Site icon Free Linux Tutorials

Top 15 Services to Remove for Securing Redhat or CentOS Linux

As part of the Best Security Practices, it is recommended to disable all services that are not required for normal operation to prevent the vulnerabilities exploitation of these services for Redhat Enterprise Linux (RHEL) or CentOS Linux.

These are the following services that need to audit, uninstall or remove to reduce the number of possible threats.

1.  Internet Service Daemon(Inetd) / eXtended Internet Daemon (Xinetd)
-is a super-server daemon that provides Internet services. Xinetd replaced the original inetd, and listens for well known services.

Command to check if xinetd is installed or not:

rpm -q xinetd

Recommendation: Remove the package/s to reduce attack area

dnf remove xinetd


2. X Windows System

– this provides the Graphical User Interface or GUI for users to have graphical login access, and interact with a mouse and keyboard.

Command to check if X Windows System is installed or not:

 rpm -qa xorg-x11*

Recommendation: Remove the package/s to reduce attack area

yum remove xorg-x11*
dnf remove xorg-x11*

3.  Common Unix Print System (CUPS)
– this enables a system to function as a print server

Command to check if CUPS is installed or not:

rpm -qa cups

Recommendation: Remove the package/s if system does not act as the Print Server to reduce attack area

systemctl disable cups
yum remove cups
dnf remove
cups

4. Avahi Server
-is a system that facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. It is a free zeroconf implementation that allows programs to discover and publish services or hosts running on a local network with no specific config.


Command to check if Avahi Server is installed or not:

rpm -qa avahi-daemon

Recommendation: Remove the package/s

systemctl disable avahi-daemon
yum remove avahi-daemon
dnf remove
avahi-daemon

5. Lightweight Directory Access Protocol (LDAP) Server
– is an open and cross platform software protocol that is used for directory services authentication.

Command to check if LDAP  is installed or not:

rpm -qa slapd

Recommendation: Remove the package if the system is not acting as the LDAP server to reduce attack area.

systemctl disable slapd
yum remove slapd
dnf remove
slapd

6. Network File System (NFS)
-it is a distributed file system protocol that enables user to access remote data and files , retrieval of data from multiple directories and disks across a shared network

Command to check if NFS is installed or not:

rpm -qa nfs

Recommendation: Remove the package if the system is not acting as the NFS server to reduce attack area. There are few ways to do this:

systemctl disable nfs
systemctl disable rpcbind
chkconfig portmap off
chkconfig nfs off
dnf remove nfs-utils
yum remove nfs-utils

7.  File Transfer Protocol (FTP) Server
-is a network protocol for transferring of files between computers .

Command to check if FTP is installed or not: (default installed is the VSFTP)

rpm -qa vsftpd

Recommendation: Remove the package if the system is not acting as the FTP server to reduce attack area.

systemctl disable vsftpd
dnf remove vsftpd
yum remove vsftpd

8. Samba Server
– it allows system admin to share file systems and directory with Windows desktops, via the Server Message Block (SMB) protocol.

Command to check if Samba is installed or not:

rpm -qa samba

Recommendation: Remove the package if the system is not acting as the FTP server to reduce attack area.

systemctl disable samba
yum remove samba
dnf remove samba

9. Network Information Service (NIS)
-is a client-server directory service protocol used for distributing system configuration files. It is formally known as Yellow Pages.

Command to check if  NIS is installed or not:

rpm -qa ypserv

Recommendation: Remove the package as it is an insecure system that has been vulnerable to attacks like DOS, buffer overflows and has poor authentication in terms of querying NIS maps.

systemctl disable ypserv
yum remove ypserv
dnf remove ypserv

 

10. HTTP Proxy Server
-it is a server application that acts as an intermediary for clients requests seeking resources from servers. It can cache data to speed up common HTTP requests. The standard proxy server used in many distributions is the “Squid”.

Command to check if  Squid is installed or not:

rpm -qa squid

Recommendation: Remove the package if the servers does not act as the HTTP proxy server to reduce potential attack

systemctl disable squid
yum remove squid
dnf remove squid

 

11. SNMP Server
– SNMP is a network-management protocol that is used to monitor network devices, collect statistics and performance.

Command to check if  SNMP server is installed or not:

rpm -qa snmpd

Recommendation: Remove the package if the servers does not act as the SNMP server.  SNMP client can keep.

systemctl disable snmpd
yum remove snmpd
dnf remove snmpd

12. DHCP Server
-a network server that dynamically assigns IP addresses and other network parameters to client devices

Command to check if  DHCP server is installed or not:

rpm -qa dhcpd

Recommendation: Remove the package if the servers does not act as the DCHP server to reduce potential attack

systemctl disable dhcpd
yum remove dhcpd
dnf remove dhcpd

13. Domain Name System (DNS) Server
-DNS is a system that translates domain names to IP addresses for computers, services or other network resources. The most common DNS server on Linux is Bind.

Command to check if  Bind server is installed or not:

rpm -qa named

Recommendation: Remove the package if the servers does not act as the DNS server to reduce potential attack

systemctl disable named
dnf remove named
yum remove named

14. HTTP or Web Server
-is a system that uses Hypertext Transfer Protocol(HTTP) to respond on requests by cliensts over the World Wide Web. There are few web servers (Refer to Top 5 Open-Source Web Servers on Linux ) that can run on Linux that need to be audited.

Command to check if  Apache server is installed or not:

rpm -qa httpd

Recommendation: Remove the package if the servers does not act as the Web server to reduce potential attack

systemctl disable httpd
yum remove httpd
dnf remove httpd

15. IMAP & POP3 Server
Internet Message Access Protocol (IMAP) Server or IMAP is an email protocol for retrieving and managing emails from the receiving server. It stores message on the server and synchronizes across multiple devices

Command to check if  IMAP server is installed or not:

rpm -qa doevecot

Recommendation: Remove the package if the servers does not act as the IMAP server to reduce potential attack

systemctl disable dovecot
yum remove dovecot
dnf remove dovecot

Post Office Protocol (POP3) Server
-3 stands for the latest version. It  is an email protocol for retrieving and managing emails from the receiving server. but compares to IMAP, it downloads email from a server to a single computer then deletes email from the server.

Command to check if  POP3 server is installed or not:

rpm -qa doevecot

Recommendation: Remove the package if the servers does not act as the POP3 server to reduce potential attack

systemctl disable dovecot
yum remove dovecot
dnf remove dovecot


Honorable Mention:

Rsync Service
– it is used to synchronize files between seems locally or over network links.

Command to check if  Rsync service is installed or not:

rpm -qa rsyncd

Recommendation: Remove the package if rysnc is not being used as it uses unencrypted protocols for communication to reduce attack area.

systemctl disable rsyncd
dnf remove rsyncd
yum remove rsyncd

Exit mobile version