Iptables -A INPUT -p tcp -s 0/0 -d 0/0 -dport 443 -j DROPĭisable = yes - FTP default is off. One can also block the https port 443 using firewall rules: With past ssl exploits, those using this philosophy did not get burned.Īpache 1.3.x config file /etc/httpd/conf/nfĬomment out the use of the ssl module by placing a "#" in the first column. See the YoLinux init process tutorialĪpache: Turn off modules you are not going to use. At the very least one should run theĬommand chkconfig -list to see what processes are configured to be operable after boot-up. The service can be terminated using the command /etc/rc.d/init.d/sendmail stop. For example, sendmail can be removed from the boot process using the command: chkconfig -del sendmail or by using theĬonfiguration tool ntsysv. Hackers probe my system for this service all the time.), innd (News (mail server), portmap (RPC listener required by NFS), lpd (Line printer server daemon. These will be started by scripts in /etc/rc.d/rc*.d/ directories. Reduce the number of non-inetd network services. List status of services (Red Hat/Fedora Core based systems): service -status-all List init settings including all xinetd controlled services: chkconfig -list This will edit the appropriate file (/etc/xinetd.d/wu-ftpd) and restart the xinetd process. Restart the daemon to apply changes: /etc/rc.d/init.d/xinetd restart Xinetd configuration must be performed for each and every file in the directory /etc/xinetd.d/ in order to configure each and every network Sample file: /etc/xinetd.d/wu-ftpd:Įdit the file: /etc/xinetd.d/service-nameĬhanging to the line "disable = yes" turns off an xinetd serivce.Ĭhanging to the line "disable = no" turns on an xinetd serivce. Xinetd (Red Hat 7.1): All network services are turned off by default during an upgrade. Restart the daemon to apply changes: /etc/rc.d/init.d/inetd restart Inetd (Red Hat 7.0 and earlier): Comment out un-needed services in the /etc/nf file.įtp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a The number of network services accessible through the xinet or inet daemon by: The more sevices exposed, the greater your vulnerability. It is best for security reasons that you reduce the number of network services exposed. See Distribution erratas and security fixes. Perform the following steps to secure your web site: Linux internet server security and configuration tutorial
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |