- Linux Training
- Desktop Tutorials
- Server Tutorials
|Linux Commands - Administrative Commands|
Servers run services or daemons that provide access to programs for clients (workstations or other servers). These server processes can be stand alone or transient. Stand alone processes or daemons, like httpd (web services), start when the server starts up and remain running the whole time the server is running. Transient services do not start until a request is made by a client. Once the request is filled the transient service is shut down.
Stand alone servers are often managed by host based security. This means that a service like Samba has a configuration option within the smb.conf file that controls which hosts have access to specific directories. Other stand alone services are managed by tcp_wrappers. Three examples would be sshd, xinetd and portmap. The transient servers are managed by xinetd which is also managed by tcp_wrappers for host management. xinetd is called a super server because it listens on ports for a service waiting for a client to make a request. Common examples of these kind of servers are IMAP, POP and rsync.
Uninstall Services That are not Needed or Used
It is important to note that network services typically relate to opening ports to establish communication with another computer. Therefore, the removal of any services that are not needed can effectively enhance security. There are several directories that will give clues as to network services that are installed:
It is important to know what services are running on the server. In order to list those services use the chkconfig command as root (note the syntax is two dashes -- before list):
messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off
autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
snmptrapd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
diskdump 0:off 1:off 2:off 3:off 4:off 5:off 6:off
nscd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
NetworkManager 0:off 1:off 2:off 3:off 4:off 5:off 6:off
This list is long...and there are many important services running here.
List Services in runlevels
Once you have listed all of the services, list only those services in runlevel 3 that are currently running. runlevel 3 is the text mode that most servers will operate in.
/sbin/chkconfig --list | grep 3:on
Turn Off Services
Now turn off the portmap daemon off in runlevels 3 and 5.
/sbin/chkconfig --level 35 portmap off
Note that the 3 is the runlevel for text mode and 5 is the runlevel if you are using the Graphical Interface.
Turn On Services
Turn on your web server when the system starts in runlevels 3 and 5.
/sbin/chkconfig --level 35 httpd on
You should spend a lot of time working with this command as it will be very useful.