How do I stop Slackware 8.0 from loading unnecessary daemons? I think this has something to do with the scripts in /etc/rc.d but I don't want to change anything without first knowing what it does.

I just want to run my machine as a workstation (client) and don't have use for NFS, gpm, lpd, inetd... What daemons should I remove if I do not need to run my machine as a server? I will always access my computer when I am sitting in front of it and not through a network.

Please help me out.

Actually, if you do a lot of stuff at the CLI, you may want GPM, and if you plan to print anything you'll need lpd. Sendmail is also useful to keep running simply because a lot of programs (such as crond, which you'll probably also want to keep running because it lets you schedule tasks) use it to email you notification. But, you are safe with disabling ftpd, telnetd, sshd, and httpd.

What exactly does crond do? I've read that sendmail is a major security risk. Basically, I want to shutdown all the daemons I don't need to improve my computer's security.

And how exactly do I go about turning off the daemons. What's the command that I have to issue at the CLI, or what do I need to change in /etc/rc.d to stop them from loading at boot.

Thanks.

Try looking through /etc/inetd.conf. That should get you started on that stuff. Most everything else can be found in the /etc/rc.d/rc.files. Slack is great ain't it?

As far as crond goes it is the daemon that runs your cronjobs; for me that would be daily tripwire runs, chkrootkit runs, snort stuff, ya know security thingys.

[ 24 January 2002: Message edited by: thor420 ]

Originally posted by sledge_hmr:
<STRONG>What exactly does crond do? I've read that sendmail is a major security risk. </STRONG>

Older versions of sendmail were notorious for security problems, any current version AFAIK should be fine. If you want a much simpler, more secure mail server you might try postfix or qmail, but I don't think it's necessary in your case. Just use an IPCHAINS or IPTABLES firewall script and keep people out of port 25, the port sendmail listens on; you'll still be able to use it for local delivery but others will be blocked. If you really need a viable mail server to connect with the outside world, you'll have to do a little research and learn which one to install and how to secure it, but it's not too difficult.

Crond is a daemon that runs tasks based on your 'crontab' files - you can edit your crontab to have the system run certain programs at certain times, like running a system backup once a month, or once a week, etc. Alot of times there are cronjobs running that the system sets up without your knowledge, so it's important to keep cron running even if you don't use it.

Basically, with a Slack system, the files you want to edit are /etc/inetd.conf, /etc/hosts.allow and hosts.deny, /etc/rc.d/rc.inet2, rc.M and rc.S. Most of the daemons and services on the system can be controlled with these scripts. Setup a simple firewall and you'll be set.

BTW, if you're worried about security, I'd recommend NOT running NFS on your system.

[ 24 January 2002: Message edited by: bdl ]

I would replace Sendmail with Postfix. Easier to configure and it should do everything you need since you don't plan on running it as a server.

To stop them, open up the rc file and put a # right in front of it. Then as root, type telinit 1 and then telinit 3 or simply reboot your computer and that'll do it.

To stop them, open up the rc file and put a # right in front of it. Then as root, type telinit 1 and then telinit 3 or simply reboot your computer and that'll do it.

I don't follow you? I have a file called /etc/rc.d/rc.nfsd which I think is the NSF daemon, right? If I want to disable this daemon, I should up the file in a text editor like vi and put a # in front of every single line?

And how do I set up IPTABLES to block a certain port? Is there a good HOW-TO?

Thanks.

Originally posted by sledge_hmr:
<STRONG>I don't follow you? I have a file called /etc/rc.d/rc.nfsd which I think is the NSF daemon, right? If I want to disable this daemon, I should up the file in a text editor like vi and put a # in front of every single line?

</STRONG>

No, you have to comment out the rc file that calls rc.nfsd, probably rc.S or rc.M (I don't have Slack installed, just going based on memory). What I would consider the 'main' startup scripts like rc.S and rc.M usually reference the other scripts and call on them to start various services; you might also take a look at rc.inet2. This way you aren't commenting out an entire file, you just comment out one to two line reference in another file.

As an afterthought, you can also change a files executable bit to keep it from running at startup. Just an example:

chmod -x rc.nfsd

I'm running a UT server on Slack 8. No services except ftp,ssh. When a cronjob completes the daemon starts sendmail, sends and stops sendmail. Leave it, just don't start it at boot.

/etc/rc.d/rc.M is the script that is called when multiuser mode is started. Here's what I did to disable httpd running at startup:

1) I opened up /etc/rc.d/rc.M
2) I found this


# Start Web server:
if [ -x /etc/rc.d/rc.httpd ]; then
. /etc/rc.d/rc.httpd start
fi


What this does is call /etc/rc.d/rc.httpd with the start argument, which runs httpd. Just look at the contents in rc.httpd and you'll see that if it is called with the start argument, then httpd is started.

3) I commented out the lines in rc.M like so:


# Start Web server:
#if [ -x /etc/rc.d/rc.httpd ]; then
# . /etc/rc.d/rc.httpd start
#fi



And there you have it. init most likely runs rc.M (rc.S is for single user mode), so any of the other scripts are just called by this file. Comment out the lines that call things you don't want.


P.S. You can add a few echo commands anywhere you like in these startup files, like so:


# Start the GPM mouse server:
if [ -x /etc/rc.d/rc.gpm ]; then
. /etc/rc.d/rc.gpm
echo 'gpm started! w00t!'
fi


At the end of rc.M, rc.local is called, which is probably empty if you haven't editted it already. It's what you are supposed to edit if you'd like to add daemons yourself (don't add them in rc.M). Here's an example of rc.local:


echo 'Welcome to Linux! For guests...'
echo 'login: guest'
echo 'password: guest'


:)

[ 25 January 2002: Message edited by: vee-eye ]

To everyone, thanks alot! I really appreciate all the help you have given me---I can now stop the daemons from running at boot up.

I suggest downloading gShield from http://muse.linuxmafia.org It supports iptables and is easy to configure and get up and going.