ShareWiz

ShareWiz Ultra Secure Server Setup

Service Security

Synopsis

Close down all unneeded services.

Services are programs such as ftp servers and web servers. Services work by listening for incoming connections that request the service. Services are sometimes vulnerable (i.e. can be compromised under a given attack) and hence present a security risk.

You should not install services which are not needed on your machine. Every installed service might introduce new, perhaps not obvious (or known), security holes on your computer. Additionally, the default behavior of a newly installed service is usually to be activated:

Startup scripts are usually located either in /etc/init.d or in /etc/rc.d/init.d/ directories (On some systems /etc/init.d is a symlink to /etc/rc.d/init.d).

On top of these directories, there are also a set of directories for each of the system runlevels, such as /etc/rc0.d, /etc/rc1.d, /etc/rc3.d etc.

The reason that scripts are organized this way is because in runlevel specific directories there are only symbolic links referring to the original scripts in /etc/init.d. Each of the scripts in this directory usually caters for a number of scenarios:- starting a service, stopping a service, and optionally restarting a service (which is the same as stopping and then starting the service again in most cases).

As the OS goes from one runlevel to another following a startup or shutdown, it looks for symlinks in /etc/rc*.d directories and uses them to ensure the services specified there are started or stopped accordingly.

The symbolic links in these /etc/rc*.d directories have names such as /etc/rc3.d/S20service_name or /etc/rc3.d/K20service_name. Any service starting with the letter ‘S’ is started at boot. Services starting with the letter ‘K’ will not be started at boot. Therefore to disable a service in Ubuntu simply rename the service’s symbolic links from S to K. See man update-rc.d for more information.

The two digit number after the ‘S’ or ‘K’ is the startup and shutdown priority, with 0 being the highest, and 99 being the lowest priority. A priority item of 20 will start before a priority item of 99.

top

Obtain a list of which ports the computer is listening for connections:

Issue the following command:

sudo lsof -i

which should show something like:

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

sshd 792 root 3r IPv4 8129 0t0 TCP server1.sharewiz.net:ssh (LISTEN)

sshd 5684 root 3r IPv4 125557 0t0 TCP server1.sharewiz.net:ssh->192.168.0.10:25354 (ESTABLISHED)

sshd 5971 peter 3u IPv4 125557 0t0 TCP server1.sharewiz.net:ssh->192.168.0.10:25354 (ESTABLISHED)

ntpd 7074 ntp 16u IPv4 127770 0t0 UDP *:ntp

ntpd 7074 ntp 17u IPv6 127771 0t0 UDP *:ntp

ntpd 7074 ntp 18u IPv4 127777 0t0 UDP localhost:ntp

ntpd 7074 ntp 19u IPv4 127778 0t0 UDP server1.sharewiz.net:ntp

ntpd 7074 ntp 20u IPv4 127779 0t0 UDP 192.168.1.1:ntp

ntpd 7074 ntp 21u IPv6 127780 0t0 UDP [fe80::a00:27ff:fe14:28ce]:ntp

ntpd 7074 ntp 22u IPv6 127781 0t0 UDP [fe80::a00:27ff:fef2:4b5d]:ntp

ntpd 7074 ntp 23u IPv6 127782 0t0 UDP ip6-localhost:ntp

This may help you decide which of these services are not required.

top

Obtain a list of all running services

Issue the following command:

sudo sysv-rc-conf --list | grep on

and make sure the settings are correct.

top