Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Portal: Killing Daemons!

Sep 25, 2000, 07:35 (2 Talkback[s])
(Other stories by Jay Bealle)

"If you install most Linux distributions, including Red Hat 6.x in the "Server" configuration, you'll find a number of optional system "daemons" running. Given the normal path of discovery of security vulnerabilities , one or more of these (totally optional) programs might have a bug that attackers can exploit to get root access. The problem is this: most system administrators don't know what all those programs on their systems do ! This article attempts to clear up the confusion, by describing the purpose of each of the running daemons on a Red Hat 6.1/6.x "Server" box and often giving suggestions for deactivation. While this article is a "must-read" for every Red Hat/Mandrake system administrator, executives should find this article useful as well, to get a general understanding and to help set a security policy."

"Most Linux distributions/Unices, by default, run a number of optional background system programs, regardless of whether you need them. These "daemons" might include an FTP server, printer daemon, or NFS system. The vendor does this as a matter of convenience and ease for users. The end user doesn't have to remember how to activate the FTP server, easing phone support costs on the vendor. Unfortunately, this provides convenience to another class of people: system crackers! It radically increases their chances of cracking your system! Why?"

"Well, each system daemon has a probability of possessing a security vulnerability, a bug that a cracker can exploit to get access. The more activated system daemons, the higher a chance that the box has a vulnerable one. Since almost all either run as superuser (root), these are all dangerous places to have a security bug. So, we very carefully try to reduce the total number and then take steps to configure the ones that we must leave running. We're applying computer security's Principle of Applied Minimalism: reduce the number of possible paths to system compromise by reducing the number of privileged programs. Let's get to the example that forms the basis for this article, Red Hat 6.1."

Complete Story

Related Stories: