| William H. Magill on Tue, 11 Mar 2003 15:54:07 -0500 |
|
On Tuesday, March 11, 2003, at 01:02 PM, Wayne Dawson wrote: At 07:27 AM 3/11/03 -0500, you wrote:On Tue, Mar 11, 2003 at 06:57:44AM -0800, Wayne Dawson wrote: > What exactly is a service? I wasn't following all of this and deleted most of the responses, but from a *nix point of view, a service is formally defined. Go look at "man services" "The services file contains information regarding the known services available in the DARPA Internet. For each service a single line should be present with the following information:" A service is something which your computer provides to external requests appearing on a particular port. A couple of the most well known services are: ftp, smtp, telnet, ssh, etc. This man page is describing the file /etc/services. System V and BSD use different mechanisms for starting up daemons at boot time. One uses the /etc/rc.* directory structure (System V) and the other uses the /etc/rc and /etc/rc.local structure (BSD). (OS X mucks it up even more, but we won't go there.) > I thought perhaps services are always processes that run whenever the
The mechanism for implementing each service is unique, but they are frequently daemon processes initiated at startup and are constantly running... but not always. Things like httpd are one example. Others are kicked off by inted when a request comes in for them like telnet or sshd. (see inetd.conf) Some can be configured to operate in either fashion sshd/popd/impad/ come to mind. Some daemons provide many services some only one; some are obscure... comsat is usually the most obtuse one -- it implements biff... which is what gives you the "you have mail" message. > ...where to look to find out for sure what these various services do? Unix man pages are notoriously poor at documenting Unix. This is because their purpose is NOT documentation, but rather to provide you a quick and ready reference to "jog your memory." Many things in Unix are patterned after, I think it was, Dennis Rtchie's explanation of Unix's notorious "silent failure mode" and the lack of useful error messages long ago -- "You know what you typed was wrong, so why bother to tell you what you already know. It didn't do what you wanted or expected, so you know it was wrong!" (This is one of the principle reasons why Unix has always been considered so difficult to "understand." The minimum level of knowledge necessary to be competent is very high. And without having read the "Supplemental Documents" (which they don't even print anymore) you had no hope of comprehending WHY many things were done. One tool for working with man pages which IS indispensable however, is "apropos" aka "man -k". This will search the man pages (in your MANPATH) for stuff. ("man man" and "man manpath"). Other things are components of other well-known packages -- nfs for example is where you will find info about nfslock, if it exists. I'm guessing that your "network" entry is from the /etc/rc.* directory or /sbin/init.d directory -- You will have to look at the scripts to find out what they actually do. They typically do multiple things. I don't run Red Hat, so mine is called "inet," which starts up your Internet connectivity... does the DHCP stuff, sets up IPv6 tunnels, etc., if configured to do so, > And which ones I can turn off?
Turn everything off and only turn on those which you want and/or UNDERSTAND. A classic example: you don't ever NEED telnetd. You want sshd. Not running an FTP server, you don't need ftpd. Running an FTP server? You probably want wuftpd instead. "ps axuw" is your friend. Why do you have Portmapper or nfsd running? Do you really want to let somebody else mount your file systems? Or access your system via rpc calls? Are you certain that you want snmpd running? Simple Network Management Protocol -- It advertises all kinds of information about your system to everybody on the Internet. If you are concerned about security, YOU will need to know what every process running on your system is doing and why. It's not a "cookbook" function. Why? Because if you don't know that is happening when somebody tells you "sudo cd /;/bin/ls -als" you can be, as they say, in seriously deep-dodo. Vendor defaults for Operating systems are notoriously wide open. Apple's OS X, is the only OS shipping with everything buttoned down (ie no remote access). You have to go through and start turning things on indiscriminately before you can seriously hurt yourself. You have to enable web and file serving, remote login, etc. (Alas, there ARE those who believe that the first thing they have to do is to enable a root login, instead of learning to use sudo. But that is a different issue.) With other Unix variations, including all of the Proprietary ones like AIX, HP-UX, IRIX, Solaris, Tru64 Unix, you have to turn off everything that you don't want -- and try to discover what weird things they turn on to support some weird "management" utility that only runs under Windoz. T.T.F.N. William H. Magill # Beige G3 - Rev A motherboard - 768 Meg # Flat-panel iMac (2.1) 800MHz - Super Drive - 768 Meg # PWS433a [Alpha 21164 Rev 7.2 (EV56)- 64 Meg]- Tru64 5.1a magill@mcgillsociety.org magill@acm.org magill@mac.com _________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|