Shutting Down Servers

The next step in protecting yourself from server abuse is to shut it down entirely. Linux systems today ship with fewer servers active than did Linux systems a few years ago, so chances are you won't find many unnecessary servers running. You may find some, though, and if a server is truly unnecessary, the best course of action is to shut it down. Doing so not only protects you from abuse, but is also likely to reduce the memory load on the computer, thereby improving its performance at other tasks.

Chapter 22 covers methods used to start up servers. If you detect a truly unnecessary server, you may want to check each of these methods of startup and, when you find how the server is starting, disable it. The most common methods are listed here:

SysV Startup Scripts Most distributions use SysV startup scripts, located in /etc/init.d, /etc/rc.d, or/etc/init.d/rc.d, to start servers. You can remove these startup scripts or rename the links to them in directories such as /etc/init.d/rc?.d so that the links' names start with K rather than S. These actions should cause the server to not start up when you next reboot the computer.

Super Servers The inetd and xinetd super servers launch many servers. Reconfiguring these servers is a matter of editing the /etc/inetd.conf file for inetd, or the /etc/xinetd.conf file or files in /etc/xinetd.d for xinetd.

Local Startup Scripts If you installed a server yourself from source code, it may be started through a local startup script, such as Mandrake or Red Hat's/etc/rc.d/rc.local or SuSE's/etc/init.d/boot.local.

The output of netstat can help you to localize the startup method. If inetd or xinetd controls a port, you can go straight to the super server's configuration file. If netstat shows that the server itself is listening on the port, you should investigate SysV startup scripts, and if you can't find anything there, look for local startup scripts.

After you change the configuration, you may need to shut down the server manually using kill, as described in Chapter 14. If a SysV startup script is present, you can pass the stop parameter to it, as in /etc/init.d/ssh stop to shut down the SSH server. If a server is launched from a super server, passing a SIGHUP to the super server should have it reread its configuration file, thereby stopping responses by the servers you've disabled. For instance, killall -HUP inetd tells inetd to reread its configuration file.

Shutting down a server is a very effective means of preventing it from responding to requests, and hence from being a potential security threat; however, there's always the chance that it will be run again. For instance, a software upgrade might restore configuration files that launch the server, or you might have misidentified the startup mechanism. You might be willing to tolerate this risk if you want to occasionally run the server; however, if you never want to run the server again, shutting it down isn't the best option. Instead, you should completely remove it from the system.

0 0

Post a comment