April 25, 2019

Admin Digest: The Basics of Linux Network Security - page 2


  • January 6, 2003
  • By Rob Reilly

There are several methods remote attackers can use to break into your machine. Usually they are exploiting problems with existing programs. The Linux community always quickly spots these 'exploits' and releases a fix. Linux fixes are usually out long before the equivalent programs in other operating systems are mended. The issue here though is how to prevent your machine from suffering any sort of problem of this sort.

Linux as a server offers all kinds of facilities like ftp, WWW, and mail. The way that it handles many of these services is via a system of ports. Port 21 controls ftp, for example. (If you are interested, the mapping of port numbers to service names is in the file /etc/services.)

To save on system resources and make system administration less complex, many services are handled through a configuration file /etc/inetd.conf. This file tells the system how to run each of the available services.

Many Linux vendors turn on various services in inetd.conf by default when for maximum security they should be off! In many corporate environments security as such is not an issue. If there is enough security to prevent accidental damage in these 'soft' environments providing access to these services is more important than preventing them. If your Linux host is exposed to the Internet you may hold a different point of view though. To check what services are currently running on your Linux system, type the command

netstat -vat

This will print up something like this

tcp 0 0 *:6000 *:* LISTEN 
tcp 0 0 *:www *:* LISTEN 
tcp 0 0 *:auth *:* LISTEN 
tcp 0 0 *:finger *:* LISTEN 
tcp 0 0 *:shell *:* LISTEN 
tcp 0 0 *:sunrpc *:* LISTEN 

Each line that says LISTEN is a service waiting for connections.

Some of these services run as stand-alone programs, but many of them are controlled by /etc/inetd.conf. If you are not sure what a service does, look it up in /etc/inetd.conf. For instance, if you type

grep '^finger' /etc/inetd.conf 

you will get back a line from inetd.conf like this

finger stream tcp nowait nobody /usr/sbin/tcpd /usr/sbin/in.fingerd 

To see what the program does, look up in.fingerd in the man page. If you think you can live without this service, then it can be turned off in /etc/inetd.conf. By commenting out the line (put a # at the start of the line) and then issuing the command kill all -HUP inetd you can immediately and permanently turn a service off. There is no need to reboot.

If a service is not listed in /etc/inetd.conf then it probably runs as a stand-alone program.

You can remove a service provided by a stand-alone background program by uninstalling its package. Only do this if you are sure about what the program does and are certain that it is not necessary.

Most Popular LinuxPlanet Stories