This week's book giveaway is in the Programmer Certification forum.
We're giving away four copies of OCP Oracle Certified Professional Java SE 21 Developer Study Guide: Exam 1Z0-830 and have Jeanne Boyarsky & Scott Selikoff on-line!
See this thread for details.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Base Linux Processes

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi
I am new to linux and server admin tasks and need to set it up as (low scale) server. I have a RH9 copy which I Installed in its Server mode. It does start a lot of process and services. I need to know which of the processes that are setup/started by default can be security hazards and should be turned off in a typical Linux server environment. Also would really appreciate if someone can tell me about glaringly obvious pitfalls that I need to be aware of.
Thanks in advance.
--Vineet
 
Ranch Hand
Posts: 688
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I run debian, so I hope this helps. Look into your /etc/init.d directory, it contains all the scripts that control services. Then you need to go thru /etc/rc?.d directories and see how they link to those scripts. and turn them off as you go.
Maybe Redhat has a different way of handling things.
 
Vineet B
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Adrian.
How will I know which ones to turn off? I dont really know which NEED to remain on and which are usually turned off in a typical Unix/Linux server environment. Like, I know that I need to keep sshd on for secure logins etc as well as shut off telnet, ftp from xinetd etc
but there are so many others that I dont know about like atd - i.e. whether turning it off will screw up some system process that may use this. And yes, Redhat does provide a chkconfig command to turn on/off services.
 
Adrian Yan
Ranch Hand
Posts: 688
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I can't say which one you should run or not, depends on your needs. My suggestion is to turn off everything except SSH. That way, the system is pretty secure.
You don't need anything like telnet, ftp, ntp, smtp etc. unless you are absolutely sure you need them.
 
Vineet B
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks a lot Adrian !!
 
Ranch Hand
Posts: 443
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Be aware that there are system processes that are started from there. For example, syslog, lpd or iptables/ipchains may be one of them. You really have to look at them one-by-one to see which one you need. Although I can tell you that those services started by xinetd are probably not that important.
Perhaps you can list them here so that we can all discuss which one you can turn-off.
[ September 29, 2003: Message edited by: Alton Hernandez ]
 
Saloon Keeper
Posts: 28320
210
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/security-guide/
There are now a number of books available on the subject as well.
 
Adrian Yan
Ranch Hand
Posts: 688
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
agree... you should always be careful when you do stuff like that.
Most of the security problems comes with network services like sendmail, telnet, etc. That's another reason I use debian for a minimum installation and add stuff as I go.
Also, check for security updates more often, I think redhat has a support page that gives all those information.
But usually, unless you are running a super multi-user environment, ssh should be the only process that accepts outside connection. or, you can simply run everything with chroot (jailed) environment), this is a pain in the ass time to time, but definitely worth considering if you are really sensitive about it.
 
Why does your bag say "bombs"? The reason I ask is that my bag says "tiny ads" and it has stuff like this:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic