An important security principle is “if you don’t need it, disable it”. All running services expose the system to some level of risk. Obviously, some services are much more vulnerable than others but often you don’t know what the vulnerabilities of any given service are, and some may yet to have been discovered.
To see what services are enabled enter:
/sbin/chkconfig –list
To disable a service enter:
/sbin/chkconfig -del service
At a minimum the following should be disabled:
/sbin/chkconfig -del bluetooth
/sbin/chkconfig -del cups
/sbin/chkconfig -del autofs
/sbin/chkconfig -del isdn
/sbin/chkconfig -del portmap
/sbin/chkconfig -del vncserver
/sbin/chkconfig -del mdmonitor
/sbin/chkconfig -del winbind
/sbin/chkconfig -del cups
/sbin/chkconfig -del autofs
/sbin/chkconfig -del isdn
/sbin/chkconfig -del portmap
/sbin/chkconfig -del vncserver
/sbin/chkconfig -del mdmonitor
/sbin/chkconfig -del winbind
It is also a good idea to go through the /etc/xinetd.d directory and delete any unused services here. For example:
rm /etc/xinetd.d/gssftp
rm /etc/xinetd.d/krb5-telnet
rm /etc/xinetd.d/tftp
rm /etc/xinetd.d/daytime*
rm /etc/xinetd.d/chargen*
rm /etc/xinetd.d/ekrg5-telnet*
rm /etc/xinetd.d/krb5-telnet
rm /etc/xinetd.d/tftp
rm /etc/xinetd.d/daytime*
rm /etc/xinetd.d/chargen*
rm /etc/xinetd.d/ekrg5-telnet*
No comments:
Post a Comment