software minimalism is key for stability, maintainability, security and performance
so regularly check, what services are running and if they can be disabled/uninstalled 🙂
systemd:
# list all units (list can be /searched like less)
systemctl
# list all services (list can be /searched like less)
systemctl list-unit-files --type=service
# search for keyword
systemctl list-unit-files --type=service | grep keyword
# list all network sockets
ss -tulpn
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process udp UNCONN 0 0 192.168.122.1:53 0.0.0.0:* users:(("dnsmasq",pid=1128,fd=5)) udp UNCONN 0 0 0.0.0.0%virbr0:67 0.0.0.0:* users:(("dnsmasq",pid=1128,fd=3)) udp UNCONN 0 0 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=657,fd=5),("systemd",pid=1,fd=36)) udp UNCONN 0 0 0.0.0.0:631 0.0.0.0:* users:(("cups-browsed",pid=933,fd=7)) udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:* users:(("avahi-daemon",pid=747,fd=12)) udp UNCONN 0 0 0.0.0.0:50748 0.0.0.0:* users:(("avahi-daemon",pid=747,fd=13)) tcp LISTEN 0 4096 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=657,fd=4),("systemd",pid=1,fd=35)) tcp LISTEN 0 32 192.168.122.1:53 0.0.0.0:* users:(("dnsmasq",pid=1128,fd=6)) tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=8185,fd=3)) tcp LISTEN 0 128 127.0.0.1:631 0.0.0.0:* users:(("cupsd",pid=798,fd=6))
# alternatively nmap -p- localhost Starting Nmap 7.80 ( https://nmap.org ) at 2022-08-06 10:43 CEST Nmap scan report for localhost (127.0.0.1) Host is up (0.0000060s latency). Other addresses for localhost (not scanned): ::1 Not shown: 65532 closed ports PORT STATE SERVICE 22/tcp open ssh <- usually only on when needed 111/tcp open rpcbind <- reachable from outside :-| 631/tcp open ipp <- unreachable from outside Nmap done: 1 IP address (1 host up) scanned in 1.00 seconds # how to test if service is reachable from outside: # ssh or actually walk to different host and: telnet 192.168.0.71 22
Trying 192.168.0.71... Connected to 192.168.0.71. Escape character is '^]'. SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1 <- this is imho also very bad publishing the exact version running # how to disable this?
“While it’s prohibitively difficult to hide the version number of SSH daemon, easily hide the linux version” (src)
echo "DebianBanner no" >> /etc/ssh/sshd_config # restart SSH daemon /etc/init.d/ssh restart # or service ssh restart # or if ssh is running on laptop/workstation/pc # and it is not required for ssh to be permanent-on systemctl stop ssh.service; systemctl disable ssh.service; # and start it only when needed service ssh start; telnet 192.168.0.71 111 Trying 192.168.0.71... <- here also a remote connection could be established # either firewall block or # disable rpcbind if not needed systemctl stop rpcbind.target; systemctl stop rpcbind.socket; systemctl stop rpcbind.service; systemctl disable rpcbind.target; systemctl disable rpcbind.socket; systemctl disable rpcbind.service; # alternatively lsof -i -P -n # ip -c a -> the ip of the wifi connected system is: 192.168.0.71
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd 1 root 35u IPv4 11077 0t0 TCP *:111 (LISTEN) systemd 1 root 36u IPv4 11078 0t0 UDP *:111 rpcbind 657 _rpc 4u IPv4 11077 0t0 TCP *:111 (LISTEN) rpcbind 657 _rpc 5u IPv4 11078 0t0 UDP *:111 avahi-dae 747 avahi 12u IPv4 19499 0t0 UDP *:5353 avahi-dae 747 avahi 13u IPv4 14907 0t0 UDP *:50748 NetworkMa 752 root 22u IPv4 58790 0t0 UDP 192.168.0.71:68->192.168.0.1:67 cupsd 798 root 6u IPv4 15202 0t0 TCP 127.0.0.1:631 (LISTEN) cups-brow 933 root 7u IPv4 17053 0t0 UDP *:631 dnsmasq 1128 nobody 3u IPv4 22666 0t0 UDP *:67 dnsmasq 1128 nobody 5u IPv4 22669 0t0 UDP 192.168.122.1:53 dnsmasq 1128 nobody 6u IPv4 22670 0t0 TCP 192.168.122.1:53 (LISTEN) firefox-b 7855 user 96u IPv4 68861 0t0 TCP 192.168.0.71:37462->34.117.237.239:443 (ESTABLISHED) <- google firefox-b 7855 user 105u IPv4 59120 0t0 TCP 192.168.0.71:60100->116.202.176.26:443 (ESTABLISHED) <- libredns.gr firefox-b 7855 user 123u IPv4 59150 0t0 TCP 192.168.0.71:57664->35.162.162.226:443 (ESTABLISHED) <- AWS (Amazon Cloud (C2)) firefox-b 7855 user 164u IPv4 61999 0t0 TCP 192.168.0.71:36538->107.21.71.206:443 (ESTABLISHED) <- AWS (Amazon Cloud (C2)) Socket 7915 user 6u IPv4 61556 0t0 TCP 192.168.0.71:60066->116.202.176.26:443 (ESTABLISHED) <- libredns.gr sshd 8185 root 3u IPv4 65402 0t0 TCP *:22 (LISTEN) gvfsd-smb 8515 user 9u IPv4 67817 0t0 TCP 192.168.0.71:37240->192.168.0.30:139 (ESTABLISHED) <- gnome virtual filesystem tries to communicate with another debian? #wtf
dpkg -l|grep gvf ii gvfs:amd64 1.46.2-1 amd64 userspace virtual filesystem - GIO module ii gvfs-backends 1.46.2-1 amd64 userspace virtual filesystem - backends ii gvfs-common 1.46.2-1 all userspace virtual filesystem - common data files ii gvfs-daemons 1.46.2-1 amd64 userspace virtual filesystem - servers ii gvfs-libs:amd64 1.46.2-1 amd64 userspace virtual filesystem - private libraries apt show gvfs Package: gvfs Version: 1.46.2-1 Priority: optional Section: libs Maintainer: Debian GNOME Maintainers Installed-Size: 408 kB Depends: gvfs-common (= 1.46.2-1), gvfs-daemons (<< 1.46.2-1.1~), gvfs-daemons (>= 1.46.2-1), gvfs-libs (= 1.46.2-1), libc6 (>= 2.14), libglib2.0-0 (>= 2.65.1) Suggests: gvfs-backends Homepage: https://wiki.gnome.org/Projects/gvfs -> "GVfs is a userspace virtual filesystem implementation for GIO (a library available in GLib). GVfs comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others. GVfs also contains modules for GIO that implement volume monitors and persistent metadata storage. There is also FUSE support that provides limited access to the GVfs filesystems for applications not using GIO." "Updated gvfs packages that fix two bugs are now available for Red Hat Enterprise Linux 6. GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data via File Transfer Protocol (FTP), Secure Shell File Transfer Protocol (SFTP), Web Distributed Authoring and Versioning (WebDAV), Common Internet File System (CIFS), Server Message Block (SMB), and other protocols. GVFS integrates with the GNOME I/O (GIO) abstraction layer. " (src) Tag: role::shared-lib Download-Size: 135 kB APT-Manual-Installed: no APT-Sources: https://ftp.halifax.rwth-aachen.de/debian bullseye/main amd64 Packages Description: userspace virtual filesystem - GIO module gvfs is a userspace virtual filesystem where mounts run as separate processes which you talk to via D-Bus. It also contains a gio module that seamlessly adds gvfs support to all applications using the gio API. It also supports exposing the gvfs mounts to non-gio applications using fuse. . This package contains the GIO module that lets applications use gvfs mounts. # gvfs seems to be deeply connected to the MATE Desktop and can not be removed without breaking functionality? # script it for constant monitoring of connections vim /scripts/list_open_ports.sh #!/bin/bash while true; do lsof -i -P -n; sleep 1; clear; done
manpages:
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!
