ServersIs your web server running unnecessary software? Page 2

Is your web server running unnecessary software? Page 2




If your webserver is a dedicated for serving up webpages, then it needs
to be cleaned up. In removing services, you have a few options,
including disabling them from starting up, removing the executable
files, or uninstalling the appropriate software packages.

What are all these programs?

So how do I know where to get started? What are all these programs?
Over the past few years, I have logged on to a variety of different
Unix-type boxes — and I have encountered a huge variety of different
running processes. I have to admit that I don’t know what they all are or
what they are needed for. So you may find it simpler to first decide on what
is needed. Make a list of the programs running and start checking
whether they are needed or not. This may take a little research. Some
administrators are cavalier (or brave or lucky) and simply disable any
unknown process.

You know you need apache or httpd. Plus you’ll need init — which is
also called the “parent of all processes”. init normally begins the
system’s multi-user operation. Also, init starts getty (or mingetty for
example) for user logins. In addition, your particular kernel may start
a variety of special system processes or threads. These are often shown
in parentheses or brackets in the ps listing. This article will ignore
these special processes — so we won’t try to find a way to disable
them.

The next two important processes are cron and syslogd. cron is used to
run scheduled jobs. For example, cron can be configured via crontab (or
/etc/crontab) to start a variety of important system tasks, such as nightly
security checks, generating website analysis reports, rotating old log
files (so they don’t become to large and unmanageable) and doing backups.
cron is useful for executing programs to complete a task instead of having
the particular program always running.

syslogd is daemon that listens for logging messages and usually logs
this information to certain files (under /var/log/). Usually, Apache is
configured to do its own logging, but syslogd is important for recording
other system information, such as attempted logins, email activity and a
wide variety of other information. The syslog daemon on your system may
have another name, such as nsyslogd or syslogd-ng. Your system may also
need to be running klogd, which is another logging daemon for kernel
messages.

In addition, you’ll need a way to login to the system. You already have
getty running, but most likely it is configured for local console access.
I’d suggest running sshd (running as a stand-alone daemon or invoked by
a separate program). sshd is also useful for transferring files.

The rest of the constantly running programs are usually not needed. Some
examples of some often-installed and running programs include inetd,
atd, gpm (or moused), apmd, lpd, sendmail and portmap.

inetd — often called the “super-server” — listens for network
connections and then starts the appropriate corresponding program as
configured. There are a few similar programs that are often used as
alternatives, such as xinetd and tcpserver. inetd is often used to
listen for FTP, telnet and POP3 connections. By default, all three of
these are insecure and are not needed for a dedicated webserver. (In
addition, inetd can be used to provide simple services like time and
echo.) inetd is usually not required — and it is interesting to note
that many operating systems include the inetd configuration file with
nothing enabled (everything commented out). If you must use inetd (or
similar program), be sure to disable everything that is not needed.

Latest Posts

Related Stories