[SOLVED]How to Permantely Disable Services such as SSHD and rpcbind from Boot-Up

Started by 0x31, August 31, 2015, 07:27:32 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

0x31

August 31, 2015, 07:27:32 PM Last Edit: November 19, 2015, 12:36:08 PM by ZEROF
Hello,

I want my BackBox to boot up and show nothing as output to a
Code Select
sudo netstat -peanut

I have managed to disable most of these unwanted services with the following command:
Code Select
sudo rm /etc/rc*/*tor; rm /etc/rc*/*polipo; sudo rm /etc/rc*/*postgresql; sudo rm /etc/rc*/*speech-dispatcher; sudo rm /etc/rc*/*vmware; sudo rm /etc/rc*/*vmamqpd; sudo rm /etc/rc*/*vmware-workstation-server; sudo rm /etc/rc*/*openvpn

However, when running the typical
Code Select
sudo update-rc.d -f rpcbind remove

and rebooting, I still get the some "sticky" services being enabled automatically.
Code Select
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode       PID/Program name
tcp        0      0 127.0.0.1:50163         0.0.0.0:*               LISTEN      1000       12226       2535/cli        
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          14235       2431/sshd      
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      0          14685       1065/cupsd      
tcp        0      0 0.0.0.0:57504           0.0.0.0:*               LISTEN      122        1485        952/rpc.statd  
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      0          11853       888/rpcbind          
tcp6       0      0 :::22                   :::*                    LISTEN      0          14237       2431/sshd      
tcp6       0      0 ::1:631                 :::*                    LISTEN      0          14684       1065/cupsd      
tcp6       0      0 :::55723                :::*                    LISTEN      122        10832       952/rpc.statd  
tcp6       0      0 :::111                  :::*                    LISTEN      0          11856       888/rpcbind    
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           111        13687       1059/avahi-daemon:
udp        0      0 0.0.0.0:39543           0.0.0.0:*                           122        16044       952/rpc.statd  
udp        0      0 0.0.0.0:40476           0.0.0.0:*                           111        13689       1059/avahi-daemon:
udp        0      0 0.0.0.0:68              0.0.0.0:*                           0          14731       1476/dhclient  
udp        0      0 0.0.0.0:111             0.0.0.0:*                           0          11849       888/rpcbind    
udp        0      0 0.0.0.0:631             0.0.0.0:*                           0          1589        1344/cups-browsed
udp        0      0 127.0.0.1:704           0.0.0.0:*                           0          11876       952/rpc.statd  
udp        0      0 0.0.0.0:25297           0.0.0.0:*                           0          14717       1476/dhclient  
udp        0      0 0.0.0.0:973             0.0.0.0:*                           0          11852       888/rpcbind    
udp6       0      0 :::60324                :::*                                122        1487        952/rpc.statd  
udp6       0      0 :::5353                 :::*                                111        13688       1059/avahi-daemon:
udp6       0      0 :::111                  :::*                                0          11854       888/rpcbind    
udp6       0      0 :::49828                :::*                                0          14718       1476/dhclient  
udp6       0      0 :::973                  :::*                                0          11855       888/rpcbind    
udp6       0      0 :::50606                :::*                                111        13690       1059/avahi-daemon:

If anyone could be kind enough to suggest a better approach to have no services listening on my NIC, I will be very grateful.

0x31

ZEROF

#1
September 01, 2015, 07:49:14 PM
Hi,

What is point of doing that?

1. You will not have internet connection
2. You can ssh to your machine

Etc...

Removing polipo and other services is not solution because you will broke your system configuration. Disable all services if you want, but truly i don't see point of that.

Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*

0x31

#2
September 03, 2015, 11:07:21 AM
Because I believe that systems, specially security ones, should have all ports closed unless required; as far as I know host-based firewall (or iptables, whatever) are not enabled by default. Plus, I like to have control over my machine.

I have not used Kali in a while now, but the reason why I used to like it is because it started with no open ports. For my servers, FreeBSD is another great example of minimalism and tidiness. I really like BackBox, but the only thing I hate about it is that I am not able to elegantly close this listening services at boot time.

ostendali

#3
September 03, 2015, 05:43:51 PM
As per zerof's statement I see no point in that.

I can understand closing rpc* ports which you may or may not need nfs services but for ssh I don't really see the point.

Every security expert will need the ssh for multiple reasons. Who is going to do what to your pentest box especially when you set it up properly?

Doesn't make any sense to me but everyone is free to do what they want, and this is the advantage of free software:-)
Print
Go Up Pages1
User actions