Disabling or removing unused programs and services from your host is the most effective way to limit threats originating from a remote host. Use your distributions package management tools to scan the list of installed packages, then remove those that are unnecessary.

• Many of the services running from inetd are legacy programs, which are hardly ever required, yet typically enabled by default. The file /etc/inetd.conf is used to specify which services are offered. Disable all services that you do not want to provide by commenting them out using the # character in the first column of the line.

• The /etc/rc*.d or /etc/rc.d/rc* directories contains shell scripts that control the execution of network and system services during runlevels. Rename or otherwise disable any that are not required or remove the package entirely. Red Hat users can use /sbin/chkconfig –list to list which services run in which runlevel, and /sbin/chkconfig –del <name> to disable a service.

If you don’t understand what a particular service does, disable it until you find out. Use netstat and ps to confirm they have not been started after a reboot. Use /bin/netstat -a -p –inet to determine which are available and the process ID associated with them. A port scanner should also be used to get a view of what remote hosts see.