4.4.3 Linux Host Security Facts

Check for unnecessary network services

1) Find all installed services and determine which are not needed: DNS, SNMP, DHCP, and others. a) systemctl --type=service --state=active 2) Use the man command and the internet to research services you don't recognize. a) If the service is not needed, determine if it is a dependency for another service. 3) Disable the service by using the following command: a) systemctl disable (servicename) 4) Use one of the following commands to immediately stop the script: a) systemctl stop (servicename) 5) Use one of the following commands to remove the script package entirely. a) yum erase (packagename) b) apt remove (packagename) c) rpm -e (packagename) d) dpky -r (packagename)

Socket

A socket is an endpoint of a bi-direction communication flow across a computer network.

Check network connections

Open network connections (open sockets) on a computer create a security risk. A socket is an endpoint of a bi-direction communication flow across a computer network. Use the following netstat (network statistics) options to identify the open network connections on Linux systems: a) -a lists both listening and non0listening sockets. b) -l (lowercase 'L') lists listening sockets. c) -s displays statistics for each protocol. d) -i displays a table of all network interfaces.

Local open ports

Open ports can provide information about which operating system a computer uses. Also, they can provide entry points or information about ways to formulate an attack. To locate open portsL 1) install the nmap utility if it is not already installed. a) yum install nmap b) apt -i nmap 2) Use both of the following commands to scan for open ports: a) nmap -sT (ipaddress|fqdn) scans for TCP ports b) nmap -sU (ipaddress|fqdn) scans for UDP ports 3) Determine which services use the open ports. 4) Disable any unused service using the pne ports information. (Make sure the service used is not a dependency for another service). a) systemctl disable (servicename) b) systemctl stop (servicename)

Remove Unnecessary Software

Unnecessary software occupies disk space and could introduce security flaws. To remove unnecessary software: 1) Enter one of the following commands: a) Yum list installed to see installed RPM packages on the computer b) apt b.1) apt autoremove - automatically remove unused packages. b.2) apt list list all installed packages c) dpkg get-selections - to seen installed Debian packages on the computer. 2) research the function of any unrecognized package to determine if it is necessary. 3) Use one of the following commands to uninstall unnecessary packages: a) yum erase (packageName) b) apt remove (packageName) c) rpm -e (packageName) d) dpkg -r (packageName)