Hack #63. Increase Security by Disabling Unnecessary Services
Many network services that may be enabled by default are both unnecessary and insecure. Take the minimalist approach and enable only what you need.
Though today's systems are powerful and have gobs of memory, optimizing the processes they start by default is a good idea for two primary reasons. First, regardless of how much memory you have, why waste it by running things that you don't need or use? Secondly, and more importantly, every service you run on your system is a point of exposure, a potential cracking opportunity for the enlightened or lucky intruder or script kiddie.
There are three standard places from which system services can be started on a Linux system. The first is /etc/inittab. The second is scripts in the /etc/rc.d/rc?. d directories (/etc/init.d/rc?.d on SUSE and other more LSB-compliant Linux distributions). The third is by the Internet daemon, which is usually inetd or xinetd. This hack explores the basic Linux startup process, shows where and how services are started, and explains easy ways of disabling superfluous services to minimize the places where your systems can be attacked.
Examining /etc/inittab
Changes to /etc/inittab itself are rarely necessary, but this file is the key to most of the startup processes on systems such as Linux that use what is known as the "Sys V init" mechanism (this startup mechanism was first implemented on AT&T's System V Unix systems). The /etc/inittab file initiates ...
Get Linux Server Hacks, Volume Two now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
