Common UNIX Services to Disable
Many UNIX and UNIX variant distributions install default
services that are little used and have a poor security history. They
use clear text protocols and have notoriously been the target of
hackers through the ages. Below is a list of services that should be
turned off by default unless a specific purpose of this protocol is
need. Often, however, there are newer more
secure versions of similar services available. All of the services
below are executed via inetd.
The Auth or Identd service is an identification protocol. It
is typically used by e-mail server and little else. Even in the case of
e-mail servers its uses
are questionable. It makes 3 basic assumptions:
- Computers are multi-user timesharing system
- Computer users and the computer system administrators are
- Computer system administrators are trustworthy
The result of these assumptions is that when your system
contacts the identd server of a remote server, you can trust the data
that supposedly identifies a user who is trying to use a network
service on your server, because there is a trustworthy
system administrator on the remote system who is watching over his
users with a microscope, and who will readily and happily identify his
users to you
because you asked nicely.
Unfortunately, the majority of computers on the Internet
violate all of these assumptions as they are personal computer
- PC’s running Windows have one user
- The computer user and the computer administrator are the same
- The PC user may or may not be trustworthy, and it’s impossible to
Finger is a program that displays information
particular user or all users logged on the system, or a remote system.
typically shows full name, last login time, idle time, terminal line,
terminal location (where applicable). It
has very often been a source of information for hackers.
File Transfer Protocol is a client-server protocol
allows a user on one computer to transfer files to and from another
computer. Inherently, FTP suffers the
same security concerns and telnet and the remote processes, that being
text transmission. The use of FTP is
suitable for non-authenticating services like anonymous access. For use
with confidential and or
authenticated services it should be avoided. Please see OpenSSH
the components of SCP and SFTP in the
General Utilities for UNIX Security
for an alternative.
Rexec, Rlogin, Rsh
The remote processes were the advent of a desire
distributed computing. Unfortunately at
the time of their creation many of the assumptions of Auth existed,
i.e. a more
trusting environment. All of the remote
processes suffer from the clear text transmission issue. They exhibit
much of the issues that telnet
does, but additionally have the weakness of trusting IP addresses. It
is highly recommended that none of these
be activated at all costs. Please see
in the General Utilities for UNIX Security for an alternative.
Rstatd provides a hacker with interesting
as CPU usage, system uptime, network usage and much more. This type of
information can be used to
create denial of service (DoS) attacks especially if the system load is
high. Rstatd has also been known to have
many vulnerabilities and should just not be active.
SMTP is used to transfer electronic mail between
computers. It is a server to server
protocol, so other
protocols are used to access the messages. The SMTP dialog usually
the background under the control of the message transfer agent, such as
sendmail. With the inherent and frequent
issues related with SMTP and in particular sendmail enabling this
localhost only is advised for non-mail servers.
Talk and Ntalk (new talk) are programs and
protocols supporting conversation between two or more users who may be
into the same computer or different computers on a network. Talk and
Ntalk have proven to be unreliable
and to have potential security vulnerabilities.
For a long time telnet was the Internet’s standard
protocol for remote login. Unfortunately all
information, including passwords, is transmitted in clear text. Please
see OpenSSH in the General Utilities for UNIX Security
for an alternative.
There are two methods to disabling the services
above. The first method is to disable the
completely and is the preferred method. These second eliminates the
systems knowledge of the
translation, rendering the service inoperative.
Method 1: Complete Service Disabling
In /etc/inet/inetd.conf simply comment out or
services to be disabled. You then need
to restart the inetd service or reboot
Method 2: Disabling Service-Port Translation
In /etc/services comment out or delete the
services to port
translation lines. You do not need to
restart anything. Please note
that Method 1 is the preferred method.
Network and computer abuse reports: email@example.com