Greg Lobring wrote:
While I am fairly adept at making sure the services on my Windows box are only the ones I need, I am not so learned for Linux. I use my Fedora pc for email (Ximian), surfing (Firefox/Mozilla) and chatting (Gaim). I am not using it as a mail server, ftp server, ssh server, or file server of any sort. So my question is, what should/should not be running to cut down on security risks? I think I was successful on not running sendmail, but what else? Here are the current results from chkconfig --list, any of these that I would be well off to disable?
Is this a stand-alone machine not acting as a server/gateway/whatever for other machines on a LAN?
ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off psacct 0:off 1:off 2:off 3:off 4:off 5:off 6:off iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off snmptrapd 0:off 1:off 2:off 3:off 4:off 5:off 6:off mdmpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off
^^^^^^^ If you're not using NFS you don't need this.
rpcidmapd 0:on 1:off 2:off 3:on 4:off 5:on 6:on yum 0:off 1:off 2:off 3:off 4:off 5:off 6:off readahead_early 0:off 1:off 2:off 3:off 4:off 5:on 6:off messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off smartd 0:off 1:off 2:on 3:on 4:on 5:on 6:off anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off rhnsd 0:off 1:off 2:off 3:on 4:on 5:on 6:off kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off isdn 0:off 1:off 2:on 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off
^^^^^^^ If you're not using NFS you don't need this.
^^^rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Looks like nfs is disabled already. May as well disable the rest of the NFS stuff.
acpid 0:off 1:off 2:off 3:on 4:on 5:on 6:off rpcgssd 0:on 1:off 2:off 3:on 4:off 5:on 6:on
^^^^^^^ More NFS stuff it doesn't appear you need.
vncserver 0:off 1:off 2:off 3:off 4:off 5:off 6:off saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off microcode_ctl 0:off 1:off 2:off 3:on 4:on 5:on 6:off sendmail 0:off 1:off 2:off 3:off 4:off 5:off 6:off autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off readahead 0:off 1:off 2:off 3:off 4:off 5:on 6:off netplugd 0:off 1:off 2:off 3:off 4:off 5:off 6:off cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off random 0:off 1:off 2:on 3:on 4:on 5:on 6:off irqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:off lisa 0:off 1:off 2:off 3:off 4:off 5:off 6:off xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off winbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off pcmcia 0:off 1:off 2:on 3:on 4:on 5:on 6:off rpcsvcgssd 0:on 1:off 2:off 3:on 4:off 5:on 6:on
^^^^^^^^^^ More NFS stuff.
^^^^^irda 0:off 1:off 2:off 3:off 4:off 5:off 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
If you're not mounting Windows SMB or Netware filesystems, you don't need this.
xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off apmd 0:off 1:off 2:on 3:on 4:on 5:on 6:off netdump 0:off 1:off 2:off 3:off 4:off 5:off 6:off snmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off xinetd based services: echo-udp: off time: off time-udp: off daytime-udp: off echo: off ktalk: off chargen: off rsync: off cups-lpd: off daytime: off sgi_fam: on chargen-udp: off services: off
--
-John (john@xxxxxxxxxxx)