Linux - Services
Services
things to close: (decrease attack surface)
- bluetooth
- linux GUI, X server yum groupremove - X windows systme
- IPv6 is not used.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
check the Services
$ systemctl
// what services are currently loaded and running in the kernel processes.
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active waiting Arbitrary
sys-devices-platform-serial8250-tty-ttyS1.device loaded active plug
sys-devices-platform-serial8250-tty-ttyS2.device loaded active plug
sys-devices-platform-serial8250-tty-ttyS3.device loaded active plug
sys-devices-pnp0-00:06-tty-ttyS0.device loaded active plugged /sy
sys-devices-vbd\x2d768-block-xvda-xvda1.device loaded active plugge
sys-devices-vbd\x2d768-block-xvda.device loaded active plugged /s
sys-devices-vif\x2d0-net-eth0.device loaded active plugged /sys/d
sys-devices-virtual-block-loop0.device loaded active plugged /sys
sys-devices-virtual-block-loop1.device loaded active plugged /sys
sys-devices-virtual-block-loop2.device loaded active plugged /sys
sys-devices-virtual-block-loop3.device loaded active plugged /sys
sys-devices-virtual-block-ram0.device loaded active plugged /sys/
sys-devices-virtual-block-ram1.device loaded active plugged /sys/
sys-devices-virtual-block-ram10.device loaded active plugged /sys
sys-devices-virtual-block-ram11.device loaded active plugged /sys
sys-devices-virtual-block-ram12.device loaded active plugged /sys
sys-devices-virtual-block-ram13.device loaded active plugged /sys
sys-devices-virtual-block-ram14.device loaded active plugged /sys
sys-devices-virtual-block-ram15.device loaded active plugged /sys
sys-devices-virtual-block-ram2.device loaded active plugged /sys/
sys-devices-virtual-block-ram3.device loaded active plugged /sys/
sys-devices-virtual-block-ram4.device loaded active plugged /sys/
sys-devices-virtual-block-ram5.device loaded active plugged /sys/
sys-devices-virtual-block-ram6.device loaded active plugged /sys/
sys-devices-virtual-block-ram7.device loaded active plugged /sys/
sys-devices-virtual-block-ram8.device loaded active plugged /sys/
sys-devices-virtual-block-ram9.device loaded active plugged /sys/
sys-devices-virtual-misc-rfkill.device loaded active plugged /sys
sys-devices-virtual-tty-ttyprintk.device loaded active plugged /s
sys-module-fuse.device loaded active plugged /sys/module/fuse
sys-subsystem-net-devices-eth0.device loaded active plugged /sys/
-.mount loaded active mounted /
dev-hugepages.mount loaded active mounted Huge Pages File S
dev-mqueue.mount loaded active mounted POSIX Message Que
run-user-1000.mount loaded active mounted /run/user/1000
run-user-112-gvfs.mount loaded active mounted /run/user/112/gvf
run-user-112.mount loaded active mounted /run/user/112
snap-amazon\x2dssm\x2dagent-1480.mount loaded active mounted Moun
snap-amazon\x2dssm\x2dagent-1566.mount loaded active mounted Moun
snap-core-8268.mount loaded active mounted Mount unit for co
snap-core-8935.mount loaded active mounted Mount unit for co
sys-fs-fuse-connections.mount loaded active mounted FUSE Control
sys-kernel-debug.mount loaded active mounted Debug File System
var-lib-lxcfs.mount loaded active mounted /var/lib/lxcfs
acpid.path loaded active running ACPI Events Check
cups.path loaded active running CUPS Scheduler
systemd-ask-password-console.path loaded active waiting Dispatch
systemd-ask-password-wall.path loaded active waiting Forward Pass
systemd-networkd-resolvconf-update.path loaded active waiting Tri
init.scope loaded active running System and Servic
session-28.scope loaded active running Session 28 of use
session-c1.scope loaded active running Session c1 of use
accounts-daemon.service loaded active running Accounts Service
acpid.service loaded active running ACPI event daemon
apparmor.service loaded active exited LSB: AppArmor ini
apport.service loaded active exited LSB: automatic cr
atd.service loaded active running Deferred executio
avahi-daemon.service loaded active running Avahi mDNS/DNS-SD
cloud-config.service loaded active exited Apply the setting
cloud-final.service loaded active exited Execute cloud use
cloud-init-local.service loaded active exited Initial cloud-ini
cloud-init.service loaded active exited Initial cloud-ini
colord.service loaded active running Manage, Install a
console-setup.service loaded active exited Set console font
cron.service loaded active running Regular backgroun
cups-browsed.service loaded active running Make remote CUPS
cups.service loaded active running CUPS Scheduler
dbus.service loaded active running D-Bus System Mess
firewalld.service loaded active running firewalld - dynam
getty@tty1.service loaded active running Getty on tty1
grub-common.service loaded active exited LSB: Record succe
ifup@eth0.service loaded active exited ifup for eth0
irqbalance.service loaded active exited LSB: daemon to ba
iscsid.service loaded active running iSCSI initiator d
keyboard-setup.service loaded active exited Set console keyma
kmod-static-nodes.service loaded active exited Create list of re
lightdm.service loaded active running Light Display Man
lvm2-lvmetad.service loaded active running LVM2 metadata dae
lvm2-monitor.service loaded active exited Monitoring of LVM
lxcfs.service loaded active running FUSE filesystem f
lxd-containers.service loaded active exited LXD - container s
mdadm.service loaded active running LSB: MD monitorin
networking.service loaded active exited Raise network int
NetworkManager-wait-online.service loaded active exited Network
NetworkManager.service loaded active running Network Manager
ondemand.service loaded active exited LSB: Set the CPU
open-iscsi.service loaded active exited Login to default
polkitd.service loaded active running Authenticate and
rc-local.service loaded active exited /etc/rc.local Com
resolvconf.service loaded active exited Nameserver inform
rsyslog.service loaded active running System Logging Se
rtkit-daemon.service loaded active running RealtimeKit Sched
serial-getty@ttyS0.service loaded active running Serial Getty on
setvtrgb.service loaded active exited Set console schem
snap.amazon-ssm-agent.amazon-ssm-agent.service loaded active runnin
snapd.seeded.service loaded active exited Wait until snapd
snapd.service loaded active running Snappy daemon
speech-dispatcher.service loaded active exited LSB: Speech Dispa
ssh.service loaded active running OpenBSD Secure Sh
systemd-journal-flush.service loaded active exited Flush Journal
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running Login Service
systemd-modules-load.service loaded active exited Load Kernel Mo
systemd-random-seed.service loaded active exited Load/Save Rando
systemd-remount-fs.service loaded active exited Remount Root and
systemd-sysctl.service loaded active exited Apply Kernel Vari
systemd-timesyncd.service loaded active running Network Time Sync
systemd-tmpfiles-setup-dev.service loaded active exited Create S
systemd-tmpfiles-setup.service loaded active exited Create Volat
systemd-udev-trigger.service loaded active exited udev Coldplug
systemd-udevd.service loaded active running udev Kernel Devic
systemd-update-utmp.service loaded active exited Update UTMP abo
systemd-user-sessions.service loaded active exited Permit User S
ufw.service loaded active exited Uncomplicated fir
unattended-upgrades.service loaded active running Unattended Upgr
upower.service loaded active running Daemon for power
user@1000.service loaded active running User Manager for
user@112.service loaded active running User Manager for
whoopsie.service loaded active running crash report subm
-.slice loaded active active Root Slice
system-getty.slice loaded active active system-getty.slic
system-serial\x2dgetty.slice loaded active active system-serial\
system.slice loaded active active System Slice
user-1000.slice loaded active active User Slice of ubu
user-112.slice loaded active active User Slice of lig
user.slice loaded active active User and Session
acpid.socket loaded active running ACPID Listen Sock
avahi-daemon.socket loaded active running Avahi mDNS/DNS-SD
cups.socket loaded active running CUPS Scheduler
dbus.socket loaded active running D-Bus System Mess
dm-event.socket loaded active listening Device-mapper eve
lvm2-lvmetad.socket loaded active running LVM2 metadata dae
lvm2-lvmpolld.socket loaded active listening LVM2 poll daemon
lxd.socket loaded active listening LXD - unix socket
snapd.socket loaded active running Socket activation
syslog.socket loaded active running Syslog Socket
systemd-initctl.socket loaded active listening /dev/initctl Comp
systemd-journald-audit.socket loaded active running Journal Audit
systemd-journald-dev-log.socket loaded active running Journal Soc
systemd-journald.socket loaded active running Journal Socket
systemd-rfkill.socket loaded active listening Load/Save RF Kill
systemd-udevd-control.socket loaded active running udev Control S
systemd-udevd-kernel.socket loaded active running udev Kernel Soc
uuidd.socket loaded active listening UUID daemon activ
basic.target loaded active active Basic System
cloud-config.target loaded active active Cloud-config avai
cloud-init.target loaded active active Cloud-init target
cryptsetup.target loaded active active Encrypted Volumes
getty.target loaded active active Login Prompts
graphical.target loaded active active Graphical Interfa
local-fs-pre.target loaded active active Local File System
local-fs.target loaded active active Local File System
multi-user.target loaded active active Multi-User System
network-online.target loaded active active Network is Online
network-pre.target loaded active active Network (Pre)
network.target loaded active active Network
nss-user-lookup.target loaded active active User and Group Na
paths.target loaded active active Paths
remote-fs-pre.target loaded active active Remote File Syste
remote-fs.target loaded active active Remote File Syste
slices.target loaded active active Slices
sockets.target loaded active active Sockets
swap.target loaded active active Swap
sysinit.target loaded active active System Initializa
time-sync.target loaded active active System Time Synch
timers.target loaded active active Timers
apt-daily-upgrade.timer loaded active waiting Daily apt upgrade
apt-daily.timer loaded active waiting Daily apt downloa
motd-news.timer loaded active waiting Message of the Da
systemd-tmpfiles-clean.timer loaded active waiting Daily Cleanup
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization
SUB = The low-level unit activation state, values depend on unit
171 loaded units listed. Pass --all to see loaded but inactive unit
To show all installed unit files use 'systemctl list-unit-files'.
lines 151-179/179 (END)
closed the unused one
$ systemctl status bluetooth
// check the status
● bluetooth.service - Bluetooth service
Loaded: loaded (/lib/systemd/system/bluetooth.service; enabled;
Active: inactive (dead)
Docs: man:bluetoothd(8)
lines 1-4/4 (END)
1. disable the Services
$ sudo systemctl disable bluetooth
// disable it
Synchronizing state of bluetooth.service with SysV init with /lib/systemd/systemd-sysv-install...
Executing /lib/systemd/systemd-sysv-install disable bluetooth
insserv: warning: current start runlevel(s) (empty) of script bluetooth' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `bluetooth' overrides LSB defaults (0 1 6).
Removed symlink /etc/systemd/system/dbus-org.bluez.service.
2. kill the process
$ pkill bluetooth
finding permissions that may be turned on
look for process that has sticky bits.
1
2
3
4
5
6
7
8
9
10
11
$ find / \( -perm -4000 -o -perm -2000 \) -print
find: ‘/lost+found’: Permission denied
find: ‘/tmp/systemd-private-d2284312db7f4d19b0287b694da78df4-systemd-timesyncd.service-sVRltu’: Permission denied
find: ‘/tmp/systemd-private-d2284312db7f4d19b0287b694da78df4-rtkit-daemon.service-YEuKGs’: Permission denied
find: ‘/tmp/systemd-private-d2284312db7f4d19b0287b694da78df4-colord.service-mYdDks’: Permission denied
/snap/core/8935/bin/mount
/snap/core/8935/bin/ping
/snap/core/8935/bin/ping6
/snap/core/8935/bin/su
.
This post is licensed under CC BY 4.0 by the author.
Comments powered by Disqus.