Enable/Disable Services
Services can be enabled or disabled with sudo systemctl enable <service> --now and sudo systemctl disable <service> --now respectively.
Note that services can still be ran after being disabled. To truly disable them, run systemctl mask <service> afterwards.
To quickly restart a service, run sudo systemctl restart <service>
Also note that many service names end with d, e.g. sshd, auditd, splunkd, httpd, etc.
Common Services
The following is a list of some common services you'll encounter (note that more in-depth instruction for hardening will be given in the hardening guide):
Web/HTTP(S)
Web services are frequently ran using the Apache2 Web Server.
A setup guide can be found here
Overview:
- Install httpd
- Check
/etc/httpd/conf/httpd.confto see theDocumentRoot(web root) andListen(port) values - Start with systemctl
- Allow port 80 on the firewall
- Logs are located in
/var/log/httpd/
A setup guide using HTTPS can be found here
Frequently, php websites use mysql as a database application. Remember to change mysql passwords.
SSH
OpenSSH is an application that can be used to easily set up SSH (secure shell) servers, along with SCP (secure copy) and SFTP (SSH FTP, not to be confused with FTPS).
SSH keys are located in the ~/.ssh/authorized_keys file, allowing users with the private key access to the server.
A guide to OpenSSH can be found here
DNS
Go ham
SMTP sends messages from a mail client, POP3 transfers mail to a device (one time use, deletes from server), and IMAP stores mail remotely (used for mail servers across multiple devices). If that's confusing, think of it this way:
- SMTP moves mail from one server to another
- POP3 lets you download the mail, removing it from the server
- IMAP lets you read the mail from the server itself
SMTP is used with either IMAP or POP3 to send and receive email.
Dovecot is frequently used as a Mail Delivery Agent (MTA), to run POP3 and IMAP.
Postfix is frequently used as a Mail Transfer Agent (MTA), to run SMTP.
Telnet
go Ham3
SMB
goham 4
RPC
Go_ham 5
FTP
go hAm 6
Ports based on service
| Service | Port |
|---|---|
| FTP | TCP: 20 for data transfer TCP: 21 for control |
| SSH | TCP: 22 |
| Telnet | TCP: 23 or 2323 |
| SMTP | TCP: 25 for plaintext TCP: 587 for encrypted |
| Web | TCP: 80 for HTTP TCP: 443 for HTTPS |
| IMAP | TCP: 143 TCP: 993 |
| POP3 | TCP: 110 TCP: 995 |
| DNS | TCP/UDP: 53 |
| SMB | TCP/UDP: 445 |
| Kerberos | TCP/UDP: 88 for authentication TCP/UDP: 464 for password change |
| RPC | TCP/UDP: 135 |
| NetBIOS | TCP/UDP: 137 and 138 |
| LDAP | TCP/UDP: 389 TCP/UDP: 636 for SSL |
| DHCP | UDP: 67 for server UDP: 68 for client |
Service files
Service files should be located in /lib/systemd/system/
The files used by the service are usually located in /etc/ but this can differ based on the service.
Despite being a bear, black bears are known to be timid.