As part of the Best Security Practices, it is recommended to disable all services that are not required for normal operation to prevent the vulnerabilities exploitation of these services.
These are the following services that need to audit, uninstall or remove to reduce the number of possible threats.
1. Internet Service Daemon(Inetd) / eXtended Internet Daemon (Xinetd)
-is a super-server daemon that provides Internet services. Xinetd replaced the original inetd, and listens for well known services.
Command to check if xinetd is installed or not:
dpkg -s xinetd
Recommendation: Remove the package/s to reduce attack area
apt purge xinetd
2. X Windows System
– this provides the Graphical User Interface or GUI for users to have graphical login access, and interact with a mouse and keyboard.
Command to check if X Windows System is installed or not:
dpkg -l xserver-xorg*
Recommendation: Remove the package/s to reduce attack area
apt purge xserver-xorg*
3. Common Unix Print System (CUPS)
– this enables a system to function as a print server
Command to check if CUPS is installed or not:
dpkg -s cups
Recommendation: Remove the package/s if system does not act as the Print Server to reduce attack area
apt purge cups
4. Avahi Server
-is a system that facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. It is a free zeroconf implementation that allows programs to discover and publish services or hosts running on a local network with no specific config.
Command to check if Avahi Server is installed or not:
dpkg -s avahi-daemon
Recommendation: Remove the package/s
systemctl stop avahi-daaemon.service
systemctl stop avahi-daemon.socket
apt purge avahi-daemon
5. Lightweight Directory Access Protocol (LDAP) Server
– is an open and cross platform software protocol that is used for directory services authentication.
Command to check if LDAP is installed or not:
dpkg -s slapd
Recommendation: Remove the package if the system is not acting as the LDAP server to reduce attack area.
apt purge slapd
6. Network File System (NFS)
-it is a distributed file system protocol that enables user to access remote data and files , retrieval of data from multiple directories and disks across a shared network
Command to check if NFS is installed or not:
dpkg -s nfs-kernel-server
Recommendation: Remove the package if the system is not acting as the NFS server to reduce attack area.
apt purge rpcbind
7. File Transfer Protocol (FTP) Server
-is a network protocol for transferring of files between computers .
Command to check if FTP is installed or not: (default installed is the VSFTP)
dpkg -s vsftpd
Recommendation: Remove the package if the system is not acting as the FTP server to reduce attack area.
apt purge vsftpd
8. Samba Server
– it allows system admin to share file systems and directory with Windows desktops, via the Server Message Block (SMB) protocol.
Command to check if Samba is installed or not:
dpkg -s samba
Recommendation: Remove the package if the system is not acting as the FTP server to reduce attack area.
apt purge samba
9. Network Information Service (NIS)
-is a client-server directory service protocol used for distributing system configuration files. It is formally known as Yellow Pages.
Command to check if NIS is installed or not:
dpkg -s nis
Recommendation: Remove the package as it is an insecure system that has been vulnerable to attacks like DOS, buffer overflows and has poor authentication in terms of querying NIS maps.
apt purge nis
10. HTTP Proxy Server
-it is a server application that acts as an intermediary for clients requests seeking resources from servers. It can cache data to speed up common HTTP requests. The standard proxy server used in many distributions is the “Squid”.
Command to check if Squid is installed or not:
dpkg -s squid
Recommendation: Remove the package if the servers does not act as the HTTP proxy server to reduce potential attack
apt purge squid
11. SNMP Server
– SNMP is a network-management protocol that is used to monitor network devices, collect statistics and performance.
Command to check if SNMP server is installed or not:
dpkg -s snmpd
Recommendation: Remove the package if the servers does not act as the SNMP server. SNMP client can keep.
apt purge snmpd
12. DHCP Server
-a network server that dynamically assigns IP addresses and other network parameters to client devices
Command to check if DHCP server is installed or not:
dpkg -s isc-dhcp-server
Recommendation: Remove the package if the servers does not act as the DCHP server to reduce potential attack
apt purge isc-dhcp-server
13. Domain Name System (DNS) Server
-DNS is a system that translates domain names to IP addresses for computers, services or other network resources. The most common DNS server on Linux is Bind.
Command to check if Bind server is installed or not:
dpkg -s bind9
Recommendation: Remove the package if the servers does not act as the DNS server to reduce potential attack
apt purge bind9
14. HTTP or Web Server
-is a system that uses Hypertext Transfer Protocol(HTTP) to respond on requests by cliensts over the World Wide Web. There are few web servers (Refer to Top 5 Open-Source Web Servers on Linux ) that can run on Linux that need to be audited.
Command to check if Apache server is installed or not:
dpkg -s apache2
Recommendation: Remove the package if the servers does not act as the Web server to reduce potential attack
apt purge apache2
15. IMAP & POP3 Server
–Internet Message Access Protocol (IMAP) Server or IMAP is an email protocol for retrieving and managing emails from the receiving server. It stores message on the server and synchronizes across multiple devices
Command to check if IMAP server is installed or not:
dpkg -s dovecot-imapd
Recommendation: Remove the package if the servers does not act as the IMAP server to reduce potential attack
apt purge dovecot-imapd
Post Office Protocol (POP3) Server
-3 stands for the latest version. It is an email protocol for retrieving and managing emails from the receiving server. but compares to IMAP, it downloads email from a server to a single computer then deletes email from the server.
Command to check if POP3 server is installed or not:
dpkg -s dovecot-pop3d
Recommendation: Remove the package if the servers does not act as the POP3 server to reduce potential attack
apt purge dovecot-pop3d
Honorable Mention:
Rsync Service
– it is used to synchronize files between seems locally or over network links.
Command to check if Rsync service is installed or not:
dpkg -s rsync
Recommendation: Remove the package if rysnc is not being used as it uses unencrypted protocols for communication to reduce attack area.
apt purge rsync
