List of Processes for security reasons

xorion · 02-20-2008, 10:44 AM

Dear all,

I have installed Fedora 7 with most of the options unchecked, so its minimum install for the purpose of running DirectAdmin web hosting control panel, which has basic httpd, pop3, smtp, exim and proftpd running. The server specs is a P4 3.0Ghz LGA775 with 2GB RAM on a 300GB SATA2 single hdd.

I wish to ensure the minimal system services run, can an expert check for me if any below is redundant or maybe redundant because I don't really know what these processes below does. I filtered away and these are the ones that I'm unsure if they should be running.

How do i stop some of them from running from system startup? Thanks!

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 2136 664 ? Ss 00:07 0:01 init [3]
root 2 0.0 0.0 0 0 ? S 00:07 0:00 [migration/0]
root 3 0.0 0.0 0 0 ? SN 00:07 0:00 [ksoftirqd/0]
root 4 0.0 0.0 0 0 ? S 00:07 0:00 [watchdog/0]
root 5 0.0 0.0 0 0 ? S 00:07 0:00 [migration/1]
root 6 0.0 0.0 0 0 ? SN 00:07 0:00 [ksoftirqd/1]
root 7 0.0 0.0 0 0 ? S 00:07 0:00 [watchdog/1]
root 8 0.0 0.0 0 0 ? S< 00:07 0:00 [events/0]
root 9 0.0 0.0 0 0 ? S< 00:07 0:00 [events/1]
root 10 0.0 0.0 0 0 ? S< 00:07 0:00 [khelper]
root 11 0.0 0.0 0 0 ? S< 00:07 0:00 [kthread]
root 51 0.0 0.0 0 0 ? S< 00:07 0:00 [kblockd/0]
root 52 0.0 0.0 0 0 ? S< 00:07 0:00 [kblockd/1]
root 53 0.0 0.0 0 0 ? S< 00:07 0:00 [kacpid]
root 155 0.0 0.0 0 0 ? S< 00:07 0:00 [cqueue/0]
root 156 0.0 0.0 0 0 ? S< 00:07 0:00 [cqueue/1]
root 157 0.0 0.0 0 0 ? S< 00:07 0:00 [ksuspend_usbd]
root 160 0.0 0.0 0 0 ? S< 00:07 0:00 [khubd]
root 162 0.0 0.0 0 0 ? S< 00:07 0:00 [kseriod]
root 188 0.0 0.0 0 0 ? S 00:07 0:00 [pdflush]
root 189 0.0 0.0 0 0 ? S 00:07 0:00 [pdflush]
root 190 0.0 0.0 0 0 ? S< 00:07 0:00 [kswapd0]
root 191 0.0 0.0 0 0 ? S< 00:07 0:00 [aio/0]
root 192 0.0 0.0 0 0 ? S< 00:07 0:00 [aio/1]
root 338 0.0 0.0 0 0 ? S< 00:07 0:00 [kpsmoused]
root 371 0.0 0.0 0 0 ? S< 00:07 0:00 [ata/0]
root 372 0.0 0.0 0 0 ? S< 00:07 0:00 [ata/1]
root 373 0.0 0.0 0 0 ? S< 00:07 0:00 [ata_aux]
root 377 0.0 0.0 0 0 ? S< 00:07 0:00 [scsi_eh_0]
root 378 0.0 0.0 0 0 ? S< 00:07 0:00 [scsi_eh_1]
root 382 0.0 0.0 0 0 ? S< 00:07 0:00 [scsi_eh_2]
root 383 0.0 0.0 0 0 ? S< 00:07 0:00 [scsi_eh_3]
root 384 0.0 0.0 0 0 ? S< 00:07 0:00 [scsi_eh_4]
root 385 0.0 0.0 0 0 ? S< 00:07 0:00 [scsi_eh_5]
root 392 0.0 0.0 0 0 ? S< 00:07 0:00 [kmirrord]
root 399 0.0 0.0 0 0 ? S< 00:07 0:00 [ksnapd]
root 410 0.1 0.0 0 0 ? S< 00:07 0:01 [kjournald]
root 437 0.0 0.0 0 0 ? S< 00:07 0:00 [kauditd]
root 474 0.0 0.0 2248 588 ? S<s 00:07 0:00 /sbin/udevd -d
root 1196 0.0 0.0 0 0 ? S< 00:07 0:00 [kmpathd/0]
root 1197 0.0 0.0 0 0 ? S< 00:07 0:00 [kmpathd/1]
root 1256 0.0 0.0 0 0 ? S< 00:07 0:00 [kjournald]
root 1773 0.0 0.0 1800 592 ? Ss 00:07 0:00 syslogd -m 0
root 1776 0.0 0.0 1740 412 ? Ss 00:07 0:00 klogd -x
root 1792 0.0 0.0 2372 456 ? Ss 00:07 0:00 irqbalance
dbus 1832 0.0 0.0 2820 1068 ? Ss 00:07 0:00 dbus-daemon --system
root 1855 0.0 0.0 12796 1320 ? Ss 00:07 0:00 pcscd
root 1876 0.0 0.0 6140 1144 ? Ssl 00:07 0:00 automount
root 2094 0.0 0.0 7452 1800 ? Ssl 00:07 0:00 console-kit-daemon
root 2186 0.0 0.0 1736 624 ? SNs 00:07 0:00 anacron -s
root 2200 0.0 0.0 1924 404 ? Ss 00:07 0:00 /usr/sbin/atd
avahi 2216 0.0 0.0 2644 1372 ? Ss 00:07 0:00 avahi-daemon: running [sg.local]
avahi 2217 0.0 0.0 2644 420 ? Ss 00:07 0:00 avahi-daemon: chroot helper
68 2232 0.0 0.1 4660 2736 ? Ss 00:07 0:00 hald
root 2233 0.0 0.0 3084 984 ? S 00:07 0:00 hald-runner
68 2244 0.0 0.0 2076 800 ? S 00:07 0:00 hald-addon-keyboard: listening on /dev/input/event2
68 2245 0.0 0.0 2076 800 ? S 00:07 0:00 hald-addon-keyboard: listening on /dev/input/event3
root 2255 0.0 0.0 3140 964 ? S 00:07 0:00 hald-addon-storage: polling /dev/scd0 (every 16 sec)
68 2258 0.0 0.0 2072 800 ? S 00:07 0:00 hald-addon-acpi: listening on acpi kernel interface /proc/acpi/event
root 2340 0.0 0.0 3208 524 ? S 00:07 0:00 /usr/sbin/smartd -q never
root 2343 0.0 0.0 1728 456 tty1 Ss+ 00:07 0:00 /sbin/mingetty tty1
root 2344 0.0 0.0 1728 456 tty2 Ss+ 00:07 0:00 /sbin/mingetty tty2
root 2345 0.0 0.0 1724 456 tty3 Ss+ 00:07 0:00 /sbin/mingetty tty3
root 2346 0.0 0.0 1724 456 tty4 Ss+ 00:07 0:00 /sbin/mingetty tty4
root 2347 0.0 0.0 1724 452 tty5 Ss+ 00:07 0:00 /sbin/mingetty tty5
root 2348 0.0 0.0 1724 456 tty6 Ss+ 00:07 0:00 /sbin/mingetty tty6

# ls /etc/init.d/
anacron crond functions iptables microcode_ctl netplugd ntpd restorecond sshd yum-updatesd
atd cups fuse irqbalance multipathd network pcscd rpcbind startips
autofs da-popb4smtp gpm killall mysqld NetworkManager proftpd rpcgssd syslog
avahi-daemon dhcdbd haldaemon kudzu named NetworkManagerDispatcher psacct rpcidmapd vm-pop3d
avahi-dnsconfd directadmin halt mcstrans named.back nfs rdisc rpcsvcgssd wpa_supplicant
ConsoleKit exim httpd mdmonitor netconsole nfslock readahead_early single xinetd
cpuspeed firstboot ip6tables messagebus netfs nscd readahead_later smartd ypbind

--
specifically, does these really need to run?

root 1776 0.0 0.0 1740 412 ? Ss 00:07 0:00 klogd -x
dbus 1832 0.0 0.0 2820 1068 ? Ss 00:07 0:00 dbus-daemon --system
root 1855 0.0 0.0 12796 1320 ? Ss 00:07 0:00 pcscd
root 1876 0.0 0.0 6140 1144 ? Ssl 00:07 0:00 automount
root 2094 0.0 0.0 7452 1800 ? Ssl 00:07 0:00 console-kit-daemon
root 2186 0.0 0.0 1736 624 ? SNs 00:07 0:00 anacron -s
root 2200 0.0 0.0 1924 404 ? Ss 00:07 0:00 /usr/sbin/atd
avahi 2216 0.0 0.0 2644 1372 ? Ss 00:07 0:00 avahi-daemon: running [sg.local]
avahi 2217 0.0 0.0 2644 420 ? Ss 00:07 0:00 avahi-daemon: chroot helper
68 2232 0.0 0.1 4660 2736 ? Ss 00:07 0:00 hald
root 2233 0.0 0.0 3084 984 ? S 00:07 0:00 hald-runner
68 2244 0.0 0.0 2076 800 ? S 00:07 0:00 hald-addon-keyboard: listening on /dev/input/event2
68 2245 0.0 0.0 2076 800 ? S 00:07 0:00 hald-addon-keyboard: listening on /dev/input/event3
root 2255 0.0 0.0 3140 964 ? S 00:07 0:00 hald-addon-storage: polling /dev/scd0 (every 16 sec)
68 2258 0.0 0.0 2072 800 ? S 00:07 0:00 hald-addon-acpi: listening on acpi kernel interface /proc/acpi/event
root 2340 0.0 0.0 3208 524 ? S 00:07 0:00 /usr/sbin/smartd -q never
root 2343 0.0 0.0 1728 456 tty1 Ss+ 00:07 0:00 /sbin/mingetty tty1
root 2344 0.0 0.0 1728 456 tty2 Ss+ 00:07 0:00 /sbin/mingetty tty2
root 2345 0.0 0.0 1724 456 tty3 Ss+ 00:07 0:00 /sbin/mingetty tty3
root 2346 0.0 0.0 1724 456 tty4 Ss+ 00:07 0:00 /sbin/mingetty tty4
root 2347 0.0 0.0 1724 452 tty5 Ss+ 00:07 0:00 /sbin/mingetty tty5
root 2348 0.0 0.0 1724 456 tty6 Ss+ 00:07 0:00 /sbin/mingetty tty6

unSpawn · 02-21-2008, 09:32 AM

Hello and welcome to LQ. Hope you like it here.

Unfortunately I'm no expert and I couldn't determine your level of skill administering GNU/Linux from here, so this reply could contain things you'd rather not read. First is about your distribution release. F7 is considered kind of old now (F9 is nearing completion) so you should really upgrade to F8. Staying at one release version is not an option with Fedora, so if you can't keep up with the the breakneck speed at which Fedora releases please move to another distribution. CentOS for instance has all the benefits of RHEL minus what you pay for support and updates.

Looking at your OP I guess you're looking to be something like a reseller, making money hosting stuff. Cool. What you don't want is to encounter problems or end up in a situation which keeps you from making money. You're using Fedora. Red Hat and the Fedora Project have some documents you should read about administration. You could argue all of that is a waste of time or you'll do that later but you really do need to up your basic OS usage and administration skills. And being able to install and configure software through whatever panel does make you responsable for the result but unfortunately does not make you a systems administrator overnight.

Simple example. Your process list shows those of type "[name]". These are kernel processes which you can tell not only from their argv[0] but also from the facts that their session ID is either 1 or their parent process ID equals the process ID of another kernel process (/bin/ps -eo pid,ppid,sid,cmd --sort=sid). Discarding those you end up with a host of processes some of which it isn't easy to see where they're from. Since you use RPM you can then use 'rpm -q --whatprovides name' to see what package it belongs to. (Might need to to check the process ID /proc/$PID/exe which points to a binary (readlink -f /proc/2348/exe) for some). In your case PID 2348 is /sbin/mingetty and the package name is "mingetty". To find out about this package "rpm -qi mingetty" shows some info and "rpm -ql mingetty" lists the package contents. Need more info? "rpm -ql mingetty|grep man/" shows you which manual pages the package contains, so "man mingetty" should get you the details. With these simple steps exploring your system will be easier and you then have the information yourself to determine *if* you should run a process.

And that's only the beginning. Have you heard about system hardening?

Anyway. If you think this was all of that is a waste of time I'll just throw out a list of procs which may or may not be unnecessary: anacron microcode_ctl ntpd cups irqbalance pcscd NetworkManager avahi-daemon dhcdbd NetworkManagerDispatcher avahi-dnsconfd named.back rdisc wpa_supplicant cpuspeed ip6tables. YMMV(VM) :-]