Is postfix not necessary if your are going to be getting your security checks mailed to you ? I was initially under the impression that postfix did not have to run as a daemon for this (like sendmail) but my machines with postfix only send me mail when postfix is running (as opposed to the boxes with sendmail that always send mail) Buchan Matthew Micene wrote: > > On Mon, 16 Oct 2000, you wrote: > > [all snipped Content-Transfer-Encoding: 7bit] > > My suggestions and the reasoning behind it: > Kill kudzu: you most likely won't be adding hardware. If you really want > to use it, start it manually before installing hardware and kill > it once you are done. There is no need to daemonize it. > > Kill ypbind: unless for some reason this machine is a NIS client, this > is not needed and a HUGE security hole. if the box IS an NIS client AND > you are coloing this box, god bless and pass the ammunition. > > Kill portmap: unless this is an NFS server, this is another gaping hole. > I personally would not colo an NFS server, way to much unsecurable > traffic floating on the Internet. > > Kill netfs and nfslock. again, this box should not be MOUNTING > partitions across the Internet on a coloed box. This is for SMB Netware > and NFS mounts, NOT recommended by me. > > kill pcmica: this isn't a laptop, no need for it > > gated or routed, pick one or the other. They serve the same purpose and > WILL interfere with each other. > > kill named, postfix, httpd, proftpd and mysql unless you have a reason > for running them (ie running (in order) a DNS server, a mail server, web > server, ftp server or database server or backend) > > kill lpd, it is HIGHLY unlikely you are going to be using a coloed box as > a printserver for any reason. And I can't imagine they are going to > provide access to or space for a line printer for you to dump your logs to. > > Kill amd, unless you need to automount local partitions on the fly there > is no need for this that I can think of on a server. > > Webmin runs its own http daemon. If you are using this to configure and > control the box remotely, make sure you have the proper ipchains rules to > shutdown access to unauthorized people for this service. Otherwise, shut > it off. > > Xfs can be removed if you are not planning on running any remote X > services from the box, and can be manually started and stopped should > someone log in on the console and want to start X. Or upgrade to XFree86 > 4.0.1 that doesn't rely on Xfs. > > KILL LINUXCONF! I can think of absolutely no reason why on a coloed > server box you would daemonize linuxconf. Actually, I see little reason > to daemonize it at all. > > Once you remove all the unecessary services (ie Linuxconf, ftp, telnet, > whatever) make sure you go through the inetd.conf file and comment > out/remove all the lines relevant to those services. > > The pared down list I would suggest reads like this: > network > random > syslog > gated OR routed > atd > crond > inetd > keytable > local > > and then add whichever of the following services you MEAN to run: > httpd > named > proftpd > sshd > webmin > mysql > postfix > > > -- > Matthew Micene > Systems Development Manager > Express Search Inc. > www.ExpressSearch.com > ____________________________ > A host is a host from coast to coast, > and no one will talk to a host too close > Unless the host that isn't close is busy, hung or dead > > ------------------------------------------------------------------------ > Keep in touch with http://mandrakeforum.com: > Subscribe the "[EMAIL PROTECTED]" mailing list. -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:[EMAIL PROTECTED] Centre for Automotive Engineering http://www.cae.co.za South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------|
Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
