[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: System security question



On Sat, Jan 06, 2001 at 02:15:53AM +1100, Martin Bishop wrote:
> Netstat shows the following services on my home machine:
> 
> Active Internet connections (servers and established)
> *:printer

This is lpd.  You only need this if your mascine has a printer
atteched to it AND accepts print jobs from other PCs.  Id you don't
have a printer then don't run lpd.  If you have a printer but only
print locally, I think you can unbind the tcp port but I'd have to
look it up.  I really hate lpd; I think it's the worst part of
unix-like systems.

> *:dict

This is a dictionary server ... not sure why you're running this :)

> *:sunrpc

You only need this if you're running NFS or NIS (or some other RPC
service).  Chances are you're not, so remove the start links for
portmap.

> *:auth

This is the ident (RFC1412) protocol ... it's stupid but lots of
servers want to connect here before they let you use the service.
I recommend oidentd.

> *:smtp

Unless you _receive_ mail from the network, you don't need to bind to
the smtp port.  For sending mail you simply need to run through the
queue periodically.  Exim used to have a default setup where reception
was controlled by inetd and sending was a cronjob.  I'm sure this is
still documented somewhere (in other words, you don't run exim as a
daemon, you fire off a queue runner every 10 minutes ...)

HTH,

-- 
Nathan Norman - Staff Engineer | A good plan today is better
Micromuse Inc.                 | than a perfect plan tomorrow.
mailto:nnorman@micromuse.com   |   -- Patton

Attachment: pgpxNmQxckf6S.pgp
Description: PGP signature


Reply to: