Top 6 Service Clients to remove for Securing Ubuntu Linux

As part of Best Security Practices, it is recommended to remove service clients that are not required for normal operation to reduce local attack. Here are the following programs or clients that need to remove. (Not in particular order)

1.NIS Client
-it is used to bind a machine to NIS server, and receive the distributed config files. NIC is an insecure system and can be vulnerable to attacks like DOS, buffer overflows. It has poor authentication mechanism as well.

Command to verify if NIS is installed or not:

dpkg -s nis

Recommendation: to remove nis package

apt purge nis

2. Talk client
-it will allow initialization of talk sessions. Talk package uses an unencrypted communications protocol.

Command to verify if talk is installed or not:

dpkg -s talk

Recommendation: to remove talk package

apt purge talk

3. Telnet Client
-it allows users to establish connections to other systems via the telnet protocol. It is insecure and and not encrypted, meaning it could allow unauthorized users to steal credentials.
Note: Some users required telnet for testing and troubleshooting,e.g. if ports are open, so this depends on the environment and requirement.

Command to verify if telnet is installed or not:

dpkg -s telnet

Recommendation: to remove telnet

apt purge telnet

4. Lightweight Directory Access Protocol (LDAP) client
-LDAP provides a method of looking up information from a central database, and was a replacement to NIS.

Command to verify if LDAP client is installed or not:

dpkg -s ldap-utils

Recommendation: to remove LDAP client to reduce potential attack area

apt purge ldap-utils

5.Remote Procedure Call (RPC) client
– RPC is a method for creating low level client-server applications across different system archictectures, and it requires an RPC-compliant client for listening on network ports.

Command to verify if RPC client is installed or not:

dpkg -s rpbcind

Recommendation: to remove the supporting package “rpcbind” to reduce potential attack area

apt purge rpbcind

6. Remote Shell (RSH) client
-RSH is a program for remotely running command on remote computer which has been superceded by ssh.

Command to verify if rsh-client is installed or not:

dpkg -s rsh-client

Recommendation: to remove the rsh-client as it contains several security exposures and have been replaced with more secure program (SSH).

apt purge rsh-client

About the author

Free Linux

View all posts

Leave a Reply