Secure Debian Post Install configuration

In this short article i share some short but powerful firewall logging tip. Now i tell a little about some Debian post installation instructions i would commonly recommend.
Download the last stable Debian from here

When you just install the last Debian you may have something more or less like this:

root@host1:~# netstat --listen -np
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      397/rpcbind     
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      445/cupsd       
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      696/exim4       
tcp        0      0 0.0.0.0:38845           0.0.0.0:*               LISTEN      406/rpc.statd   
tcp6       0      0 :::111                  :::*                    LISTEN      397/rpcbind     
tcp6       0      0 :::48180                :::*                    LISTEN      406/rpc.statd   
tcp6       0      0 ::1:631                 :::*                    LISTEN      445/cupsd       
tcp6       0      0 ::1:25                  :::*                    LISTEN      696/exim4       
udp        0      0 0.0.0.0:996             0.0.0.0:*                           397/rpcbind     
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           427/avahi-daemon: r
udp        0      0 127.0.0.1:1006          0.0.0.0:*                           406/rpc.statd   
udp        0      0 0.0.0.0:42504           0.0.0.0:*                           427/avahi-daemon: r
udp        0      0 0.0.0.0:68              0.0.0.0:*                           356/dhclient    
udp        0      0 0.0.0.0:50762           0.0.0.0:*                           356/dhclient    
udp        0      0 0.0.0.0:111             0.0.0.0:*                           397/rpcbind     
udp        0      0 0.0.0.0:631             0.0.0.0:*                           448/cups-browsed
udp        0      0 0.0.0.0:49788           0.0.0.0:*                           406/rpc.statd   
udp6       0      0 :::996                  :::*                                397/rpcbind     
udp6       0      0 :::5353                 :::*                                427/avahi-daemon: r
udp6       0      0 :::59218                :::*                                406/rpc.statd   
udp6       0      0 :::14952                :::*                                356/dhclient    
udp6       0      0 :::111                  :::*                                397/rpcbind     
udp6       0      0 :::60837                :::*                                427/avahi-daemon: r

If you are a security conscious administrator, then you agree here is work do to. Not only to have a safer workplace, also to reduce the cpu and memory usage!

apt-get remove exim4-*
apt-get remove rpcbind
apt-get remove avahi-daemon
apt-get remove cups
apt-get remove cups-browsed
apt-get remove cups-daemon

Now you would have a cleaner list of network listening services.

Advertisements