On Sat, 12 Jan 2002, Edenyard wrote: <snip>
> 81 ? S 0:00 /usr/sbin/inetd This is the "superserver" from which many other services are run. For "bogstandard" usage, this doesn't need to run... nor do all the services listed below which it appears to start. Did you try 'netstat -tupan' ? If it works the same on your distro as it does on Caldera and Red Hat, the information given there is likely more relevant. > 84 ? S 0:02 /usr/sbin/sshd This is the secure shell daemon. It's like an encrypted telnet. If you're running a version lower than 2.9 (IIRC), it's already vulnerable. If you need to have remote access to your machine, upgrade this to >= 3.0, otherwise, disable. > 89 ? S 0:00 /usr/sbin/lpd Line Printer Daemon. Current Slackware versions are not known to be vulnerable... but it doesn't hurt to firewall it off anyway (unless you need to accept print requests from remote machines.) > 91 ? S 0:00 /usr/sbin/crond -l10 The daemon that runs jobs at certain times. Default uses are for rotating log files. Basically, anything you want to run on a regular basis. I use cron to sync my computer clock with the Naval nuclear clock once a day. I also have it set up to start seti@home hourly in case I shut it off and forget to restart it. > 95 ? S 0:00 /usr/sbin/atd -b 15 -l 1 "at" daemon is similar to cron, only you use it for single events rather than regular events... "at a certain time, do a particular task." > ftp stream tcp nowait root /usr/sbin/tcpd proftpd ftp server. proftpd is more secure than wu-ftp, but it depends on exactly how it's configured as to whether it could present problems. If you need to run an ftp server, this is probably the one to run, but if you don't need it, don't run it. > telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd Yikes! This allows people to telnet into your machine. Shut it off. If you need remote access, use the latest sshd. > comsat dgram udp wait root /usr/sbin/tcpd in.comsat Dunno... so that means you don't need it. ;-) > shell stream tcp nowait root /usr/sbin/tcpd in.rshd -L Remote shell daemon. Similar to, and nearly as bad as telnet. > login stream tcp nowait root /usr/sbin/tcpd in.rlogind Remote login. See rshd. > ntalk dgram udp wait root /usr/sbin/tcpd in.talkd This allows people on your machine, or remote machines, to "page" you. Basically like instant messaging. I've not seen any exploits, but still, if you don't plan on using it, best not to run it. > finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd -u Finger daemon gives user info to the world. AFAIK, it's not insecure in and of itself, but it gives intel to the enemy that often helps him figure a way in. Best to disable. > auth stream tcp wait nobody /usr/sbin/in.identd in.identd -P/dev/null Gives out user identification. So far I haven't run across anything that actually requires it... though the arachne.cz MTA hits my port 113 with an ident request every time I send an e-mail there. > netbios-ssn stream tcp nowait root /usr/sbin/smbd smbd Samba. For allowing Windows machines to access linux file systems and vice versa. If you run it at all, it would most likely be on a LAN behind a firewall. > netbios-ns dgram udp wait root /usr/sbin/nmbd nmbd Related somehow to the previous one, but I'm not entirely sure what it does. > So - should I be changing (removing, deleting...) anything, based on > what you can see here? I'd be disabling just about all of them. If you don't need them, they're just sitting there listening for the day an exploit is discovered. If you do need them, use the latest version, and keep up on their security alerts. > Also, where could I read more (generally) about > what all these items are? You can use the man or info commands on just about all of them. That'll give you a basic idea of what they all do. For instance, 'man finger' to find out what finger (client) does, and 'man fingerd' to see what fingerd (server) does. Just reading the Description paragraph should give you a good idea of whether you need it or not. - Steve
