for configuring devices over a network. Home users should have no use for it. There are plenty of exploits against it, so disable the snmpd daemon unless you really need it.

Squid: This is a proxy server, and a fine one, but itís a security issue if you donít need it and donít know how to secure it. If you donít know what a proxy server is, then you absolutely donít need one. Uninstall it if you find itís been installed.

Telnet: This is a hopelessly insecure service that permits remote logins. Disable it; remove it from /etc/init.d; exorcise it.

Webmin: This is a fairly trustworthy server for remote administration. However, if you donít need it, uninstall it. If youíre not going to use it, thereís no point making it available to others on the Internet, like malicious script kiddies.

Ypbind: This daemon supports Network Information Services (NIS). There have been exploits against it. Again, as with any service, if you donít need it, disable it.

Power User Tip

Linux power users can prevent their X server from listening on the Net by editing the relevant configuration file. Depending on your distribution, the file might be found in one of these locations: /etc/ opt/kde3/share/config/kdm/ Xservers, / etc/X11/xdm/ Xservers, / usr/X11R6/lib/X11/xinit/xserverrc, or /etc/X11/ xinit/ xserverrc. Find the line starting with :0 local [etc...], and without altering it otherwise, add -nolisten tcp at the end. The X serverís TCP access is not considered a menace, but this will keep you safe from a new or unknown exploit.

This chapter is from Computer Security for the Home and Small Office by Thomas C. Greene (Apress, 2004, ISBN: 1590593162). Check it out at your favorite bookstore today. Buy this book now.

>>> More Security Articles          >>> More By Apress Publishing

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Secure Your Business for Data Privacy Day
- Google Testing Security Fob Password Alterna...
- Security News Highlights Concerns
- Going to Extremes for Data Security
- Skipfish Website Vulnerability Scanner
- Critical Microsoft Visual Studio Security Pa...
- US Faces Tech Security Expert Deficit
- LAN Reconnaissance
- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- Whatís behind the curtain? Part II

Developer Shed Affiliates


Dev Shed Tutorial Topics: