On Sun, 29 Jul 2007, Tyler Smith wrote:
Hi,
I'm working through the security quick start how to, and I'm not clear
on what services are required and which ones I can safely remove. I'm
running a single laptop, which I connect to the net via wireless at
home or at cafes, and via an ethernet cable at work.
1) I never login remotely, so I think I can safely do away with
openssh-server?
tcp6 *:ssh *:* LISTEN 3026/sshd
2) The how-to suggests that for my setup I don't need anything to do
with NFS - netstat reports rpc.statd and portmap as listening. Can I
just purge nfs-common and portmap?
tcp *:37381 *:* LISTEN 2603/rpc.statd
tcp *:sunrpc *:* LISTEN 2578/portmap
3) I have apache installed as a dependency of doc-central. netstat
shows it to be listening to all interfaces. Is there a way to set it
to listen only for local connections? I don't understand this very
well, but it seems I shouldn't need to listen to anyone from the
outside to connect to my docs.
tcp *:www *:* LISTEN 3826/apache
4) The only remaining listeners I have are:
tcp localhost:929 *:* LISTEN 3721/famd
tcp *:auth *:* LISTEN 3661/inetd
tcp localhost:smtp *:* LISTEN 3385/exim4
What is auth? Since famd and exim4 are only listening to localhost,
can I conclude they are not a security risk?
Thanks for your help,
Tyler
--
erf, it's too early, not enough coffee yet, but you might want to add this
one to the list too:
update-rc.d -f nfs-common remove
You can also just remove the packages that control these though. But,
personally I like to keep them around, just incase I need to turn them
back on at some point. It's come in handy for me a few time to have the
services available
-+-
8 out of 10 Owners who Expressed a Preference said Their Cats Preferred Techno.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
