Slackware-13.37-Hacks-Turning Off Services
Posted 01-30-2012 at 07:18 PM by arniekat
These are all of the Services that are available upon Installation. It is better to deactivate them upon the initial Slackware 13.37 installation, however in this tutorial will go through deactivating services as an exercise.
Confirm startup services to run
[ ] rc.atalk
[ ] rc.bind
[ ] rc.cups
[ ] rc.dnsmasq
[X] rc.fuse
[X] rc.hald
[ ] rc.httpd
[ ] rc.inetd
[ ] rc.ip_forward
[X] rc.messagebus
[ ] rc.mysqld
[ ] rc.ntpd
[ ] rc.pcmcia
[ ] rc.rpc
[ ] rc.samba
[ ] rc.saslauthd
[ ] rc.sendmail
[ ] rc.snmpd
[X] rc.syslog
[X] rc.sshd
After turning ON all Services with KDE Desktop running, there were 183 tasks consuming approx 421MB of RAM. After disabling/turning off the unneeded services, there were 167 tasks consuming approx 345MB of RAM.
The tools you can use to check for listening ports are the (1) CLI nmap or (2) CLI netstat or (3) Zenmap Application which is just a Graphical Front-End for nmap located at KDE Menu > Internet > Zenmap (as root) (GUI Port Scanner)
In this example, my local machine has a Static IP of 192.168.0.13
# nmap -T4 -A -v <IP Address of Your Machine>
# nmap -T4 -A -v 192.168.0.13
bash-4.1# netstat -lundt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN
tcp 0 0 192.168.0.13:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:548 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:37 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 ::1:953 :::* LISTEN
All the above with a State of "LISTEN" are Server Programs running on your computer. The ports opened are shown at the end of the quad notation on the section "Local Address".
You can find the name of the Service by using the following command.
$ cat /etc/services | grep 113
auth 113/tcp ident tap #Authentication Service
auth 113/udp ident tap #Authentication Service
Port 22 SSH Server (sshd)
Port 25 Sendmail Mail Server (smtp)
Port 37 Time Server (timserver)
Port 53 Domain Name Server (bind)
Port 80 Apache Web Server (httpd)
Port 111 Sun Remote Procedure Bind (rpcbind)
Port 113 Authentication Service (ident tap)
Port 548 AFP over TCP (netatalk)
Port 587 Submission Sendmail Mail Server (smtp)
Port 631 CUPS Print Server (cups)
Port 953 Named's rndc control socket (bind)
To turn off services:
ETC/INETD.CONF
# vi /etc/inetd.conf
Comment-out the following sections
time stream tcp nowait root internal
time dgram udp wait root internal
# Ident service is used for net authentication
auth stream tcp wait root /usr/sbin/in.identd in.identd
Save the file and exit.
This will turn off Ports 37 (time) and 113 (ident tap)
RC.ATALK
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start netatalk. (a file/print server for Macs using Appletalk)
if [ -x /etc/rc.d/rc.atalk ]; then
/etc/rc.d/rc.atalk
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.atalk
# chmod -x /etc/rc.d/rc.atalk
This will turn off Port 548
RC.BIND
# vi /etc/rc.d/rc.inet2
Comment-out the following section
# Start the BIND name server daemon:
if [ -x /etc/rc.d/rc.bind ]; then
/etc/rc.d/rc.bind start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.bind
# chmod -x /etc/rc.d/rc.bind
This will turn off Ports 53 and 953
RC.BLUETOOTH
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start Bluetooth:
if [ -x /etc/rc.d/rc.bluetooth ]; then
sh /etc/rc.d/rc.bluetooth start
fi
Save the file and exit.
This service is not turned on by default, but is shown for completeness.
RC.CUPS
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start the print spooling system. This will usually be LPRng (lpd) or CUPS.
if [ -x /etc/rc.d/rc.cups ]; then
# Start CUPS:
/etc/rc.d/rc.cups start
elif [ -x /etc/rc.d/rc.lprng ]; then
# Start LPRng (lpd):
. /etc/rc.d/rc.lprng start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.cups
# chmod -x /etc/rc.d/rc.cups
This will turn off Port 631
RC.DNSMASQ
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start dnsmasq, a simple DHCP/DNS server:
if [ -x /etc/rc.d/rc.dnsmasq ]; then
/etc/rc.d/rc.dnsmasq start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.dnsmasq
# chmod -x /etc/rc.d/rc.dnsmasq
RC.HTTPD
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start Apache web server:
if [ -x /etc/rc.d/rc.httpd ]; then
. /etc/rc.d/rc.httpd start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.httpd
# chmod -x /etc/rc.d/rc.httpd
This will turn off Port 80 (You can still browse the Web. This just turns off the Apache Web Server)
RC.IP_FORWARD
# vi /etc/rc.d/rc.inet2
Comment-out the following section
# Turn on IPv4 packet forwarding support.
if [ -x /etc/rc.d/rc.ip_forward ]; then
. /etc/rc.d/rc.ip_forward start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.ip_forward
# chmod -x /etc/rc.d/rc.ip_forward
RC.MYSQLD
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start the MySQL database:
if [ -x /etc/rc.d/rc.mysqld ]; then
. /etc/rc.d/rc.mysqld start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.mysqld
# chmod -x /etc/rc.d/rc.mysqld
RC.NFSD
# vi /etc/rc.d/rc.inet2
Comment-out the following section
# Start the NFS server. Note that for this to work correctly, you'll
# need nfsd support in the kernel (the startup script will try to load
# the module for you).
# You'll also need to set up some shares in /etc/exports.
# Starting the NFS server:
if [ -x /etc/rc.d/rc.nfsd ]; then
/etc/rc.d/rc.nfsd start
fi
Save the file and exit.
This service is not turned on by default, but is shown for completeness.
RC.NTPD
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start the Network Time Protocol daemon:
if [ -x /etc/rc.d/rc.ntpd ]; then
sh /etc/rc.d/rc.ntpd start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.ntpd
# chmod -x /etc/rc.d/rc.ntpd
RC.OPENLDAP
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start OpenLDAP:
if [ -x /etc/rc.d/rc.openldap ]; then
. /etc/rc.d/rc.openldap start
fi
Save the file and exit.
This service is not turned on by default, but is shown for completeness.
RC.PCMCIA
# vi /etc/rc.d/rc.M
Comment-out the following section
if [ -x /etc/rc.d/rc.pcmcia ]; then
. /etc/rc.d/rc.pcmcia start
# The cards might need a little extra time here to initialize.
sleep 5
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.pcmcia
# chmod -x /etc/rc.d/rc.pcmcia
RC.RPC
# vi /etc/rc.d/rc.inet2
Comment-out the following sections
# Mount remote (NFS) filesystems:
if cat /etc/fstab | grep -v '^#' | grep -w nfs 1> /dev/null 2> /dev/null ; then
# Start rpc.portmap, /sbin/rpc.lockd, and /sbin/rpc.statd if we find NFS
# volumes defined in /etc/fstab since these will need to be running in order
# to mount them. If they are not running, attempting to mount an NFS
# partition will cause mount to hang, or at least result in unreliable
# operation. Keep this in mind if you plan to mount unlisted NFS
# partitions...
# If you have uncommented NFS partitions in your /etc/fstab, rc.rpc is run
# whether it is set as executable or not. If you don't want to run it,
# comment the NFS partitions out in /etc/fstab or erase/rename rc.rpc.
if [ -r /etc/rc.d/rc.rpc ]; then
sh /etc/rc.d/rc.rpc start
fi
echo "Mounting remote (NFS) file systems: /sbin/mount -a -t nfs"
/sbin/mount -a -t nfs # This may be our /usr runtime!
# Show the mounted volumes:
/sbin/mount -v -t nfs
fi
# If /etc/rc.d/rc.rpc is executable, run it to load rpc.portmap, rpc.lockd,
# and rpc.statd. This might be needed to mount NFS partitions that are not
# listed in /etc/fstab. Starting this twice won't hurt as the script will
# check if things are already running before trying to start them.
if [ -x /etc/rc.d/rc.rpc ]; then
sh /etc/rc.d/rc.rpc start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.rpc
# chmod -x /etc/rc.d/rc.rpc
This will turn off Port 111
RC.SAMBA
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start Samba (a file/print server for Win95/NT machines).
# Samba can be started in /etc/inetd.conf instead.
if [ -x /etc/rc.d/rc.samba ]; then
. /etc/rc.d/rc.samba start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.samba
# chmod -x /etc/rc.d/rc.samba
This will turn off Ports 137, 138 and 139
RC.SASLAUTHD
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start the SASL authentication server. This provides SASL
# authentication services for sendmail:
if [ -x /etc/rc.d/rc.saslauthd ]; then
. /etc/rc.d/rc.saslauthd start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.saslauthd
# chmod -x /etc/rc.d/rc.saslauthd
RC.SENDMAIL
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start the sendmail daemon:
if [ -x /etc/rc.d/rc.sendmail ]; then
. /etc/rc.d/rc.sendmail start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.sendmail
# chmod -x /etc/rc.d/rc.sendmail
This will turn off Ports 25 and 587
RC.SSHD
# vi /etc/rc.d/rc.inet2
Comment-out the following section
# Start the OpenSSH SSH daemon:
if [ -x /etc/rc.d/rc.sshd ]; then
echo "Starting OpenSSH SSH daemon: /usr/sbin/sshd"
/etc/rc.d/rc.sshd start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.sshd
# chmod -x /etc/rc.d/rc.sshd
This will turn off Port 22
RC.SNMPD
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start snmpd:
if [ -x /etc/rc.d/rc.snmpd ]; then
/etc/rc.d/rc.snmpd start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.snmpd
# chmod -x /etc/rc.d/rc.snmpd
RC.WICD
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start wicd:
if [ -x /etc/rc.d/rc.wicd ]; then
sh /etc/rc.d/rc.wicd start
fi
Save the file and exit.
This service is not turned on by default, but is shown for completeness.
RC.YP
# vi /etc/rc.d/rc.inet2
Comment-out the following section
# Start NIS (the Network Information Service):
if [ -x /etc/rc.d/rc.yp ]; then
. /etc/rc.d/rc.yp start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.yp
# chmod -x /etc/rc.d/rc.yp
This service is not turned on by default, but is shown for completeness.
REMOVING EXECUTABLE BIT
Since this is a desktop machine hooked up with a Network Cable, I go ahead and remove the executable bit from scripts that I don't want to run at boot-time.
# chmod -x /etc/rc.d/rc.gpm
# chmod -x /etc/rc.d/rc.sysvinit
# chmod -x /etc/rc.d/rc.wireless
COMMENTING-OUT RC.M
# vi /etc/rc.d/rc.M
Comment-out the following sections if you don't use these Services:
# Load a custom screen font if the user has an rc.font script.
if [ -x /etc/rc.d/rc.font ]; then
. /etc/rc.d/rc.font
fi
# Load a custom keymap if the user has an rc.keymap script.
if [ -x /etc/rc.d/rc.keymap ]; then
. /etc/rc.d/rc.keymap
fi
# Start the GPM mouse server:
if [ -x /etc/rc.d/rc.gpm ]; then
. /etc/rc.d/rc.gpm start
fi
# If there are SystemV init scripts for this runlevel, run them.
if [ -x /etc/rc.d/rc.sysvinit ]; then
. /etc/rc.d/rc.sysvinit
fi
Save the file and exit.
COMMENTING-OUT RC.INET2
# vi /etc/rc.d/rc.inet2
Comment-out the following sections if you don't use these Services:
# Mount remote CIFS filesystems. Note that where possible, using CIFS is
# preferred over SMBFS. SMBFS is no longer actively maintained.
if cat /etc/fstab | grep -v '^#' | grep -w cifs 1> /dev/null 2> /dev/null ; then
echo "Mounting remote CIFS file systems: /sbin/mount -a -t cifs"
/sbin/mount -a -t cifs
# Show the mounted volumes:
/sbin/mount -v -t cifs
fi
# Mount remote SMB filesystems:
if cat /etc/fstab | grep -v '^#' | grep -w smbfs 1> /dev/null 2> /dev/null ; then
echo "Mounting remote SMBFS file systems: /sbin/mount -a -t smbfs"
/sbin/mount -a -t smbfs
# Show the mounted volumes:
/sbin/mount -v -t smbfs
fi
Save the file and exit.
Confirm startup services to run
[ ] rc.atalk
[ ] rc.bind
[ ] rc.cups
[ ] rc.dnsmasq
[X] rc.fuse
[X] rc.hald
[ ] rc.httpd
[ ] rc.inetd
[ ] rc.ip_forward
[X] rc.messagebus
[ ] rc.mysqld
[ ] rc.ntpd
[ ] rc.pcmcia
[ ] rc.rpc
[ ] rc.samba
[ ] rc.saslauthd
[ ] rc.sendmail
[ ] rc.snmpd
[X] rc.syslog
[X] rc.sshd
After turning ON all Services with KDE Desktop running, there were 183 tasks consuming approx 421MB of RAM. After disabling/turning off the unneeded services, there were 167 tasks consuming approx 345MB of RAM.
The tools you can use to check for listening ports are the (1) CLI nmap or (2) CLI netstat or (3) Zenmap Application which is just a Graphical Front-End for nmap located at KDE Menu > Internet > Zenmap (as root) (GUI Port Scanner)
In this example, my local machine has a Static IP of 192.168.0.13
# nmap -T4 -A -v <IP Address of Your Machine>
# nmap -T4 -A -v 192.168.0.13
bash-4.1# netstat -lundt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN
tcp 0 0 192.168.0.13:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:548 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:37 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 ::1:953 :::* LISTEN
All the above with a State of "LISTEN" are Server Programs running on your computer. The ports opened are shown at the end of the quad notation on the section "Local Address".
You can find the name of the Service by using the following command.
$ cat /etc/services | grep 113
auth 113/tcp ident tap #Authentication Service
auth 113/udp ident tap #Authentication Service
Port 22 SSH Server (sshd)
Port 25 Sendmail Mail Server (smtp)
Port 37 Time Server (timserver)
Port 53 Domain Name Server (bind)
Port 80 Apache Web Server (httpd)
Port 111 Sun Remote Procedure Bind (rpcbind)
Port 113 Authentication Service (ident tap)
Port 548 AFP over TCP (netatalk)
Port 587 Submission Sendmail Mail Server (smtp)
Port 631 CUPS Print Server (cups)
Port 953 Named's rndc control socket (bind)
To turn off services:
ETC/INETD.CONF
# vi /etc/inetd.conf
Comment-out the following sections
time stream tcp nowait root internal
time dgram udp wait root internal
# Ident service is used for net authentication
auth stream tcp wait root /usr/sbin/in.identd in.identd
Save the file and exit.
This will turn off Ports 37 (time) and 113 (ident tap)
RC.ATALK
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start netatalk. (a file/print server for Macs using Appletalk)
if [ -x /etc/rc.d/rc.atalk ]; then
/etc/rc.d/rc.atalk
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.atalk
# chmod -x /etc/rc.d/rc.atalk
This will turn off Port 548
RC.BIND
# vi /etc/rc.d/rc.inet2
Comment-out the following section
# Start the BIND name server daemon:
if [ -x /etc/rc.d/rc.bind ]; then
/etc/rc.d/rc.bind start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.bind
# chmod -x /etc/rc.d/rc.bind
This will turn off Ports 53 and 953
RC.BLUETOOTH
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start Bluetooth:
if [ -x /etc/rc.d/rc.bluetooth ]; then
sh /etc/rc.d/rc.bluetooth start
fi
Save the file and exit.
This service is not turned on by default, but is shown for completeness.
RC.CUPS
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start the print spooling system. This will usually be LPRng (lpd) or CUPS.
if [ -x /etc/rc.d/rc.cups ]; then
# Start CUPS:
/etc/rc.d/rc.cups start
elif [ -x /etc/rc.d/rc.lprng ]; then
# Start LPRng (lpd):
. /etc/rc.d/rc.lprng start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.cups
# chmod -x /etc/rc.d/rc.cups
This will turn off Port 631
RC.DNSMASQ
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start dnsmasq, a simple DHCP/DNS server:
if [ -x /etc/rc.d/rc.dnsmasq ]; then
/etc/rc.d/rc.dnsmasq start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.dnsmasq
# chmod -x /etc/rc.d/rc.dnsmasq
RC.HTTPD
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start Apache web server:
if [ -x /etc/rc.d/rc.httpd ]; then
. /etc/rc.d/rc.httpd start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.httpd
# chmod -x /etc/rc.d/rc.httpd
This will turn off Port 80 (You can still browse the Web. This just turns off the Apache Web Server)
RC.IP_FORWARD
# vi /etc/rc.d/rc.inet2
Comment-out the following section
# Turn on IPv4 packet forwarding support.
if [ -x /etc/rc.d/rc.ip_forward ]; then
. /etc/rc.d/rc.ip_forward start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.ip_forward
# chmod -x /etc/rc.d/rc.ip_forward
RC.MYSQLD
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start the MySQL database:
if [ -x /etc/rc.d/rc.mysqld ]; then
. /etc/rc.d/rc.mysqld start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.mysqld
# chmod -x /etc/rc.d/rc.mysqld
RC.NFSD
# vi /etc/rc.d/rc.inet2
Comment-out the following section
# Start the NFS server. Note that for this to work correctly, you'll
# need nfsd support in the kernel (the startup script will try to load
# the module for you).
# You'll also need to set up some shares in /etc/exports.
# Starting the NFS server:
if [ -x /etc/rc.d/rc.nfsd ]; then
/etc/rc.d/rc.nfsd start
fi
Save the file and exit.
This service is not turned on by default, but is shown for completeness.
RC.NTPD
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start the Network Time Protocol daemon:
if [ -x /etc/rc.d/rc.ntpd ]; then
sh /etc/rc.d/rc.ntpd start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.ntpd
# chmod -x /etc/rc.d/rc.ntpd
RC.OPENLDAP
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start OpenLDAP:
if [ -x /etc/rc.d/rc.openldap ]; then
. /etc/rc.d/rc.openldap start
fi
Save the file and exit.
This service is not turned on by default, but is shown for completeness.
RC.PCMCIA
# vi /etc/rc.d/rc.M
Comment-out the following section
if [ -x /etc/rc.d/rc.pcmcia ]; then
. /etc/rc.d/rc.pcmcia start
# The cards might need a little extra time here to initialize.
sleep 5
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.pcmcia
# chmod -x /etc/rc.d/rc.pcmcia
RC.RPC
# vi /etc/rc.d/rc.inet2
Comment-out the following sections
# Mount remote (NFS) filesystems:
if cat /etc/fstab | grep -v '^#' | grep -w nfs 1> /dev/null 2> /dev/null ; then
# Start rpc.portmap, /sbin/rpc.lockd, and /sbin/rpc.statd if we find NFS
# volumes defined in /etc/fstab since these will need to be running in order
# to mount them. If they are not running, attempting to mount an NFS
# partition will cause mount to hang, or at least result in unreliable
# operation. Keep this in mind if you plan to mount unlisted NFS
# partitions...
# If you have uncommented NFS partitions in your /etc/fstab, rc.rpc is run
# whether it is set as executable or not. If you don't want to run it,
# comment the NFS partitions out in /etc/fstab or erase/rename rc.rpc.
if [ -r /etc/rc.d/rc.rpc ]; then
sh /etc/rc.d/rc.rpc start
fi
echo "Mounting remote (NFS) file systems: /sbin/mount -a -t nfs"
/sbin/mount -a -t nfs # This may be our /usr runtime!
# Show the mounted volumes:
/sbin/mount -v -t nfs
fi
# If /etc/rc.d/rc.rpc is executable, run it to load rpc.portmap, rpc.lockd,
# and rpc.statd. This might be needed to mount NFS partitions that are not
# listed in /etc/fstab. Starting this twice won't hurt as the script will
# check if things are already running before trying to start them.
if [ -x /etc/rc.d/rc.rpc ]; then
sh /etc/rc.d/rc.rpc start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.rpc
# chmod -x /etc/rc.d/rc.rpc
This will turn off Port 111
RC.SAMBA
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start Samba (a file/print server for Win95/NT machines).
# Samba can be started in /etc/inetd.conf instead.
if [ -x /etc/rc.d/rc.samba ]; then
. /etc/rc.d/rc.samba start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.samba
# chmod -x /etc/rc.d/rc.samba
This will turn off Ports 137, 138 and 139
RC.SASLAUTHD
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start the SASL authentication server. This provides SASL
# authentication services for sendmail:
if [ -x /etc/rc.d/rc.saslauthd ]; then
. /etc/rc.d/rc.saslauthd start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.saslauthd
# chmod -x /etc/rc.d/rc.saslauthd
RC.SENDMAIL
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start the sendmail daemon:
if [ -x /etc/rc.d/rc.sendmail ]; then
. /etc/rc.d/rc.sendmail start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.sendmail
# chmod -x /etc/rc.d/rc.sendmail
This will turn off Ports 25 and 587
RC.SSHD
# vi /etc/rc.d/rc.inet2
Comment-out the following section
# Start the OpenSSH SSH daemon:
if [ -x /etc/rc.d/rc.sshd ]; then
echo "Starting OpenSSH SSH daemon: /usr/sbin/sshd"
/etc/rc.d/rc.sshd start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.sshd
# chmod -x /etc/rc.d/rc.sshd
This will turn off Port 22
RC.SNMPD
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start snmpd:
if [ -x /etc/rc.d/rc.snmpd ]; then
/etc/rc.d/rc.snmpd start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.snmpd
# chmod -x /etc/rc.d/rc.snmpd
RC.WICD
# vi /etc/rc.d/rc.M
Comment-out the following section
# Start wicd:
if [ -x /etc/rc.d/rc.wicd ]; then
sh /etc/rc.d/rc.wicd start
fi
Save the file and exit.
This service is not turned on by default, but is shown for completeness.
RC.YP
# vi /etc/rc.d/rc.inet2
Comment-out the following section
# Start NIS (the Network Information Service):
if [ -x /etc/rc.d/rc.yp ]; then
. /etc/rc.d/rc.yp start
fi
Save the file and exit.
Remove the executable bit from the script /etc/rc.d/rc.yp
# chmod -x /etc/rc.d/rc.yp
This service is not turned on by default, but is shown for completeness.
REMOVING EXECUTABLE BIT
Since this is a desktop machine hooked up with a Network Cable, I go ahead and remove the executable bit from scripts that I don't want to run at boot-time.
# chmod -x /etc/rc.d/rc.gpm
# chmod -x /etc/rc.d/rc.sysvinit
# chmod -x /etc/rc.d/rc.wireless
COMMENTING-OUT RC.M
# vi /etc/rc.d/rc.M
Comment-out the following sections if you don't use these Services:
# Load a custom screen font if the user has an rc.font script.
if [ -x /etc/rc.d/rc.font ]; then
. /etc/rc.d/rc.font
fi
# Load a custom keymap if the user has an rc.keymap script.
if [ -x /etc/rc.d/rc.keymap ]; then
. /etc/rc.d/rc.keymap
fi
# Start the GPM mouse server:
if [ -x /etc/rc.d/rc.gpm ]; then
. /etc/rc.d/rc.gpm start
fi
# If there are SystemV init scripts for this runlevel, run them.
if [ -x /etc/rc.d/rc.sysvinit ]; then
. /etc/rc.d/rc.sysvinit
fi
Save the file and exit.
COMMENTING-OUT RC.INET2
# vi /etc/rc.d/rc.inet2
Comment-out the following sections if you don't use these Services:
# Mount remote CIFS filesystems. Note that where possible, using CIFS is
# preferred over SMBFS. SMBFS is no longer actively maintained.
if cat /etc/fstab | grep -v '^#' | grep -w cifs 1> /dev/null 2> /dev/null ; then
echo "Mounting remote CIFS file systems: /sbin/mount -a -t cifs"
/sbin/mount -a -t cifs
# Show the mounted volumes:
/sbin/mount -v -t cifs
fi
# Mount remote SMB filesystems:
if cat /etc/fstab | grep -v '^#' | grep -w smbfs 1> /dev/null 2> /dev/null ; then
echo "Mounting remote SMBFS file systems: /sbin/mount -a -t smbfs"
/sbin/mount -a -t smbfs
# Show the mounted volumes:
/sbin/mount -v -t smbfs
fi
Save the file and exit.
Total Comments 2
Comments
-
Thank you so much for this tutorial on editing out & closing ports for services average user never will use on stand alone laptops or PC. This is gold mine for my bookmarks and public folder. With deep gratitude NightSkyPosted 11-22-2013 at 01:02 AM by NightSky 
Updated 11-22-2013 at 01:41 AM by NightSky -
Your welcome. I have some more tutorials I need to edit (trim-down) and post. The appreciative comments are very much appreciated.
Posted 05-18-2014 at 08:16 PM by arniekat
