Skip Navigation
York University Redefine the possible.
space Prospective students Current students Faculty & staff Alumni Visitors York crest
rule
Navigation Items ComputingConnecting to the InternetAccountsUsing EmailUsing the InternetDeveloping WebpagesSoftware and ApplicationsUsing Campus LabsTelecommunicationsInstructional Technology Centre
 

Common UNIX Services to Disable


Many UNIX and UNIX variant distributions install default services that are little used and have a poor security history. They use clear text protocols and have notoriously been the target of hackers through the ages. Below is a list of services that should be turned off by default unless a specific purpose of this protocol is need. Often, however, there are newer more secure versions of similar services available. All of the services below are executed via inetd.

Auth

The Auth or Identd service is an identification protocol. It is typically used by e-mail server and little else. Even in the case of e-mail servers its uses are questionable. It makes 3 basic assumptions:

  1. Computers are multi-user timesharing system
  2. Computer users and the computer system administrators are different people
  3. Computer system administrators are trustworthy

The result of these assumptions is that when your system contacts the identd server of a remote server, you can trust the data returned that supposedly identifies a user who is trying to use a network service on your server, because there is a trustworthy system administrator on the remote system who is watching over his users with a microscope, and who will readily and happily identify his users to you because you asked nicely.

Unfortunately, the majority of computers on the Internet violate all of these assumptions as they are personal computer running Windows.

  1. PC’s running Windows have one user
  2. The computer user and the computer administrator are the same person
  3. The PC user may or may not be trustworthy, and it’s impossible to tell.

Finger

Finger is a program that displays information about a particular user or all users logged on the system, or a remote system. Finger typically shows full name, last login time, idle time, terminal line, and terminal location (where applicable). It has very often been a source of information for hackers.

FTP

File Transfer Protocol is a client-server protocol which allows a user on one computer to transfer files to and from another computer. Inherently, FTP suffers the same security concerns and telnet and the remote processes, that being clear text transmission. The use of FTP is suitable for non-authenticating services like anonymous access. For use with confidential and or authenticated services it should be avoided. Please see OpenSSH specifically the components of SCP and SFTP in the General Utilities for UNIX Security for an alternative.

Rexec, Rlogin, Rsh

The remote processes were the advent of a desire for more distributed computing. Unfortunately at the time of their creation many of the assumptions of Auth existed, i.e. a more trusting environment. All of the remote processes suffer from the clear text transmission issue. They exhibit much of the issues that telnet does, but additionally have the weakness of trusting IP addresses. It is highly recommended that none of these be activated at all costs. Please see OpenSSH in the General Utilities for UNIX Security for an alternative.

Rstatd

Rstatd provides a hacker with interesting information such as CPU usage, system uptime, network usage and much more. This type of information can be used to create denial of service (DoS) attacks especially if the system load is high. Rstatd has also been known to have many vulnerabilities and should just not be active.

SMTP

SMTP is used to transfer electronic mail between computers. It is a server to server protocol, so other protocols are used to access the messages. The SMTP dialog usually happens in the background under the control of the message transfer agent, such as sendmail. With the inherent and frequent issues related with SMTP and in particular sendmail enabling this protocol on localhost only is advised for non-mail servers.

Talk, Ntalk

Talk and Ntalk (new talk) are programs and protocols supporting conversation between two or more users who may be logged into the same computer or different computers on a network. Talk and Ntalk have proven to be unreliable and to have potential security vulnerabilities.

Telnet

For a long time telnet was the Internet’s standard protocol for remote login. Unfortunately all information, including passwords, is transmitted in clear text. Please see OpenSSH in the General Utilities for UNIX Security for an alternative.

Disabling Services

There are two methods to disabling the services above. The first method is to disable the service completely and is the preferred method. These second eliminates the systems knowledge of the service-port translation, rendering the service inoperative.

Method 1: Complete Service Disabling

In /etc/inet/inetd.conf simply comment out or delete the services to be disabled. You then need to restart the inetd service or reboot

Method 2: Disabling Service-Port Translation

In /etc/services comment out or delete the services to port translation lines. You do not need to restart anything. Please note that Method 1 is the preferred method.


Contact information
General inquiries:  helpdesk@yorku.ca
Network and computer abuse reports:  abuse@yorku.ca

 

Y graphic
last modified:
[March 3, 2003]

graphic rule
Copyright 2002 © York University