General handling of services, part one - Linux Tutorial

Welcome back to Cybrary's Linux Hardening course. In this lesson, we are looking at the general handling of services. I'm your instructor, Corey Holzer. Let's begin. In this lesson, we'll cover two topics. First, we'll look at how to disable and remove services. Second, we'll examine the security benefits of splitting up network services, particularly with containers. In module two and in module three, we talked about reducing the attack surface. We reduce the attack surface by disabling a service, and this is achieved by stopping the running service. We do this both to protect the service in the case of an attack or we can also do this as part of a troubleshooting measure. We can prevent the service from running during the next reboot by using systemctl disable and then the name of the service. Of course, this command is run under sudo. If the service is no longer needed, remove it using the apt remove and then the name of the packages that we're removing. The remove action only removes the software. To remove the configuration files as well, we need to switch from remove to purge in the apt command. There are a few services you should consider disabling, either because they are unnecessarily redundant, or because their presence running on the system can present a security risk. For example, DNS. If you're using a dedicated DNS service, either internally or through your Internet service provider, you don't need DNS running on every individual box. Then there's the secure shell daemon. Now, I know this probably sounds confusing, because we've spent so much time talking about how it's a useful tool, but if nobody needs to have remote access to the server, then SSH is not necessary. Another service is SMB. SMB is a means for sharing partitions and folders for others to mount as network drives. If no one mounts these drives or shares these volumes, then SMB serves no purpose on the machine. And then, of course, as we've discussed earlier, remove all legacy services because they have no place in a secure network environment. A safe practice with Linux systems is to containerize services. Container services like Docker offer numerous benefits, including transparency, as an administrator can see what's running inside the container, but to the outside world and to the other services running on the box, it is just the service that they're connecting to. The modularity ensures that any issues affecting one service within a container will not create issues for other services running in other containers. Running services inside Docker's containers also means that the breaching of one service does not necessarily give the adversary access to the other services. Updating containers just requires grabbing a new image from Docker Hub or one that you've developed yourself internally. Because the services run inside a container, it does not matter what the host operating system is versus what the operating system is that's running inside the container. They never talk to each other. The only interface is the actual service that is being hosted in the container. The diagram you see on the screen illustrates how a containerized system runs. You have Docker, which is the actual service itself running on top of Ubuntu, and there are numerous containers that Docker supports that can run simultaneously and independently of one another. In this lesson, we saw how to disable and remove services. We also examined the benefits of containerization. Thank you for taking the time to take part in this lesson. I will see you in the next one.