software minimalism is key for stability, maintainability, security and performance

so regularly check, what services are running and if they can be disabled/uninstalled 🙂

ss -tulpn
Netid     State      Recv-Q     Send-Q          Local Address:Port          Peer Address:Port    Process                                                      
udp       UNCONN     0          0               192.168.122.1:53                 0.0.0.0:*        users:(("dnsmasq",pid=1128,fd=5))                           
udp       UNCONN     0          0              0.0.0.0%virbr0:67                 0.0.0.0:*        users:(("dnsmasq",pid=1128,fd=3))                           
udp       UNCONN     0          0                     0.0.0.0:111                0.0.0.0:*        users:(("rpcbind",pid=657,fd=5),("systemd",pid=1,fd=36))    
udp       UNCONN     0          0                     0.0.0.0:631                0.0.0.0:*        users:(("cups-browsed",pid=933,fd=7))                       
udp       UNCONN     0          0                     0.0.0.0:5353               0.0.0.0:*        users:(("avahi-daemon",pid=747,fd=12))                      
udp       UNCONN     0          0                     0.0.0.0:50748              0.0.0.0:*        users:(("avahi-daemon",pid=747,fd=13))                      
tcp       LISTEN     0          4096                  0.0.0.0:111                0.0.0.0:*        users:(("rpcbind",pid=657,fd=4),("systemd",pid=1,fd=35))    
tcp       LISTEN     0          32              192.168.122.1:53                 0.0.0.0:*        users:(("dnsmasq",pid=1128,fd=6))                           
tcp       LISTEN     0          128                   0.0.0.0:22                 0.0.0.0:*        users:(("sshd",pid=8185,fd=3))                              
tcp       LISTEN     0          128                 127.0.0.1:631                0.0.0.0:*        users:(("cupsd",pid=798,fd=6))                             
# alternatively
nmap -p- localhost
Starting Nmap 7.80 ( https://nmap.org ) at 2022-08-06 10:43 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000060s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 65532 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh <- usually only on when needed
111/tcp open  rpcbind <- reachable from outside :-|
631/tcp open  ipp <- unreachable from outside

Nmap done: 1 IP address (1 host up) scanned in 1.00 seconds

# how to test if service is reachable from outside:
# ssh or actually walk to different host and:
telnet 192.168.0.71 22
Trying 192.168.0.71...
Connected to 192.168.0.71.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1 <- this is imho also very bad publishing the exact version running

# how to disable this?

“While it’s prohibitively difficult to hide the version number of SSH daemon, easily hide the linux version” (src)

echo "DebianBanner no" >> /etc/ssh/sshd_config
# restart SSH daemon
/etc/init.d/ssh restart
# or
service ssh restart

# or if ssh is running on laptop/workstation/pc
# and it is not required for ssh to be permanent-on
systemctl stop ssh.service;
systemctl disable ssh.service;

# and start it only when needed
service ssh start;

telnet 192.168.0.71 111
Trying 192.168.0.71... <- here also a remote connection could be established
# either firewall block or
# disable rpcbind if not needed
systemctl stop rpcbind.target;
systemctl stop rpcbind.socket;
systemctl stop rpcbind.service;

systemctl disable rpcbind.target;
systemctl disable rpcbind.socket;
systemctl disable rpcbind.service;

# alternatively
lsof -i -P -n
# ip -c a -> the ip of the wifi connected system is: 192.168.0.71
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd 1 root 35u IPv4 11077 0t0 TCP *:111 (LISTEN)
systemd 1 root 36u IPv4 11078 0t0 UDP *:111
rpcbind 657 _rpc 4u IPv4 11077 0t0 TCP *:111 (LISTEN)
rpcbind 657 _rpc 5u IPv4 11078 0t0 UDP *:111
avahi-dae 747 avahi 12u IPv4 19499 0t0 UDP *:5353
avahi-dae 747 avahi 13u IPv4 14907 0t0 UDP *:50748
NetworkMa 752 root 22u IPv4 58790 0t0 UDP 192.168.0.71:68->192.168.0.1:67
cupsd 798 root 6u IPv4 15202 0t0 TCP 127.0.0.1:631 (LISTEN)
cups-brow 933 root 7u IPv4 17053 0t0 UDP *:631
dnsmasq 1128 nobody 3u IPv4 22666 0t0 UDP *:67
dnsmasq 1128 nobody 5u IPv4 22669 0t0 UDP 192.168.122.1:53
dnsmasq 1128 nobody 6u IPv4 22670 0t0 TCP 192.168.122.1:53 (LISTEN)
firefox-b 7855 user 96u IPv4 68861 0t0 TCP 192.168.0.71:37462->34.117.237.239:443 (ESTABLISHED) <- google
firefox-b 7855 user 105u IPv4 59120 0t0 TCP 192.168.0.71:60100->116.202.176.26:443 (ESTABLISHED) <- libredns.gr
firefox-b 7855 user 123u IPv4 59150 0t0 TCP 192.168.0.71:57664->35.162.162.226:443 (ESTABLISHED) <- AWS (Amazon Cloud (C2))
firefox-b 7855 user 164u IPv4 61999 0t0 TCP 192.168.0.71:36538->107.21.71.206:443 (ESTABLISHED) <- AWS (Amazon Cloud (C2))
Socket 7915 user 6u IPv4 61556 0t0 TCP 192.168.0.71:60066->116.202.176.26:443 (ESTABLISHED) <- libredns.gr
sshd 8185 root 3u IPv4 65402 0t0 TCP *:22 (LISTEN)
gvfsd-smb 8515 user 9u IPv4 67817 0t0 TCP 192.168.0.71:37240->192.168.0.30:139 (ESTABLISHED) <- gnome virtual filesystem tries to communicate with another debian? #wtf
dpkg -l|grep gvf
ii gvfs:amd64 1.46.2-1 amd64 userspace virtual filesystem - GIO module
ii gvfs-backends 1.46.2-1 amd64 userspace virtual filesystem - backends
ii gvfs-common 1.46.2-1 all userspace virtual filesystem - common data files
ii gvfs-daemons 1.46.2-1 amd64 userspace virtual filesystem - servers
ii gvfs-libs:amd64 1.46.2-1 amd64 userspace virtual filesystem - private libraries

apt show gvfs
Package: gvfs
Version: 1.46.2-1
Priority: optional
Section: libs
Maintainer: Debian GNOME Maintainers
Installed-Size: 408 kB
Depends: gvfs-common (= 1.46.2-1), gvfs-daemons (<< 1.46.2-1.1~), gvfs-daemons (>= 1.46.2-1), gvfs-libs (= 1.46.2-1), libc6 (>= 2.14), libglib2.0-0 (>= 2.65.1)
Suggests: gvfs-backends
Homepage: https://wiki.gnome.org/Projects/gvfs

-> "GVfs is a userspace virtual filesystem implementation for GIO (a library available in GLib). GVfs comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others. GVfs also contains modules for GIO that implement volume monitors and persistent metadata storage. There is also FUSE support that provides limited access to the GVfs filesystems for applications not using GIO."

"Updated gvfs packages that fix two bugs are now available for Red Hat Enterprise Linux 6.
GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data via File Transfer Protocol (FTP), Secure Shell File Transfer Protocol (SFTP), Web Distributed Authoring and Versioning (WebDAV), Common Internet File System (CIFS), Server Message Block (SMB), and other protocols. GVFS integrates with the GNOME I/O (GIO) abstraction layer. "

(src)

Tag: role::shared-lib
Download-Size: 135 kB
APT-Manual-Installed: no
APT-Sources: https://ftp.halifax.rwth-aachen.de/debian bullseye/main amd64 Packages
Description: userspace virtual filesystem - GIO module
gvfs is a userspace virtual filesystem where mounts run as separate
processes which you talk to via D-Bus. It also contains a gio module
that seamlessly adds gvfs support to all applications using the gio
API. It also supports exposing the gvfs mounts to non-gio applications
using fuse.
.
This package contains the GIO module that lets applications use gvfs
mounts.

# gvfs seems to be deeply connected to the MATE Desktop and can not be removed without breaking functionality?

# script it for constant monitoring of connections
vim /scripts/list_open_ports.sh

#!/bin/bash
while true; do lsof -i -P -n; sleep 1; clear; done

manpages:

man.ss.txt

lsof.man.txt

nmap.man.txt

admin