Step 7: Check Configuration for Necessary Services


Technically speaking, it is possible to have a service running but not be able to access it because of the security configuration of the network interface. Network interface security controls like iptables can be configured so that access is denied even though the service is configured and operating correctly on the server. In the next chapter, you will learn more about iptables and how you can use it to protect your system. The best system configuration is one where there is continuity between the services and security restrictions of the network interfaces.

There are three different approaches you can use to determine if a service is running:

  • Check the configuration

  • Probe the service

  • Look for the service in memory

Check the Configuration

Go back and start the GUI you used to turn off the services. Check and make sure things are configured the way you meant them to be. Make sure you did not leave anything still running that isn t necessary. Alternatively, you can take a more direct method and try the chkconfig command as shown in step 4.

Probe the Service

In Chapter 14, you are shown how to scan the ports of your server for services. After reading Chapter 14, try a port scan and compare your findings to verify that only the services you expect are answering on a port. If a service is responding that shouldn t be, go back to step 4 and alter the services configuration. Complete the rest of the cycle by rebooting and checking again. If nmap is used, it generally gives you enough info about the services. Otherwise, it s a good idea to use the /etc/services file to define what ports correspond to what services.

Look for the Service in Memory

This technique can be used to determine if any kind of program is currently running. This will not determine whether the Internet daemon would start something up, since those services will only be in memory when a client program s activity initiates it.

To do so, you can use commands like ps , netstat , or lsof to make sure that service daemons are not running. The following examples show how each command could be used to look for the mailer daemon. In Red Hat, type

 ps aux grep -v grep  grep sendmail 

In SUSE, type

 ps aux grep -v grep  grep postfix 

If you intend to turn off the mailer daemon but these commands return any information, you have made a mistake and the mailer daemon is indeed in memory.

If the command does return information, return to step 4 and try again.

The netstat command can supply a lot of useful information, but we can t review it all here. Use netstat to see your network connections. Type the command

 netstat -ap  grep -i listen  more 

and it will list the network services that are listening for connections. This works the same in both Red Hat and SUSE. If you see a line with SMTP and you have intended to turn the mail daemon off, return to step 4.

Another powerful tool, lsof , can show what files are open on your computer. This is another approach for looking for which services are running. In either Red Hat or SUSE, type

 lsof grep smtp 

If you are trying to turn off the mail daemon but this command returns content, return to step 4.




Hardening Linux
Hardening Linux
ISBN: 0072254971
EAN: 2147483647
Year: 2004
Pages: 113

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net