The following is a short tutorial that explains how to determine
    which network services are active, and how to shutdown/disable
    unneccessary services. It is intended mainly for unexperienced 
    Linux users,
    although not all of the information given here is Linux-specific.

Internet services on Linux

    
    The following is a short tutorial that explains how to determine
    which network services are active, and how to shutdown/disable
    unneccessary services. It is intended mainly for unexperienced 
    Linux users,
    although not all of the information given here is Linux-specific.
    

    Which services are active ?

    
    Internet services are provided by processes that listen on 
    one or more port(s) for incoming requests (e.g. the request to deliver
    email to your computer).
    You can determine the active internet services with  
    netstat -an. Below is some sample output (truncated to the
    relevant part). It shows a list of port numbers (22, 25, 80, ...)
    on which some process is listening.
    



Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:113             0.0.0.0:*               LISTEN
tcp        0      0 :::9                    :::*                    LISTEN
tcp        0      0 :::7                    :::*                    LISTEN
tcp        0      0 :::19                   :::*                    LISTEN
tcp        0      0 :::13                   :::*                    LISTEN
tcp        0      0 :::37                   :::*                    LISTEN
tcp        0      0 :::21                   :::*                    LISTEN


    
    With netstat -a, you will see the name of the protocol
    instead of the port number. E.g., 22 will become ssh, 25 = smtp (email),
    80 = www-http, etc. The protocols corresponding to numerical portnumbers
    are listed in /etc/services.
    
    The problem is, if you want to disable a service, you need know which
    program provides this service. 
    With 
    netstat you need to specify the command line option -p

    to get the name of the command / executable
    listening on some port.
    
    Alternatively, you can use another tool - lsof - that will
    tell you which program listens on which port.
    Below, you can see some sample output from lsof -i (this time
    with protocol names instead of port numbers):
    


COMMAND    PID   USER   FD   TYPE DEVICE SIZE NODE NAME
httpd      314   root   16u  IPv4    209       TCP *:https (LISTEN)
httpd      314   root   17u  IPv4    210       TCP *:http (LISTEN)
httpd      315   root   16u  IPv4    209       TCP *:https (LISTEN)
httpd      315   root   17u  IPv4    210       TCP *:http (LISTEN)
sshd       371   root    3u  IPv4    255       TCP *:ssh (LISTEN)
xinetd     376   root    3u  IPv6    264       TCP *:ftp (LISTEN)
xinetd     376   root    5u  IPv6    265       UDP *:time
xinetd     376   root    6u  IPv6    266       TCP *:time (LISTEN)
xinetd     376   root    7u  IPv6    267       UDP *:daytime
xinetd     376   root    8u  IPv6    268       TCP *:daytime (LISTEN)
xinetd     376   root    9u  IPv6    269       UDP *:chargen
xinetd     376   root   10u  IPv6    270       TCP *:chargen (LISTEN)
xinetd     376   root   11u  IPv6    271       TCP *:echo (LISTEN)
xinetd     376   root   12u  IPv6    272       UDP *:echo
xinetd     376   root   13u  IPv6    273       TCP *:discard (LISTEN)
xinetd     376   root   14u  IPv6    274       UDP *:discard
in.identd  394   root    4u  IPv4    286       TCP *:ident (LISTEN)
in.identd  396   root    4u  IPv4    286       TCP *:ident (LISTEN)
in.identd  397   root    4u  IPv4    286       TCP *:ident (LISTEN)
in.identd  398   root    4u  IPv4    286       TCP *:ident (LISTEN)
sendmail   501   root    4u  IPv4    377       TCP *:smtp (LISTEN)
httpd      724   root   16u  IPv4    209       TCP *:https (LISTEN)
httpd      724   root   17u  IPv4    210       TCP *:http (LISTEN)


    
    You can see that (e.g.) the smtp (email) service is provided by the command
    sendmail.
    Also, obviously there is one command xinetd that provides
    multiple services (time, daytime, chargen, echo, discard). xinetd
    (and inetd, whic is a similar program) is a "super-daemon" that
    waits for requests on specified ports and then starts up the appropriate
    program to handle that request. 
     

    switching off services

    
    With the information you have gathered so far, you can now
    shutdown and disable services that you don't need.
    First, let's discuss services run from the inetd 
    or xinetd deamon.  
    To switch these off, simply comment them out in the 
    inetd / xinetd (whichever you use) 
    configuration file.
    

    inetd is configured by the file /etc/inetd.conf. To switch
    off services run from inetd, simply comment them out in the 
    configuration file:
    
    Before:
    


discard       stream  tcp     nowait  root    internal
discard       dgram   udp     wait    root    internal
daytime       stream  tcp     nowait  root    internal
daytime       dgram   udp     wait    root    internal
chargen       stream  tcp     nowait  root    internal
chargen       dgram   udp     wait    root    internal
time    stream  tcp     nowait  root    internal
time    dgram   udp     wait    root    internal

    
    After:
    


#  discard       stream  tcp     nowait  root    internal
#  discard       dgram   udp     wait    root    internal
#  daytime       stream  tcp     nowait  root    internal
#  daytime       dgram   udp     wait    root    internal
#  chargen       stream  tcp     nowait  root    internal
#  chargen       dgram   udp     wait    root    internal
#  time    stream  tcp     nowait  root    internal
#  time    dgram   udp     wait    root    internal



    
    You must send the SIGHUP signal to inetd for the changes to take effect.
    Use ps -aux | grep inetd to find the PID (process identification
    number):
    
 

# ps aux | grep inetd
root       376  0.0  0.6  1796  852 ?        S    00:43   0:00 /usr/sbin/inetd
root      3131  0.0  0.4  1272  520 pts/0    S    10:33   0:00 grep inetd
# kill -HUP 376


    
    xinetd is configured by the file /etc/xinetd.conf. You can
    mark services as disabled in this file and send SIGUSR1 to the 
    xinetd process to make the changes take effect:
    
    Before: 
   


defaults
{
        ....

}

    
    After: 
    

defaults
{
        ....

        disabled        = ftp
        disabled        = discard
        disabled        = chargen
        disabled        = daytime
        disabled        = time
        disabled        = echo
}




    standalone services

    

    Services not run from inetd / xinetd are usually 
    started at system boot.
    To switch them off, you have to look into the group of directories
    named /etc/rc1.d, /etc/rc2.d, ... or /etc/rc.d/rc1.d, 
    /etc/rc.d/rc2.d/, ... (details vary from vendor to vendor).
    
    The numbers in the directory names correspond to runlevels, and
    scripts (or links to scripts) in such a directory identify the
    services that are active in the respective runlevel. (A runlevel

    is basically a software configuration of the system. E.g. there is
    a single-user runlevel, a runlevel with network, multi-user, and X, etc.)
    On Linux, the present runlevel can be determined from the runlevel
    command (order: previous(N=none), current), so this is runlevel 3:
    


# runlevel
N 3


    
    There is usually a main directory (/etc/init.d or 
    /etc/rc.d) 
    that holds startup scripts
    for each service. Each script is named after the respective command
    (e.g. for starting sendmail there is a script that also is named
    sendmail).
    In the individual runlevel directories there are  
    links to that script which are named (e.g.) Sxxsendmail, 
    Kxxsendmail.
    


# ls -l /etc/rc3.d/*sendmail
lrwxrwxrwx  1 root  root   11 Jul 30 19:18 /etc/rc3.d/K20sendmail -> ../init.d/sendmail
lrwxrwxrwx  1 root  root   11 Jul 30 19:18 /etc/rc3.d/S20sendmail -> ../init.d/sendmail


    
    The links starting with "S" are for starting
    the service, and those with "K" are for stopping the service.
    The "xx" is a number indicating the order in which the startup/stop
    scripts are executed.
         
    To prevent a service from becoming active at system boot, simply
    remove the corresponding link for the runlevel into which your
    system boots by default (should you ever want to run the service again, 
    just recreate the links). E.g. the following commands disable
    sendmail in runlevel 3:
    


# rm /etc/rc3.d/S20sendmail
# rm /etc/rc3.d/K20sendmail


         
    To stop the service immediately, execute the startup/stop script manually,
    using stop as argument:
    


# /etc/init.d/sendmail stop