Post

Linux - Services

Services

things to close: (decrease attack surface)

  • bluetooth
  • linux GUI, X server yum groupremove - X windows systme
  • IPv6 is not used.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
check the Services

$ systemctl
// what services are currently loaded and running in the kernel processes.
UNIT                      LOAD   ACTIVE SUB       DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active waiting   Arbitrary
sys-devices-platform-serial8250-tty-ttyS1.device loaded active plug
sys-devices-platform-serial8250-tty-ttyS2.device loaded active plug
sys-devices-platform-serial8250-tty-ttyS3.device loaded active plug
sys-devices-pnp0-00:06-tty-ttyS0.device loaded active plugged   /sy
sys-devices-vbd\x2d768-block-xvda-xvda1.device loaded active plugge
sys-devices-vbd\x2d768-block-xvda.device loaded active plugged   /s
sys-devices-vif\x2d0-net-eth0.device loaded active plugged   /sys/d
sys-devices-virtual-block-loop0.device loaded active plugged   /sys
sys-devices-virtual-block-loop1.device loaded active plugged   /sys
sys-devices-virtual-block-loop2.device loaded active plugged   /sys
sys-devices-virtual-block-loop3.device loaded active plugged   /sys
sys-devices-virtual-block-ram0.device loaded active plugged   /sys/
sys-devices-virtual-block-ram1.device loaded active plugged   /sys/
sys-devices-virtual-block-ram10.device loaded active plugged   /sys
sys-devices-virtual-block-ram11.device loaded active plugged   /sys
sys-devices-virtual-block-ram12.device loaded active plugged   /sys
sys-devices-virtual-block-ram13.device loaded active plugged   /sys
sys-devices-virtual-block-ram14.device loaded active plugged   /sys
sys-devices-virtual-block-ram15.device loaded active plugged   /sys
sys-devices-virtual-block-ram2.device loaded active plugged   /sys/
sys-devices-virtual-block-ram3.device loaded active plugged   /sys/
sys-devices-virtual-block-ram4.device loaded active plugged   /sys/
sys-devices-virtual-block-ram5.device loaded active plugged   /sys/
sys-devices-virtual-block-ram6.device loaded active plugged   /sys/
sys-devices-virtual-block-ram7.device loaded active plugged   /sys/
sys-devices-virtual-block-ram8.device loaded active plugged   /sys/
sys-devices-virtual-block-ram9.device loaded active plugged   /sys/
sys-devices-virtual-misc-rfkill.device loaded active plugged   /sys
sys-devices-virtual-tty-ttyprintk.device loaded active plugged   /s
sys-module-fuse.device    loaded active plugged   /sys/module/fuse
sys-subsystem-net-devices-eth0.device loaded active plugged   /sys/
-.mount                   loaded active mounted   /
dev-hugepages.mount       loaded active mounted   Huge Pages File S
dev-mqueue.mount          loaded active mounted   POSIX Message Que
run-user-1000.mount       loaded active mounted   /run/user/1000
run-user-112-gvfs.mount   loaded active mounted   /run/user/112/gvf
run-user-112.mount        loaded active mounted   /run/user/112
snap-amazon\x2dssm\x2dagent-1480.mount loaded active mounted   Moun
snap-amazon\x2dssm\x2dagent-1566.mount loaded active mounted   Moun
snap-core-8268.mount      loaded active mounted   Mount unit for co
snap-core-8935.mount      loaded active mounted   Mount unit for co
sys-fs-fuse-connections.mount loaded active mounted   FUSE Control
sys-kernel-debug.mount    loaded active mounted   Debug File System
var-lib-lxcfs.mount       loaded active mounted   /var/lib/lxcfs
acpid.path                loaded active running   ACPI Events Check
cups.path                 loaded active running   CUPS Scheduler
systemd-ask-password-console.path loaded active waiting   Dispatch
systemd-ask-password-wall.path loaded active waiting   Forward Pass
systemd-networkd-resolvconf-update.path loaded active waiting   Tri
init.scope                loaded active running   System and Servic
session-28.scope          loaded active running   Session 28 of use
session-c1.scope          loaded active running   Session c1 of use
accounts-daemon.service   loaded active running   Accounts Service
acpid.service             loaded active running   ACPI event daemon
apparmor.service          loaded active exited    LSB: AppArmor ini
apport.service            loaded active exited    LSB: automatic cr
atd.service               loaded active running   Deferred executio
avahi-daemon.service      loaded active running   Avahi mDNS/DNS-SD
cloud-config.service      loaded active exited    Apply the setting
cloud-final.service       loaded active exited    Execute cloud use
cloud-init-local.service  loaded active exited    Initial cloud-ini
cloud-init.service        loaded active exited    Initial cloud-ini
colord.service            loaded active running   Manage, Install a
console-setup.service     loaded active exited    Set console font
cron.service              loaded active running   Regular backgroun
cups-browsed.service      loaded active running   Make remote CUPS
cups.service              loaded active running   CUPS Scheduler
dbus.service              loaded active running   D-Bus System Mess
firewalld.service         loaded active running   firewalld - dynam
getty@tty1.service        loaded active running   Getty on tty1
grub-common.service       loaded active exited    LSB: Record succe
ifup@eth0.service         loaded active exited    ifup for eth0
irqbalance.service        loaded active exited    LSB: daemon to ba
iscsid.service            loaded active running   iSCSI initiator d
keyboard-setup.service    loaded active exited    Set console keyma
kmod-static-nodes.service loaded active exited    Create list of re
lightdm.service           loaded active running   Light Display Man
lvm2-lvmetad.service      loaded active running   LVM2 metadata dae
lvm2-monitor.service      loaded active exited    Monitoring of LVM
lxcfs.service             loaded active running   FUSE filesystem f
lxd-containers.service    loaded active exited    LXD - container s
mdadm.service             loaded active running   LSB: MD monitorin
networking.service        loaded active exited    Raise network int
NetworkManager-wait-online.service loaded active exited    Network
NetworkManager.service    loaded active running   Network Manager
ondemand.service          loaded active exited    LSB: Set the CPU
open-iscsi.service        loaded active exited    Login to default
polkitd.service           loaded active running   Authenticate and
rc-local.service          loaded active exited    /etc/rc.local Com
resolvconf.service        loaded active exited    Nameserver inform
rsyslog.service           loaded active running   System Logging Se
rtkit-daemon.service      loaded active running   RealtimeKit Sched
serial-getty@ttyS0.service loaded active running   Serial Getty on
setvtrgb.service          loaded active exited    Set console schem
snap.amazon-ssm-agent.amazon-ssm-agent.service loaded active runnin
snapd.seeded.service      loaded active exited    Wait until snapd
snapd.service             loaded active running   Snappy daemon
speech-dispatcher.service loaded active exited    LSB: Speech Dispa
ssh.service               loaded active running   OpenBSD Secure Sh
systemd-journal-flush.service loaded active exited    Flush Journal
systemd-journald.service  loaded active running   Journal Service
systemd-logind.service    loaded active running   Login Service
systemd-modules-load.service loaded active exited    Load Kernel Mo
systemd-random-seed.service loaded active exited    Load/Save Rando
systemd-remount-fs.service loaded active exited    Remount Root and
systemd-sysctl.service    loaded active exited    Apply Kernel Vari
systemd-timesyncd.service loaded active running   Network Time Sync
systemd-tmpfiles-setup-dev.service loaded active exited    Create S
systemd-tmpfiles-setup.service loaded active exited    Create Volat
systemd-udev-trigger.service loaded active exited    udev Coldplug
systemd-udevd.service     loaded active running   udev Kernel Devic
systemd-update-utmp.service loaded active exited    Update UTMP abo
systemd-user-sessions.service loaded active exited    Permit User S
ufw.service               loaded active exited    Uncomplicated fir
unattended-upgrades.service loaded active running   Unattended Upgr
upower.service            loaded active running   Daemon for power
user@1000.service         loaded active running   User Manager for
user@112.service          loaded active running   User Manager for
whoopsie.service          loaded active running   crash report subm
-.slice                   loaded active active    Root Slice
system-getty.slice        loaded active active    system-getty.slic
system-serial\x2dgetty.slice loaded active active    system-serial\
system.slice              loaded active active    System Slice
user-1000.slice           loaded active active    User Slice of ubu
user-112.slice            loaded active active    User Slice of lig
user.slice                loaded active active    User and Session
acpid.socket              loaded active running   ACPID Listen Sock
avahi-daemon.socket       loaded active running   Avahi mDNS/DNS-SD
cups.socket               loaded active running   CUPS Scheduler
dbus.socket               loaded active running   D-Bus System Mess
dm-event.socket           loaded active listening Device-mapper eve
lvm2-lvmetad.socket       loaded active running   LVM2 metadata dae
lvm2-lvmpolld.socket      loaded active listening LVM2 poll daemon
lxd.socket                loaded active listening LXD - unix socket
snapd.socket              loaded active running   Socket activation
syslog.socket             loaded active running   Syslog Socket
systemd-initctl.socket    loaded active listening /dev/initctl Comp
systemd-journald-audit.socket loaded active running   Journal Audit
systemd-journald-dev-log.socket loaded active running   Journal Soc
systemd-journald.socket   loaded active running   Journal Socket
systemd-rfkill.socket     loaded active listening Load/Save RF Kill
systemd-udevd-control.socket loaded active running   udev Control S
systemd-udevd-kernel.socket loaded active running   udev Kernel Soc
uuidd.socket              loaded active listening UUID daemon activ
basic.target              loaded active active    Basic System
cloud-config.target       loaded active active    Cloud-config avai
cloud-init.target         loaded active active    Cloud-init target
cryptsetup.target         loaded active active    Encrypted Volumes
getty.target              loaded active active    Login Prompts
graphical.target          loaded active active    Graphical Interfa
local-fs-pre.target       loaded active active    Local File System
local-fs.target           loaded active active    Local File System
multi-user.target         loaded active active    Multi-User System
network-online.target     loaded active active    Network is Online
network-pre.target        loaded active active    Network (Pre)
network.target            loaded active active    Network
nss-user-lookup.target    loaded active active    User and Group Na
paths.target              loaded active active    Paths
remote-fs-pre.target      loaded active active    Remote File Syste
remote-fs.target          loaded active active    Remote File Syste
slices.target             loaded active active    Slices
sockets.target            loaded active active    Sockets
swap.target               loaded active active    Swap
sysinit.target            loaded active active    System Initializa
time-sync.target          loaded active active    System Time Synch
timers.target             loaded active active    Timers
apt-daily-upgrade.timer   loaded active waiting   Daily apt upgrade
apt-daily.timer           loaded active waiting   Daily apt downloa
motd-news.timer           loaded active waiting   Message of the Da
systemd-tmpfiles-clean.timer loaded active waiting   Daily Cleanup

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization
SUB    = The low-level unit activation state, values depend on unit

171 loaded units listed. Pass --all to see loaded but inactive unit
To show all installed unit files use 'systemctl list-unit-files'.
lines 151-179/179 (END)


closed the unused one

$ systemctl status bluetooth
// check the status
 bluetooth.service - Bluetooth service
   Loaded: loaded (/lib/systemd/system/bluetooth.service; enabled;
   Active: inactive (dead)
     Docs: man:bluetoothd(8)
lines 1-4/4 (END)


1. disable the Services

$ sudo systemctl disable bluetooth
// disable it
Synchronizing state of bluetooth.service with SysV init with /lib/systemd/systemd-sysv-install...
Executing /lib/systemd/systemd-sysv-install disable bluetooth
insserv: warning: current start runlevel(s) (empty) of script bluetooth' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `bluetooth' overrides LSB defaults (0 1 6).
Removed symlink /etc/systemd/system/dbus-org.bluez.service.

2. kill the process

$ pkill bluetooth

finding permissions that may be turned on

look for process that has sticky bits.

1
2
3
4
5
6
7
8
9
10
11
$ find / \( -perm -4000 -o -perm -2000 \) -print

find: /lost+found: Permission denied
find: /tmp/systemd-private-d2284312db7f4d19b0287b694da78df4-systemd-timesyncd.service-sVRltu: Permission denied
find: /tmp/systemd-private-d2284312db7f4d19b0287b694da78df4-rtkit-daemon.service-YEuKGs: Permission denied
find: /tmp/systemd-private-d2284312db7f4d19b0287b694da78df4-colord.service-mYdDks: Permission denied
/snap/core/8935/bin/mount
/snap/core/8935/bin/ping
/snap/core/8935/bin/ping6
/snap/core/8935/bin/su

.

This post is licensed under CC BY 4.0 by the author.

Comments powered by Disqus.