Linux Security: Disabling Daemons

This covers disabling or perhaps uninstalling unneeded demons.
Most of the explanations on this page were taken from the
Bastille-Linux project. Which is mentioned and strongly advised
for download and use if you're using the Redhat Linux
Distribution.

Now depending on your linux distribution you're gonna do this
different ways:
Redhat and Linux-Mandrake users: Type 'setup' and then click on
system services.

Slackware users: you'll have to manually go in and edit
/etc/rc.d/rc.M to disable most 
daemons/services. Also look in /etc/rc.d/rc.inet1 and
/etc/rc.d/rc.inet2

Debian users:

The services/daemons: 

sendmail:
Now for some reason new users to linux think you have to have
sendmail running as a daemon in the background(a fully
functional mail server) to send and receive e-mail whether it be
local(just across the system) or to and from remote hosts.
This is beyond why they think that, I guess it's because they
never RTFM : )

But this is far from the truth... In fact you don't need
sendmail running at all! Even to send mail locally. For getting
mail from a remote host( ala your isp) use
fetchmail or an e-mail client that supports downloading mail
from a remote host, A good e-mail client that I recommend for
doing this is kmail, and you don't have to use kde to use kmail(
I use blackbox). Or you can go with just setting up 
fetchmail and using pine or mutt to send mail. Moral of the
story... If you're not gonna be running an smtp mail server.
Disable sendmail NOW!


BIND:

BIND stands for "berkeley internet name daemon" it's a
distribution of named (the domain name service daemon) and
various dns tools. Your ISP(Internet serv
ice provide) provides you with dns. If you're not gonna be
running a domain on a network, or least not right now. Disable
the named service now.

Services to be disabled for BIND:
named


NFS and Samba: 
NFS is the Network File System, used for file and print sharing
across a network. It's also a well known fact the NFS has major
security issues. If you don't need file and print sharing,
disable the services below now. If you do need file and print
sharing across a lan/wan disable the services below until you
have read all the NFS docs, man pages, and howtos and how to 
secure NFS. 

Services for NFS to be disabled:
portmap
nfs

Samba is used for file and print sharing between *nix boxes and
windoze boxes across a lan/wan. If you don't need this disable
the services below. And once again, if you do need these
services please disable them now 'till you fully understand how
to configure and secure them.

Services for Samba to be disabled:
smb
amd

ATD:

atd allows you to run commands at a later time.  Over time, a
large number of vulnerabilities have been found in atd you, can
find exploits against them very easily on the web.

All the functionality of at can be mimicked via cron.  We
strongly
recommend disabling atd.

Services for atd to be disabled:
atd

PCMCIA:

If this machine is not a notebook, it probably has no PCMCIA
ports. PCMCIA ports allow the use of easily removable
credit-card-sized devices. If this machine has no PCMCIA ports,
you should disable PCMCIA.

Services to disable PCMCIA:
pcmcia

DHCPD:

DHCP servers are used to distribute temporary IP (Internet)
addresses to other machines. An organization generally only has
one or two DHCP servers, if any.  Unless this machine is going
to be a DHCP server, you should deactivate the DHCP daemon. 
Deactivating the daemon will not prevent you
from running DHCP as a client.

Services for DHCPCD to be disabled:
dhcpd

GPM:

GPM is used in console (text) mode to add mouse support to text
mode.If you will be using this machine in console mode and will
want mouse support, leave GPM on.

Services for GPM to be disabled:
gpm

INND:

INND is the standard internet news server, used to make the news
network.You should only leave it turned on if this machine will
serve as the organization's news server.

Note that very few people need to create their own news server,
as your ISP or university usually provides one.  Further, they
require a great deal of disk space, processor power, bandwidth
and maintenance. As these docs are aimed at newbies/home users I
highly doubt you'll need innd, so disable it

Services for INND to be disabled:
innd

GATED:

Will this machine serve as a router with multiple internet
links? Again, very few machines fit in this class. If your
machine is only connected to the internet through one method,
you can disable routing protocols. If this machine is at an ISP
or major networking center, you can leave this on, but please
prepare to configure your routing daemon.  Otherwise, you should
turn this off.

Services to be disabled for GATED:
gated

NIS:

NIS is a system used for synchronizing key host information,
including account names and passwords. It is quite insecure, and
can be easily compromised to gain access to accounts on the
system. If you are really interested in using NIS, you should
configure your firewall to block NIS traffic going in or out of
the network. If you don't have a firewall, you shouldn't be
running NIS.

It is strongly recommend that you deactivate NIS.

Services to be disabled for NIS:
ypbind
ypserv
yppasswdd

SNMP:

SNMP is a protocol used to track and manage network devices,
including hosts and routers. Unfortunately, it is very insecure
and can be used by a system cracker to gain information about
(and possibly compromise) your network. You may be able to use
it more safely by blocking SNMP packets at your firewall, but
you should always be careful when using this protocol.

It is strongly urged you to deactivate it, at least until you
have read more about it and better understand the dangers
involved.

Services to be disabled for SNMP:
snmpd


APACHE:

Will you be using the Apache web server immediately? Being
a minimalist in the beginning is a critical part of good site
security. If you don't need to run a web server, at least not
right now, you should deactivate it.

Services to be disabled for APACHE:
httpd

FTPD:

FTP is widely considered to be fairly dangerous, but even
security-conscious sites might still run it because of the
perceived difficulty in educating users about alternatives. 
Available
alternatives include:

 - secure copy, which encrypts names, passwords and traffic
 - web-based file archives, a much safer way of offering files
to the public

The lack of widespread, free, Windows-based secure copy clients
only exacerbates the problem. FTP is dangerous for several
reasons, including:

 1) All passwords travel in the clear across the connection,
allowing any intermediate hosts (and usually every host on the
source and destination's local area network) to "sniff"
unencrypted passwords.

 2) Ftp daemons typically need to run with root privileges, and
most of the common ones have been found to have a multitude of
security vulnerabilities over the course of their existence. 
For instance, the ftp daemon included with RedHat 6.0 has had
two Emajor updates to close security holes since RH6.0 was
released.  Earlier in this session, we updated your wu-ftp to
the most recent one that Redhat advertises.

It is strongly suggest you disable any ftp daemons on your
system, at least till you fully understand how they work, how to
configure them, and last but not least secure them.

Services to be disabled for FTP:
ftpd


Other services that should be disabled, if you don't know what
these services are or what they do disable them NOW! Then go
read the man pages and docs on each of the services....

arpwatch -  keep track of ethernet/ip address pairings
autofs - BSDs auto file system mounter
bootparamd - Daemon to give old Sun clients booting information 
mars-nwe - Netware file/printer server that runs under Linux
mcserv - Server for the Midnight Commander network file
management system.
postgresql - SQL Database
routed - The routing daemon which maintains routing tables 
rstatd - Displays uptime information about remote machines
rwalld - messages to hosts's logged in users
rwhod - Display who is logged in on other machines on a network