Skip to Main Content
Linux Server Hacks, Volume Two
book

Linux Server Hacks, Volume Two

by William von Hagen, Brian K. Jones
December 2005
Beginner content levelBeginner
480 pages
13h 27m
English
O'Reilly Media, Inc.
Content preview from Linux Server Hacks, Volume Two

Hack #63. Increase Security by Disabling Unnecessary Services

Many network services that may be enabled by default are both unnecessary and insecure. Take the minimalist approach and enable only what you need.

Though today's systems are powerful and have gobs of memory, optimizing the processes they start by default is a good idea for two primary reasons. First, regardless of how much memory you have, why waste it by running things that you don't need or use? Secondly, and more importantly, every service you run on your system is a point of exposure, a potential cracking opportunity for the enlightened or lucky intruder or script kiddie.

There are three standard places from which system services can be started on a Linux system. The first is /etc/inittab. The second is scripts in the /etc/rc.d/rc?. d directories (/etc/init.d/rc?.d on SUSE and other more LSB-compliant Linux distributions). The third is by the Internet daemon, which is usually inetd or xinetd. This hack explores the basic Linux startup process, shows where and how services are started, and explains easy ways of disabling superfluous services to minimize the places where your systems can be attacked.

Examining /etc/inittab

Changes to /etc/inittab itself are rarely necessary, but this file is the key to most of the startup processes on systems such as Linux that use what is known as the "Sys V init" mechanism (this startup mechanism was first implemented on AT&T's System V Unix systems). The /etc/inittab file initiates ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Linux Server Hacks

Linux Server Hacks

Rob Flickenger
Mastering CentOS 7 Linux Server

Mastering CentOS 7 Linux Server

Mohamed Alibi, BHASKARJYOTI ROY

Publisher Resources

ISBN: 0596100825Errata Page