On 27 June 2017 at 19:53, Kevin Cozens via talk <talk@gtalug.org> wrote: > On 2017-06-27 07:37 PM, Truth Hacker via talk wrote: >> >> I am starting to go down the road to harden a Linux server, I am using >> the Ubuntu server image as my starting point. > > [snip] >> >> Q: What service should I consider disabling from starting automatically. > > > Disable any service you won't need for what you are going to be doing with > the machine. :)
Better still, uninstall... The OpenBSD philosophy is that they set up virtually all services as deactivated by default; you are expected to configure and activate anything that you need. That's philosophically pretty approprate. Unfortunately, some services may induce others that you weren't expecting. At any rate, reviewing /etc/init.d, /lib/systemd/system, and such is a wise idea. > You may also want to "chmod 711 /etc", FWIW. That means that non-root-space applications will have no access to their configuration in /etc, thereby breaking services. Notable ones I notice there include: - Oops, your shell can't get at defaults under /etc - Postgres default configuration on my Debian system - MySQL default configuration It also breaks users' DNS resolution, normally controlled by /etc/resolv.conf /etc/passwd is probably needful too... I wouldn't be too quick to chmod /etc ... -- When confronted by a difficult problem, solve it by reducing it to the question, "How would the Lone Ranger handle this?" --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk