Is your web server running unnecessary software? Page 3

inetd is often also used to start identd. Or identd may run as a stand-alone service. Basically, identd (note this is identd not inetd) is used to return information (usually the username) of the user running the process that has a TCP/IP connection. Some believe that is needed to track down abuse, spam or to make better authentication; but, by default, identd is not secure, so its reporting may not be entirely reliable. Usually identd is considered to be not needed and I have successfully administrated a variety of webservers without any ident service.

atd is similar to cron, because it is also used to run scheduled jobs. Unless you specifically use the "at" capabilities, you don't need atd -- use cron instead.

gpm (or moused) is a program that allows you to use your mouse to cut and paste text on your console screen. This may be a handy feature, but is it really needed on a webserver? How often are you going to be sitting at the console and needing to use a mouse?

apmd is a daemon for use with an Advanced Power Management (APM) BIOS Interface-based system. If you're interested in your server going into standby or suspend modes or you need to monitor the battery usage, then use apmd. As you can tell, apmd is for laptops and or environment-friendly (or "green") machines; apmd is not needed for an always running webserver.

lpd is the line printer daemon -- basically it is for handling printer by managing spools (or queues). If you don't need a constantly, readily available printer for your webserver, then lpd shouldn't be running. If you do need to print out something, simply copy it to another computer or temporarily turn on lpd (make sure it is configured so outside computers can't access it).

Sendmail is a MTA -- a mail transfer agent. Some other popular MTAs include Exim, qmail and postfix. These MTAs can be used as a mail server to listen for incoming email and/or to relay email to another server. If your server is not providing email services -- or in other words, is not a mail server, then sendmail doesn't need to be always running. If improperly configured, sendmail can be abused; for example, spammers may be able to relay mail through your system. (Some admins run the MTA via inetd -- so another good reason to disable inetd.)

Do not remove the MTA -- your system will still need it to send out email. (But you should consider configuring it, so it can't listen to to the network.) Also, some admins believe that sendmail needs to be always running to manage the queue. Unless, you have some huge amount of email activity, use cron to have sendmail process its queue a few times a day. (This doesn't mean that it will only send mail a few times a day. sendmail will try to send the email when first invoked -- it will only queue it if it had a problem.)

portmap (or rpc.portmap) is a server that converts RPC program numbers to DARPA protocol port numbers. Huh? Basically, portmap is used to help with RPC-type services like NFS (Network File System). (rpcbind is similar to portmap). So, unless you use NFS, you probably don't need portmap running. You may have other processes running that provide RPC or NFS services (such as nfsd, rpc.mountd, rpc.nfsd, rpc.statd and rpc.lockd). Again if you don't use them, then they can be disabled.

Of course, there are numerous other programs that may be running. Some other examples of programs that aren't needed (and probably should be stopped) include xfs, fvwm, xinit and X.

If you use remote management tools (like webmin or Comanche), you may need to keep inetd or other daemons running to be able to use them. Be sure to also read the tool's documentation.

Use your manual pages, system documentation and search engines (like Google's Usenet Search) to learn more about any other daemons and to help you make a decision.

This article was originally published on Feb 20, 2001

Thanks for your registration, follow us on our social networks to keep up-to-date