On Sun, 29 Jul 2007, Tyler Smith wrote:
Hi,
I'm working through the security quick start how to, and I'm not clear
on what services are required and which ones I can safely remove. I'm
running a single laptop, which I connect to the net via wireless at
home or at cafes, and via an ethernet cable at work.
1) I never login remotely, so I think I can safely do away with
openssh-server?
tcp6 *:ssh *:* LISTEN 3026/sshd
2) The how-to suggests that for my setup I don't need anything to do
with NFS - netstat reports rpc.statd and portmap as listening. Can I
just purge nfs-common and portmap?
tcp *:37381 *:* LISTEN 2603/rpc.statd
tcp *:sunrpc *:* LISTEN 2578/portmap
3) I have apache installed as a dependency of doc-central. netstat
shows it to be listening to all interfaces. Is there a way to set it
to listen only for local connections? I don't understand this very
well, but it seems I shouldn't need to listen to anyone from the
outside to connect to my docs.
tcp *:www *:* LISTEN 3826/apache
4) The only remaining listeners I have are:
tcp localhost:929 *:* LISTEN 3721/famd
tcp *:auth *:* LISTEN 3661/inetd
tcp localhost:smtp *:* LISTEN 3385/exim4
What is auth? Since famd and exim4 are only listening to localhost,
can I conclude they are not a security risk?
Thanks for your help,
Tyler
--
the general rule of thumb, is if you dont use it, turn it off. I'd turn
off almost every thing. You can leave exim and famd on.
to turn auth off, you can edit /etc/inetd.conf and comment out the line
that starts with ident.
for portmap:
update-rc.d -f portmap remove
for rpc.statd:
update-rc.d -f rpc.statd remove
ssh:
update-rc.d -f ssh remove
to bind apache to the localhost, in /etc/apache2/ports.conf change the
Listen 80 to Listen 127.0.0.1:80, then restart apache.
-+-
8 out of 10 Owners who Expressed a Preference said Their Cats Preferred Techno.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
