Hi,
I'm working through the security quick start how to, and I'm not clear
on what services are required and which ones I can safely remove. I'm
running a single laptop, which I connect to the net via wireless at
home or at cafes, and via an ethernet cable at work.
1) I never login remotely, so I think I can safely do away with
openssh-server?
tcp6 *:ssh *:* LISTEN 3026/sshd
2) The how-to suggests that for my setup I don't need anything to do
with NFS - netstat reports rpc.statd and portmap as listening. Can I
just purge nfs-common and portmap?
tcp *:37381 *:* LISTEN 2603/rpc.statd
tcp *:sunrpc *:* LISTEN 2578/portmap
3) I have apache installed as a dependency of doc-central. netstat
shows it to be listening to all interfaces. Is there a way to set it
to listen only for local connections? I don't understand this very
well, but it seems I shouldn't need to listen to anyone from the
outside to connect to my docs.
tcp *:www *:* LISTEN 3826/apache
4) The only remaining listeners I have are:
tcp localhost:929 *:* LISTEN 3721/famd
tcp *:auth *:* LISTEN 3661/inetd
tcp localhost:smtp *:* LISTEN 3385/exim4
What is auth? Since famd and exim4 are only listening to localhost,
can I conclude they are not a security risk?
Thanks for your help,
Tyler
--