Top 15 Services to Remove for Securing Ubuntu Linux

As part of the Best Security Practices, it is recommended to disable all services that are not required for normal operation to prevent the vulnerabilities exploitation of these services.

These are the following services that need to audit, uninstall or remove to reduce the number of possible threats.

1.  Internet Service Daemon(Inetd) / eXtended Internet Daemon (Xinetd)
-is a super-server daemon that provides Internet services. Xinetd replaced the original inetd, and listens for well known services.

Command to check if xinetd is installed or not:

dpkg -s xinetd

Recommendation: Remove the package/s to reduce attack area

apt purge xinetd


2. X Windows System

– this provides the Graphical User Interface or GUI for users to have graphical login access, and interact with a mouse and keyboard.

Command to check if X Windows System is installed or not:

dpkg -l xserver-xorg*

Recommendation: Remove the package/s to reduce attack area

apt purge xserver-xorg*

3.  Common Unix Print System (CUPS)
– this enables a system to function as a print server

Command to check if CUPS is installed or not:

dpkg -s cups

Recommendation: Remove the package/s if system does not act as the Print Server to reduce attack area

apt purge cups

4. Avahi Server
-is a system that facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. It is a free zeroconf implementation that allows programs to discover and publish services or hosts running on a local network with no specific config.


Command to check if Avahi Server is installed or not:

dpkg -s avahi-daemon

Recommendation: Remove the package/s

systemctl stop avahi-daaemon.service
systemctl stop avahi-daemon.socket
apt purge avahi-daemon

5. Lightweight Directory Access Protocol (LDAP) Server
– is an open and cross platform software protocol that is used for directory services authentication.

Command to check if LDAP  is installed or not:

dpkg -s slapd

Recommendation: Remove the package if the system is not acting as the LDAP server to reduce attack area.

apt purge slapd

6. Network File System (NFS)
-it is a distributed file system protocol that enables user to access remote data and files , retrieval of data from multiple directories and disks across a shared network

Command to check if NFS is installed or not:

dpkg -s nfs-kernel-server

Recommendation: Remove the package if the system is not acting as the NFS server to reduce attack area.

apt purge rpcbind

7.  File Transfer Protocol (FTP) Server
-is a network protocol for transferring of files between computers .

Command to check if FTP is installed or not: (default installed is the VSFTP)

dpkg -s vsftpd

Recommendation: Remove the package if the system is not acting as the FTP server to reduce attack area.

apt purge vsftpd

 

8. Samba Server
– it allows system admin to share file systems and directory with Windows desktops, via the Server Message Block (SMB) protocol.

Command to check if Samba is installed or not:

dpkg -s samba

Recommendation: Remove the package if the system is not acting as the FTP server to reduce attack area.

apt purge samba

9. Network Information Service (NIS)
-is a client-server directory service protocol used for distributing system configuration files. It is formally known as Yellow Pages.

Command to check if  NIS is installed or not:

dpkg -s nis

Recommendation: Remove the package as it is an insecure system that has been vulnerable to attacks like DOS, buffer overflows and has poor authentication in terms of querying NIS maps.

apt purge nis

 

10. HTTP Proxy Server
-it is a server application that acts as an intermediary for clients requests seeking resources from servers. It can cache data to speed up common HTTP requests. The standard proxy server used in many distributions is the “Squid”.

Command to check if  Squid is installed or not:

dpkg -s squid

Recommendation: Remove the package if the servers does not act as the HTTP proxy server to reduce potential attack

apt purge squid

 

11. SNMP Server
– SNMP is a network-management protocol that is used to monitor network devices, collect statistics and performance.

Command to check if  SNMP server is installed or not:

dpkg -s snmpd

Recommendation: Remove the package if the servers does not act as the SNMP server.  SNMP client can keep.

apt purge snmpd

12. DHCP Server
-a network server that dynamically assigns IP addresses and other network parameters to client devices

Command to check if  DHCP server is installed or not:

dpkg -s isc-dhcp-server

Recommendation: Remove the package if the servers does not act as the DCHP server to reduce potential attack

apt purge isc-dhcp-server

13. Domain Name System (DNS) Server
-DNS is a system that translates domain names to IP addresses for computers, services or other network resources. The most common DNS server on Linux is Bind.

Command to check if  Bind server is installed or not:

dpkg -s bind9

Recommendation: Remove the package if the servers does not act as the DNS server to reduce potential attack

apt purge bind9

14. HTTP or Web Server
-is a system that uses Hypertext Transfer Protocol(HTTP) to respond on requests by cliensts over the World Wide Web. There are few web servers (Refer to Top 5 Open-Source Web Servers on Linux ) that can run on Linux that need to be audited.

Command to check if  Apache server is installed or not:

dpkg -s apache2

Recommendation: Remove the package if the servers does not act as the Web server to reduce potential attack

apt purge apache2

15. IMAP & POP3 Server
Internet Message Access Protocol (IMAP) Server or IMAP is an email protocol for retrieving and managing emails from the receiving server. It stores message on the server and synchronizes across multiple devices

Command to check if  IMAP server is installed or not:

dpkg -s dovecot-imapd

Recommendation: Remove the package if the servers does not act as the IMAP server to reduce potential attack

apt purge dovecot-imapd

Post Office Protocol (POP3) Server
-3 stands for the latest version. It  is an email protocol for retrieving and managing emails from the receiving server. but compares to IMAP, it downloads email from a server to a single computer then deletes email from the server.

Command to check if  POP3 server is installed or not:

dpkg -s dovecot-pop3d

Recommendation: Remove the package if the servers does not act as the POP3 server to reduce potential attack

apt purge dovecot-pop3d


Honorable Mention:

Rsync Service
– it is used to synchronize files between seems locally or over network links.

Command to check if  Rsync service is installed or not:

dpkg -s rsync

Recommendation: Remove the package if rysnc is not being used as it uses unencrypted protocols for communication to reduce attack area.

apt purge rsync

About the author

Free Linux

View all posts

Leave a Reply