Disabling Services in Linux?

wardialer · 03-01-2005, 10:35 PM

You know how OpenBSD is secure by default because of the uneeded services are disabled???

How can I disable the unwanted services if Im using the computer only for Internet and email? Thats all?

tsphan · 03-01-2005, 10:56 PM

you should check somewhere in your mandrake control panel, I remember it being somewhere there when I used mandrake 9.1

wardialer · 03-01-2005, 11:13 PM

Your not understanding my question here.

I know how to get there but please give me a list of what Services I have to disable for extra security like in OpenBSD.

win32sux · 03-01-2005, 11:19 PM

post the output of this right after a fresh startup:

Code:

ps aux

that way people on this thread will know what services you are currently running and can tell you which ones to disable...

happylife · 03-01-2005, 11:27 PM

sorry,
wardialer ur correct answer is 'top' command.

wardialer · 03-01-2005, 11:32 PM

Code:

ps aux
USER       PID %CPU %MEM   VSZ  RSS TTY      STAT START   TIME COMMAND
root         1  5.1  0.0  1356  496 ?        S    21:28   0:04 init
root         2  0.0  0.0     0    0 ?        SW   21:28   0:00 [keventd]
root         3  0.0  0.0     0    0 ?        SWN  21:28   0:00 [ksoftirqd_CPU0]
root         4  0.0  0.0     0    0 ?        SW   21:28   0:00 [kswapd]
root         5  0.0  0.0     0    0 ?        SW   21:28   0:00 [bdflush]
root         6  0.0  0.0     0    0 ?        SW   21:28   0:00 [kupdated]
root         7  0.0  0.0     0    0 ?        SW<  21:28   0:00 [mdrecoveryd]
root        11  0.0  0.0     0    0 ?        SW   21:28   0:00 [kjournald]
root       122  0.2  0.2  2172 1376 ?        S    21:29   0:00 devfsd /dev
root       217  0.0  0.0     0    0 ?        SW   21:29   0:00 [khubd]
root       408  0.0  0.0     0    0 ?        SW   21:29   0:00 [kjournald]
root       415  0.0  0.0     0    0 ?        SW   21:29   0:00 [kjournald]
root       416  0.0  0.0     0    0 ?        SW   21:29   0:00 [kjournald]
root       855  0.0  0.1  1952  964 ?        S    21:29   0:00 /sbin/dhclient -1
root       945  0.0  0.1  1452  624 ?        S    21:29   0:00 syslogd -m 0
root       953  0.1  0.2  2180 1320 ?        S    21:29   0:00 klogd -2
xfs       1042  0.0  0.7  5168 3688 ?        S    21:29   0:00 [xfs]
daemon    1113  0.0  0.0  1392  500 ?        S    21:29   0:00 [atd]
root      1126  0.0  0.1  2436  652 ?        S    21:29   0:00 /usr/bin/mdkkdm -
root      1135  1.1  1.6 92496 8752 ?        S<   21:29   0:00 /etc/X11/X -defer
root      1140  0.0  0.2  3720 1100 ?        S    21:29   0:00 saslauthd -a pam
root      1157  0.0  0.2  3720 1100 ?        S    21:29   0:00 saslauthd -a pam
root      1158  0.0  0.2  3720 1100 ?        S    21:29   0:00 saslauthd -a pam
root      1159  0.0  0.2  3720 1100 ?        S    21:29   0:00 saslauthd -a pam
root      1160  0.0  0.2  3720 1100 ?        S    21:29   0:00 saslauthd -a pam
root      1166  0.1  0.3  3456 1644 ?        S    21:29   0:00 -:0
daemon    1181  0.0  0.1  1524  616 ?        S    21:29   0:00 [tmdns]
root      1263  0.1  0.5  5872 2892 ?        S    21:29   0:00 cupsd
root      1427  0.0  0.1  1412  596 ?        S    21:29   0:00 crond
root      1452  0.0  0.2  2372 1048 ?        S    21:29   0:00 /usr/bin/lisa -c
root      1669  0.0  0.0  1332  408 vc/1     S    21:29   0:00 /sbin/mingetty tt
root      1670  0.0  0.0  1332  408 vc/2     S    21:29   0:00 /sbin/mingetty tt
root      1671  0.0  0.0  1332  408 vc/3     S    21:29   0:00 /sbin/mingetty tt
root      1672  0.0  0.0  1332  408 vc/4     S    21:29   0:00 /sbin/mingetty tt
root      1673  0.0  0.0  1332  408 vc/5     S    21:29   0:00 /sbin/mingetty tt
root      1674  0.0  0.0  1332  408 vc/6     S    21:29   0:00 /sbin/mingetty tt
vin001    1748  0.3  0.2  2416 1220 ?        S    21:29   0:00 /bin/sh /usr/bin/
vin001    1833  0.2  1.5 20588 8232 ?        S    21:30   0:00 kdeinit: Running.
vin001    1836  0.0  1.6 20488 8392 ?        S    21:30   0:00 kdeinit: dcopserv
vin001    1839  0.2  1.8 21824 9504 ?        S    21:30   0:00 kdeinit: klaunche
vin001    1841  1.0  2.2 22304 11492 ?       S    21:30   0:00 kdeinit: kded
vin001    1851  1.2  2.6 27672 13732 ?       S    21:30   0:00 kdeinit: knotify
vin001    1852  0.0  0.0  1340  300 ?        S    21:30   0:00 kwrapper ksmserve
vin001    1854  1.2  2.1 21944 10920 ?       S    21:30   0:00 kdeinit: ksmserve
vin001    1855  1.8  2.4 22768 12488 ?       S    21:30   0:00 kdeinit: kwin -se
vin001    1857  5.0  3.3 29680 17028 ?       S    21:30   0:00 kdeinit: kdesktop
vin001    1859  0.0  1.6 20736 8704 ?        S    21:30   0:00 kdeinit: kio_file
vin001    1861  0.0  1.6 20732 8700 ?        S    21:30   0:00 kdeinit: kio_file
vin001    1862  3.1  2.7 24820 14368 ?       S    21:30   0:00 kdeinit: kicker
vin001    1863  0.0  1.6 20620 8576 ?        S    21:30   0:00 kdeinit: kio_devi
vin001    1866  1.8  2.2 22524 11760 ?       S    21:30   0:00 kdeinit: kwrited
vin001    1867  2.4  1.9 18540 10224 ?       S    21:30   0:00 kmoon -session 11
vin001    1869  1.5  2.1 21940 10888 ?       S    21:30   0:00 kdeinit: kaccess
vin001    1872  1.8  2.0 21856 10676 ?       S    21:30   0:00 kalarmd --login
vin001    1873  6.7  2.6 24028 13768 ?       R    21:30   0:00 kdeinit: konsole
vin001    1874  0.7  0.2  2608 1524 pts/1    S    21:30   0:00 /bin/bash
vin001    1905  0.0  0.1  2580  756 pts/1    R    21:30   0:00 ps aux[

win32sux · 03-01-2005, 11:39 PM

looks good to me as it is... if you're not doing any printing you could disable cups, but nothing else that i see should really concern you - specially if you're completely firewalled...

wardialer · 03-01-2005, 11:40 PM

So what should I have to disable here to make my system extra secure???

Code:

top - 21:37:31 up 8 min,  3 users,  load average: 0.00, 0.09, 0.07
Tasks:  70 total,   1 running,  69 sleeping,   0 stopped,   0 zombie
Cpu(s):   1.0% user,   0.7% system,   0.0% nice,  98.3% idle
Mem:    515148k total,   250440k used,   264708k free,    10960k buffers
Swap:   506008k total,        0k used,   506008k free,   155664k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  Command
 1135 root      13 -10 95028  12m 2744 S  0.7  2.4   0:11.77 X
 1857 vin001    10   0 17384  16m  14m S  0.3  3.4   0:00.85 kdeinit
 1971 vin001    12   0 16124  15m  13m S  0.3  3.1   0:01.76 kdeinit
 2003 vin001    14   0   980  980  776 R  0.3  0.2   0:00.77 top
    1 root       8   0   496  496  448 S  0.0  0.1   0:04.79 init
    2 root       9   0     0    0    0 S  0.0  0.0   0:00.02 keventd
    3 root      18  19     0    0    0 S  0.0  0.0   0:00.00 ksoftirqd_CPU0
    4 root       9   0     0    0    0 S  0.0  0.0   0:00.00 kswapd
    5 root       9   0     0    0    0 S  0.0  0.0   0:00.00 bdflush
    6 root       9   0     0    0    0 S  0.0  0.0   0:00.00 kupdated
    7 root      -1 -20     0    0    0 S  0.0  0.0   0:00.00 mdrecoveryd
   11 root       9   0     0    0    0 S  0.0  0.0   0:00.00 kjournald
  122 root       9   0  1384 1384  808 S  0.0  0.3   0:00.25 devfsd
  217 root       9   0     0    0    0 S  0.0  0.0   0:00.00 khubd
  408 root       9   0     0    0    0 S  0.0  0.0   0:00.00 kjournald
  415 root       9   0     0    0    0 S  0.0  0.0   0:00.00 kjournald
  416 root       9   0     0    0    0 S  0.0  0.0   0:00.00 kjournald
  855 root       9   0   964  964  696 S  0.0  0.2   0:00.00 dhclient
  945 root       9   0   624  624  520 S  0.0  0.1   0:00.04 syslogd
  953 root       9   0  1320 1320  436 S  0.0  0.3   0:00.06 klogd
 1042 xfs        9   0  4260 4260 1124 S  0.0  0.8   0:00.14 xfs
 1113 daemon     9   0   500  500  444 S  0.0  0.1   0:00.00 atd
 1126 root       9   0   652  652  572 S  0.0  0.1   0:00.02 mdkkdm
 1140 root       9   0  1100 1100 1096 S  0.0  0.2   0:00.00 saslauthd
 1157 root       9   0  1100 1100 1088 S  0.0  0.2   0:00.00 saslauthd
 1158 root       9   0  1100 1100 1096 S  0.0  0.2   0:00.00 saslauthd
 1159 root       9   0  1100 1100 1096 S  0.0  0.2   0:00.00 saslauthd
 1160 root       9   0  1100 1100 1096 S  0.0  0.2   0:00.00 saslauthd
 1166 root       8   0  1644 1644 1368 S  0.0  0.3   0:00.06 mdkkdm
 1181 daemon     9   0   652  652  540 S  0.0  0.1   0:00.00 tmdns
 1263 root       8   0  2944 2944 1288 S  0.0  0.6   0:00.09 cupsd
 1427 root       9   0   596  596  524 S  0.0  0.1   0:00.00 crond
 1452 root       8   0  1048 1048  912 S  0.0  0.2   0:00.00 lisa
 1669 root       9   0   408  408  364 S  0.0  0.1   0:00.01 mingetty

wardialer · 03-01-2005, 11:43 PM

Did you also take a look at the tops output?
Also, THE MOST IMPORTANT ONE I disabled was the Samba services...(SMB)

i know its not anything close to OpenBSD security.... but its still better than nothing.

win32sux · 03-01-2005, 11:51 PM

yeah, i looked at top's output - everything looks fine...

BTW, i can recommend rootkit hunter if you wanna check your system a little deeper:

http://www.rootkit.nl/

it'll check for several common security issues (not just rootkits)...

make sure you read the documentation before you try it...

good luck...

happylife · 03-02-2005, 12:01 AM

first of all u see which runlevel u use, i think u use GUI prompt & runlevel 5. after that go on runlevel directry which hase /etc under than find like S???nfs like or nfs ward related script. than only put 'K'
on place of 'S'. reboot ur system. i thing solve ur problem.

i told u only disable nfs function , same way u can disable others function.

that way u disable cup & lisa survicess.

reply me now.

happylife · 03-02-2005, 12:23 AM

wardialer,
do firewall configure,do startup kirnell script configure., do xhost configure, do stop ping like fload attack by script configure of kernell.
than i think more sequre than system.

my e-mail id= pritam102000@yahoo.com

broch · 03-02-2005, 07:28 AM

Quote:

You know how OpenBSD is secure by default because of the uneeded services are disabled???

This is weird way of looking at security. Basically NetBSD or FreeBSD are more secure because all ports (services) are closed after installation?
This is not why OBSD or immunix are secure.

If you know what services you need to close on OBSD, then close exactly the same on linux.
Depending on the distro you can find running portmapper, NFS, NIS, smb, ftp, time. Close them all. Remember that some services to run properly may require other services (e.g. NFS requires portmapper) so you have to know what are you doing.

Quote:

do firewall configure,do startup kirnell script configure., do xhost configure, do stop ping like fload attack by script configure of kernell.

Nope, use sysctl to harden tcp stack.

wardialer · 03-02-2005, 08:56 AM

Quote:

Nope, use sysctl to harden tcp stack.

How can I do that??? It sounds like its not an easy thing to do. Please explain the commands.

What changes or what things I have to modify WITHOUT destroying my system here???

broch · 03-02-2005, 11:03 AM

sysctl is quite easy:
in the terminal window enter
sysctl -a | grep net

all the options should be entered to /etc/sysctl.conf
next run
sysctl -p

more detailed info:
google.com
and search for linux sysctl tcp (harden)
usually you will find suggestion to set "on" window scaling but for workstation it should be off (so no need to set rmem wmem and mem)
don't turn sack off for workstation because that will slow down web browsing. The rest will apply, but the exact values should be tested.

sysctl is a UNIX variable that you should know from OpenBSD, there are small (differences in the syntax mostly), but most of the stuff is exaclt the same.

ports:
what is the output of
#netstat --tcp -ln
#netstat --udp -ln

the above will take (partially) care of tcp hardening, you will have to read about account management too (if you have more that one user and this is not a home workstation, where you can trust users)