We are discussing here ways of securing our systems, and in particular we
are comparing the list of daemons started at boot or by inetd.conf on
Alphas, Suns and Linux SUSE. We had a couple of intrusions on our Suns
(one via an obscure and unused system daemon, and one unknown). Our SUSE
system come out with an inetd,conf which by default does not run anything.
I've now drawn a list on my Alpha of the processes started at boot by
scripts in init.d and would be inclined to remove unused ones. I'd like to
check that removing processes in this list is not dangerous.
(a) processes started at boot
As far as I know I'm not aware of doing any use of processes :
snmpd mmeserver nrsd and the other of the nsr family
So I would be inclined to rename the K* S* scripts in rc?.d which
handle common_agent snmpd mmeserver nsrd.
Any danger in doing that ?
(b) processes started by inetd.conf
I would be inclined to comment out in inetd.conf the following
services :
comsat
ntalkd
kdebugd (what is it for ? no man page)
I am dubious with time, cfgmgr (seems used by the kernel) and
rquotad (I've even seen an rcp.rquotad process running).
We do not have quotas on local filesystems. Quotas are enforced on a
remote filesystem on another machine and for some users, none of
which has anything to do with the Alphas)
Any danger in commenting them out ?
----------------------------------------------------------------------------
Lucio Chiappetti - IFCTR/CNR - via Bassini 15 - I-20133 Milano (Italy)
For more info :
http://www.ifctr.mi.cnr.it/~lucio/personal.html
----------------------------------------------------------------------------
Received on Fri Mar 29 2002 - 18:09:11 NZST