As part of Best Security Practices, it is recommended to remove service clients that are not required for normal operation to reduce local attack. Here are the following programs or clients that need to remove. (Not in particular order)
1.NIS Client
-it is used to bind a machine to NIS server, and receive the distributed config files. NIC is an insecure system and can be vulnerable to attacks like DOS, buffer overflows. It has poor authentication mechanism as well.
Command to verify if NIS is installed or not:
dpkg -s nis
Recommendation: to remove nis package
apt purge nis
2. Talk client
-it will allow initialization of talk sessions. Talk package uses an unencrypted communications protocol.
Command to verify if talk is installed or not:
dpkg -s talk
Recommendation: to remove talk package
apt purge talk
3. Telnet Client
-it allows users to establish connections to other systems via the telnet protocol. It is insecure and and not encrypted, meaning it could allow unauthorized users to steal credentials.
Note: Some users required telnet for testing and troubleshooting,e.g. if ports are open, so this depends on the environment and requirement.
Command to verify if telnet is installed or not:
dpkg -s telnet
Recommendation: to remove telnet
apt purge telnet
4. Lightweight Directory Access Protocol (LDAP) client
-LDAP provides a method of looking up information from a central database, and was a replacement to NIS.
Command to verify if LDAP client is installed or not:
dpkg -s ldap-utils
Recommendation: to remove LDAP client to reduce potential attack area
apt purge ldap-utils
5.Remote Procedure Call (RPC) client
– RPC is a method for creating low level client-server applications across different system archictectures, and it requires an RPC-compliant client for listening on network ports.
Command to verify if RPC client is installed or not:
dpkg -s rpbcind
Recommendation: to remove the supporting package “rpcbind” to reduce potential attack area
apt purge rpbcind
6. Remote Shell (RSH) client
-RSH is a program for remotely running command on remote computer which has been superceded by ssh.
Command to verify if rsh-client is installed or not:
dpkg -s rsh-client
Recommendation: to remove the rsh-client as it contains several security exposures and have been replaced with more secure program (SSH).
apt purge rsh-client
