Admin Digest: The Basics of Linux Network Security - page 2
There are several methods remote attackers can use to break into your machine. Usually they are exploiting problems with existing programs. The Linux community always quickly spots these 'exploits' and releases a fix. Linux fixes are usually out long before the equivalent programs in other operating systems are mended. The issue here though is how to prevent your machine from suffering any sort of problem of this sort.
Linux as a server offers all kinds of facilities like ftp, WWW, and mail. The way that it handles many of these services is via a system of ports. Port 21 controls ftp, for example. (If you are interested, the mapping of port numbers to service names is in the file /etc/services.)
To save on system resources and make system administration less complex, many services are handled through a configuration file /etc/inetd.conf. This file tells the system how to run each of the available services.
Many Linux vendors turn on various services in inetd.conf by default when for maximum security they should be off! In many corporate environments security as such is not an issue. If there is enough security to prevent accidental damage in these 'soft' environments providing access to these services is more important than preventing them. If your Linux host is exposed to the Internet you may hold a different point of view though. To check what services are currently running on your Linux system, type the command
This will print up something like this
tcp 0 0 *:6000 *:* LISTEN tcp 0 0 *:www *:* LISTEN tcp 0 0 *:auth *:* LISTEN tcp 0 0 *:finger *:* LISTEN tcp 0 0 *:shell *:* LISTEN tcp 0 0 *:sunrpc *:* LISTEN
Each line that says
a service waiting for connections.
Some of these services run as stand-alone programs, but many of them are controlled by /etc/inetd.conf. If you are not sure what a service does, look it up in /etc/inetd.conf. For instance, if you type
grep '^finger' /etc/inetd.conf
you will get back a line from inetd.conf like this
finger stream tcp nowait nobody /usr/sbin/tcpd /usr/sbin/in.fingerd
To see what the program does, look up in.fingerd in the man page. If
you think you can live without this service, then it can be turned off
in /etc/inetd.conf. By commenting out the line (put a
# at the start of
the line) and then issuing the command
kill all -HUP inetd you can
immediately and permanently turn a service off. There is no need to
If a service is not listed in /etc/inetd.conf then it probably runs as a stand-alone program.
You can remove a service provided by a stand-alone background program by uninstalling its package. Only do this if you are sure about what the program does and are certain that it is not necessary.