The automounter. You want this only if you have remote-mounted filesystems that
you want automatically mounted when you refer to them and unmounted when they're
not being used. Most people won't have remote filesystems at all, so you probably
don't want this running.
apmd
The APM monitoring daemon. Desktop systems don't want this or APM support,
since their BIOSes aren't really designed to do it right. It only applies to laptops.
atd
This supports the at command. You almost certainly want this running.
autofs
Again, support for automatically-mounted remote filesystems. Again, you probably
don't do that and don't want this running.
bootparamd
The server for the BOOTP protocol. Unless you are a true geek with diskless workstations
at home that need BOOTP support, you do not want this running ( and if you do need it
you probably want dhcpd instead ). It can make an obnoxious security hole if
it's running without being needed.
crond
Provides the cron capability for scheduled commands. You almost certainly
want this running.
dhcpd
Provides DHCP and BOOTP support for diskless workstations. Since most people won't
have these beasts at home, you want this to not be running.
gated
One of the routing daemons. XMission and Pete need to worry about these. You simply
don't have enough network interfaces to need a routing daemon running. Leave it
turned off.
gpm
This is a cute little server that Gnu came up with. It does two things. The first
is to allow multiple processes to access the mouse device, in much the same way as
virtual consoles allow several text login sessions to access a single console screen
and keyboard. The second is to provide limited mouse support for text-mode login
sessions. If you mostly use X-windows, you probably don't need this. If you decide
you want to try it, I'd read the man pages first.
httpd
The Apache web server. Unless you want to go to the trouble of learning how to manage
Apache, I'd leave this turned off. Apache is nice and a good thing to learn on general
principles, but by default it gives a lot of access to anything that connects and it
can be a fair amount of work to secure it properly, more work than a home user probably
wants to put in.
inet
The inetd super-server that handles a lot of transient network servers. You
definitely want this running, but remember to lock it down as I've described elsewhere.
innd
The Internet Network News server. This is the same software XMission itself runs to handle
news. Unless you want to take a great deal of time to learn how to manage a news server
yourself, and pay for the kind of account that will give you access to a newsfeed, you
probably want to leave this turned off.
kerneld
The kernel module-autoloading support daemon. You want this running.
keytable
National language support for the console. You want this started.
lpd
This is the print spooler. If you have a printer at all, you want this running to let
you print files. It also provides LPR protocol support so other machines can access
your printers via Unix printing protocols, but it's not a major security issue. It
only allows outside access to hosts listed in /etc/hosts.equiv or /etc/hosts.lpd,
and normally those are either empty or only list your machines.
mars-nwe
The Netware server. Unless you're prepared to learn how to run the MARS Netware server
package and in fact have a Netware network in place, leave this turned off.
mcserv
The Midnight Commander file-manager server allows remote machines to use MC to
manipulate files on the server as easily as they could local files. It uses PAM
to authenticate people so it's normally not a major security hole, but you probably
won't miss it if you leave it turned off.
named
The BIND DNS server. The primary reason to run it is to provide a local caching
name server for your network that is accessible even when you're not dialed in to
XMission. If you have hosts files for all your machines you don't need BIND
running, but properly set up it can be a nice thing to have.
network
You probably want this running, as it takes care of various low-level network things
for you like the local loopback network interface.
nscd
The Name Switch Cache daemon. Normally used only if you have NIS running.
nfs
The Sun Network File System server. This implies a lot of other things, few of them
good. NFS has been nicknamed Nightmare File System and No Files Served, and I'm afraid
it's earned those nicknames. Unless you have a good reason to need to make your disks
available to other machines via NFS, I would leave this turned off.
nfsfs
Automatically mounts remote NFS filesystems. Again, unless you have an NFS network
in place already, I'd leave this turned off and forego dealing with NFS headaches.
pcmcia
PCMCIA card support. Unless you have a laptop, you probably don't need this.
pnserver
The RealAudio and RealVideo server RedHat provides. You probably don't need this to
start with.
portmap
The RPC portmapper. This is used by RPC applications to find out what port a particular
Remote Procedure Call service is running on. Unless you're running the NFS or YP servers
or one of the handful of other servers that work via RPC ( usually their filenames are
prefixed by "rpc." ), you don't need this running. Even though RedHat has done
a good job of securing it, I prefer to leave it stopped if I don't need it.
postgresql
The Postgres database server. By default it only accepts connections from the local machine,
so it's not a security problem.
random
Initializes the random number generator. No security implications, and this is needed
for system operation. Leave it on.
routed
Another routing daemon. Again, you don't have enough network interfaces to need this so
leave it off.
rusersd
Supports the rusers command. This works via RPC, so it needs the portmap
service running. Normally you don't need or want this.
rwalld
Supports the rwall command that lets anyone on your network write messages to all
terminals. Again, requires RPC and the portmapper. Again, you probably don't want this
running.
rwhod
Supports the rwho and ruptime commands to list logged-in users and uptimes
on all machines on a network. RPC/portmapper required. You probably don't need this and
should leave it off.
sendmail
The mail server. RedHat defaults to not allowing outside relaying, so it's fairly safe
to have this running. You'll need to keep up with security patches, but the version
RedHat ships is fairly tightly-patched.
smb
Samba. You don't need this to mount XMission's disks via SMB, it's only to make your
disks available via SMB ( Windows networking ) to other machines. If you have other
Windows machines on a home network this can be nice, otherwise leave it off. If you
want it on, be prepared to read the documentation and put input filters in place to
keep anyone from the outside from getting at the netbios-related ports because
SMB is not very secure unless you're rather careful.
snmpd
The Simple Network Management Protocol server. This allows other machines to use SNMP to
query your machine for various configuration and, if they have the right access, actually
remotely change your machine's configuration. RedHat by default gives out read-only access,
but SNMP can be a security headache and a home user typically has little use for it. I'd
leave it turned off unless you know why you have to have it.
sound
Saves mixer settings across reboots, and reloads the settings when the
system starts. You probably want this if you have a sound card, since
without it any changes you make in volume settings go away every time
you reboot the machine.
squid
Squid is an HTTP caching server. Unless you are prepared to learn it and manage it
effectively, I'd leave it turned off.
sshd
The Secure Shell server. The nice thing about having this running is that it gives
you Telnet-type access back to your machine from outside but keeps all traffic encrypted
including passwords. It's not a standard part of RedHat ( thank you US government for
your incredibly stupid crypto regulations ) but if you have a permanent connection and
need to get back in from outside it's well worth the trouble to obtain and set up. It
normally honors hosts.allow rules, so you can secure it fairly easily. Just
be sure to turn off RSH-fallback so it doesn't try going to unauthenticated access.
syslog
The system logger. Needed. Leave it on.
xfs
The X Font Server. Having this running is a good idea if you are using X11.
The X server can do fonts internally, but the font server has better rendering
for Postscript and TrueType fonts.
xntpd
The NTP server daemon. If you have a permanent connection and want to keep your Linux
box synchronized to XMission and the NTP timekeeping network, you can configure this
and turn it on. The only reason for someone with a non-permanent connection to run this
would be to drift-stabilize your clock. It can be useful, but until you've learned how
to configure it you'd be better off leaving this turned off and just using the ntpdate
command at regular intervals to re-synchronize your clock to xmission.xmission.com.
ypbind, yppasswdd, ypserv
The Sun NIS servers, formerly known as Yellow Pages. Most home users have never had to
deal with NIS, so you can safely leave them off if you aren't running NFS or something.
If you do need to run them, please get advice from a competent and paranoid
Sun admin first. These things don't have security holes, they are
security holes. In short, leave these things off unless you have no other choice.
