4.5.2. Identifying and Configuring Services
To enhance security, most network services installed with Red Hat Enterprise Linux are turned off by default. There are, however, some notable exceptions:
cupsd— The default print server for Red Hat Enterprise Linux.lpd— An alternate print server.xinetd— A super server that controls connections to a host of subordinate servers, such asvsftpdandtelnet.sendmail— The Sendmail mail transport agent is enabled by default, but only listens for connections from the localhost.sshd— The OpenSSH server, which is a secure replacement for Telnet.
When determining whether to leave these services running, it is best to use common sense and err on the side of caution. For example, if a printer is not available, do not leave
cupsd running. The same is true for portmap. If you do not mount NFSv3 volumes or use NIS (the ypbind service), then portmap should be disabled.
Red Hat Enterprise Linux ships with three programs designed to switch services on or off. They are the Services Configuration Tool (
system-config-services), ntsysv, and chkconfig. For information on using these tools, refer to the chapter titled Controlling Access to Services in the System Administrators Guide.
Figure 4.3. Services Configuration Tool
If unsure of the purpose for a particular service, the Services Configuration Tool has a description field, illustrated in Figure 4.3, “Services Configuration Tool”, that may be of some use.
But checking which network services are available to start at boot time is not enough. Good system administrators should also check which ports are open and listening. Refer to Section 5.8, “Verifying Which Ports Are Listening” for more on this subject.
