In this lesson, I will discuss Linux and its services.
In this lesson, I will discuss Linux services.
Linux services are usually started up
on startup to run some kind of process on the system.
Software or services that are not used should be able
to decrease the attack surface of the system.
As with any operating system installation,
the system is already installed with general packages that may or may not be used.
One example of this is Bluetooth.
Do you necessarily need Bluetooth on a server?
I've never seen Bluetooth used on a server,
so that is definitely one that we can disable.
Let's look at Linux services.
And this is my CentOS system.
This is gonna be different from
Ubuntu and different from some of the other versions, however,
mainstream, in enterprises, we tend to use CentOS as I mentioned in previous lessons.
In order to see what services we have in startup,
we're gonna type in chkconfig.
We have netconsole, network, and splunk.
These are different runlevels here.
So we have runlevels zero through six.
And you'll notice that zero and one are off,
and then we have turned on for just the network portion,
runlevels two through five.
Now, I added splunk just to show
you what it would look like if that service were running on the server,
but I've since turned it off now.
If I had turned that back on,
which I can do real quick,
and then I'll type in chkconfig splunk on.
OK, and let's look at that first command again – I just type in "chkconfig".
And notice` that my runlevels again,
now they're turned on from two to five.
And let's turn that off again,
so chkconfig splunk off.
And I can do this with other services as well.
However, not many services come with chkconfig turned on.
In order to see what else is running in the system,
by the system account,
we're gonna type in systemctl.
Systemctl gives us what services are currently loaded and running in the kernel,
so things like kernel processes.
Here's one for printing down below.
CUPS is a standard printing service that we may want to disable.
Let's look at other things.
So Bluetooth, for example,
we don't need Bluetooth.
These are all... quite a few of these are
services that need to be disabled to make sure
that we decrease the attack surface of a system.
So in order to do that,
we're gonna disable a couple services here.
Notice that there's 152 processes running.
So I'm gonna type in systemctl and type in status.
Let's look at Bluetooth.
So here's our Bluetooth,
looks like it's active.
And if we type in systemctl status and then the service,
we can get a lot more information about what's running in the kernel.
So let's turn this off – systemctl bluetooth.
Oops. Let's type in
systemctl disable bluetooth.
Now let's look to see if it's running.
We're gonna type in status again.
It's disabled but it's still running,
so we would have to kill that process.
So what I did there is I typed in pkill bluetooth,
which means process kill,
and then the process name which is bluetooth.
And now notice that it's inactive.
So, it's dead.
So I've just turned off Bluetooth,
which is probably a good thing for my attack surface.
OK, let's briefly look at a couple more here.
And we'll type in "systemctl" again.