[luau] turning off radhat services
Chris Stark
cstark at hawaii.edu
Mon Mar 31 17:10:01 PST 2003
tburns at despammed.com wrote:
> rawdevices no idea, on.
This is for software like Oracle to be able to access a raw, unformatted
filesystem for improved performance, etc. Most desktop users won't need
this.
> ipchains iptables firewall stuff, one or other on. Actually my
> system has both on, a problem?
You probably don't need both. IP Tables is the newer of the two (and
probably the one you should go with).
> ntpd network time protocol daemon, has been a security
> hole, probably off.
Some network functions may rely on tight synchronization, so better to
configure it securely than to disable it, esp. if you're in a networked
environment.
> autofs no idea
RedHat's automounter daemon. If you have automounting configured on
your network, it's a nice facility, but otherwise unneeded.
> nscd no idea
Name service caching daemon. Can help to speed up network
authentication as well as domain name lookups for frequently visited
domain names. Not sure of any security woes; I use it.
> radvd no idea
Router advertizing daemon. Used if your machine functions as a gateway.
Most machines won't need this.
> isdn no idea
ISDN deamon for ISDN connections. Not needed unless you connect to the
net through ISDN.
> vncserver no idea
Deamon that allow remote desktop connections. Not particularly secure
by default, and if you're not specifically reliant on it, turn it off.
> yppasswdd ypserv ypxfrd samba?
The YP stuff is all related to NIS. NIS is riddled with security
problems, so don't use it unless you're behind a beefy firewall. A good
replacement is LDAP, as it can be configured to be quite secure, and it
can pretty easily replace NIS's functionality. A beefy firewall is
never a bad idea.
> winbind no idea
A companion daemon to SAMBA. When configured properly, it can
synchronize Windoze and UNIX/Linux passwords.
> all xinetd services seem to be off on this box, except sgi-fam,
> whatever that is.
sgi-fam is a security-related daemon that can monitor system file
integrity and network access attempts. I've never tried to configure
it, and I don't know of any compelling arguements for or against it.
Hope that helps,
Chris
More information about the LUAU
mailing list