Is your web server running unnecessary software? Page 2

If your webserver is a dedicated for serving up webpages, then it needs to be cleaned up. In removing services, you have a few options, including disabling them from starting up, removing the executable files, or uninstalling the appropriate software packages.

What are all these programs?

So how do I know where to get started? What are all these programs? Over the past few years, I have logged on to a variety of different Unix-type boxes -- and I have encountered a huge variety of different running processes. I have to admit that I don't know what they all are or what they are needed for. So you may find it simpler to first decide on what is needed. Make a list of the programs running and start checking whether they are needed or not. This may take a little research. Some administrators are cavalier (or brave or lucky) and simply disable any unknown process.

You know you need apache or httpd. Plus you'll need init -- which is also called the "parent of all processes". init normally begins the system's multi-user operation. Also, init starts getty (or mingetty for example) for user logins. In addition, your particular kernel may start a variety of special system processes or threads. These are often shown in parentheses or brackets in the ps listing. This article will ignore these special processes -- so we won't try to find a way to disable them.

The next two important processes are cron and syslogd. cron is used to run scheduled jobs. For example, cron can be configured via crontab (or /etc/crontab) to start a variety of important system tasks, such as nightly security checks, generating website analysis reports, rotating old log files (so they don't become to large and unmanageable) and doing backups. cron is useful for executing programs to complete a task instead of having the particular program always running.

syslogd is daemon that listens for logging messages and usually logs this information to certain files (under /var/log/). Usually, Apache is configured to do its own logging, but syslogd is important for recording other system information, such as attempted logins, email activity and a wide variety of other information. The syslog daemon on your system may have another name, such as nsyslogd or syslogd-ng. Your system may also need to be running klogd, which is another logging daemon for kernel messages.

In addition, you'll need a way to login to the system. You already have getty running, but most likely it is configured for local console access. I'd suggest running sshd (running as a stand-alone daemon or invoked by a separate program). sshd is also useful for transferring files.

The rest of the constantly running programs are usually not needed. Some examples of some often-installed and running programs include inetd, atd, gpm (or moused), apmd, lpd, sendmail and portmap.

inetd -- often called the "super-server" -- listens for network connections and then starts the appropriate corresponding program as configured. There are a few similar programs that are often used as alternatives, such as xinetd and tcpserver. inetd is often used to listen for FTP, telnet and POP3 connections. By default, all three of these are insecure and are not needed for a dedicated webserver. (In addition, inetd can be used to provide simple services like time and echo.) inetd is usually not required -- and it is interesting to note that many operating systems include the inetd configuration file with nothing enabled (everything commented out). If you must use inetd (or similar program), be sure to disable everything that is not needed.

This article was originally published on Feb 20, 2001

Thanks for your registration, follow us on our social networks to keep up-to-date