Re: [luau] turning off radhat services

Mon, 31 Mar 2003 17:09:16 -1000 

[EMAIL PROTECTED] wrote:

rawdevices      no idea, on.


This is for software like Oracle to be able to access a raw, unformatted
filesystem for improved performance, etc. Most desktop users won't need
this.


ipchains iptables    firewall stuff, one or other on. Actually my
system has both on, a problem?


You probably don't need both.  IP Tables is the newer of the two (and
probably the one you should go with).


ntpd            network time protocol daemon, has been a security
hole, probably off.


Some network functions may rely on tight synchronization, so better to
configure it securely than to disable it, esp. if you're in a networked
environment.


autofs          no idea


RedHat's automounter daemon.  If you have automounting configured on
your network, it's a nice facility, but otherwise unneeded.


nscd            no idea


Name service caching daemon.  Can help to speed up network
authentication as well as domain name lookups for frequently visited
domain names.  Not sure of any security woes; I use it.


radvd           no idea



Router advertizing daemon.  Used if your machine functions as a gateway. 
 Most machines won't need this.



isdn            no idea



ISDN deamon for ISDN connections.  Not needed unless you connect to the 
net through ISDN.



vncserver       no idea



Deamon that allow remote desktop connections.  Not particularly secure 
by default, and if you're not specifically reliant on it, turn it off.



yppasswdd  ypserv  ypxfrd  samba?



The YP stuff is all related to NIS.  NIS is riddled with security 
problems, so don't use it unless you're behind a beefy firewall.  A good 
replacement is LDAP, as it can be configured to be quite secure, and it 
can pretty easily replace NIS's functionality.  A beefy firewall is 
never a bad idea.



winbind    no idea



A companion daemon to SAMBA.  When configured properly, it can 
synchronize Windoze and UNIX/Linux passwords.



all xinetd services seem to be off on this box, except sgi-fam,
whatever that is.



sgi-fam is a security-related daemon that can monitor system file 
integrity and network access attempts.  I've never tried to configure 
it, and I don't know of any compelling arguements for or against it.


Hope that helps,
Chris
























					Reply via email to