?
Solved

Services in SUSE?

Posted on 2005-05-17
49
Medium Priority
?
576 Views
Last Modified: 2012-05-05
My question is this...In SUSE, how can I stop these following services below: The problem is, when I go into YAST to look for these services,  I can't locate them. Can these be under a different name? I see them LISTENING when I do netstat -pan. Is it under a different name? Also, if I do manage to get stop these running, will it effect the Internet connection? Im using a DHCP DSL connection.

mdnsd         Port: 5353
filenet-rpc    Port 32769.

0
Comment
Question by:jslayton01
  • 31
  • 11
  • 6
  • +1
49 Comments
 
LVL 6

Expert Comment

by:prof666
ID: 14021769
"mdnsd" is a very lightweight, simple, portable, and easy to integrate open source implementation of Multicast DNS, so it could be part of your DHCP client ...are you using usb ADSL modem or a LAN based ADSL modem, if it's the former it could well be part of that.
Not exactly sure what filenet is, but I think it might be a lowlevel web caching daemon. I'm on SuSE9.2 and I see neither of these, so not sure what services you could possible stop to get rid of them.
0
 

Author Comment

by:jslayton01
ID: 14022706
Im running a DSL-modem LAN connection. Thats all. I am not using any USB Network ports, only the standard LAN Card or NIC. But its weird, because I can't locate it under the Yast Services lists.
0
 
LVL 6

Expert Comment

by:prof666
ID: 14022923
Could you post a list of the services (under the runlevel editor) that are enabled?
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:jslayton01
ID: 14023229
Ok ok ok ok ok ok HOLD ON A MINUTE....

While I was going down the list, I noticed that it does have the "mdnsd"....So, my question is, if I disable this, will my Internet connection work fine or not??? I dont want to mess up my system. So thats why I am asking this...
Anyway, here is the rest that are Enabled... Which ones do I have to DISABLE without having my system work improperly. I only use the PC for surfing the Internet and Email only.

alsasound
cron
cups
dbus
earlykbd
earlykdm
earlysyslog
fbset
hal
hwscan
network
nscd (Start Name Service Cache Daemon)
postfix
random
remgr
smbfs
syslog
xolm
0
 

Author Comment

by:jslayton01
ID: 14023257
mdnsd is (mDNSresponder to handle Apple Rendezvous requests) but I am not sure if I need that or not. Is it OK to disable it?
0
 

Author Comment

by:jslayton01
ID: 14023456
And also the bootstrap client which is PORT 68. Thats running also but I can't see it in the Yast services list too.
0
 
LVL 15

Expert Comment

by:DonConsolio
ID: 14026022
to see what process is on what port use:

"netstat --inet -pna"
0
 
LVL 15

Expert Comment

by:DonConsolio
ID: 14026036
to stop a service use "insserv -r servicename"
or for GUI go to yast and disable there
0
 
LVL 15

Expert Comment

by:DonConsolio
ID: 14026043
CORRECTION:
to stop a service use "/etc/init.d/servicename stop"
to DISABLE a service use "insserv -r servicename"
or for GUI go to yast and disable there
0
 

Author Comment

by:jslayton01
ID: 14027177
Ok I understand....

But my questions is, will STOPPING these services will effect my connection to the Internet or not? Im afraid something will happen to my system if I disable these.
0
 

Author Comment

by:jslayton01
ID: 14027201
Also heres my output of the services running. But, For those ports and names that I posted, I need to know there names in the YAST Services List. But the names do not show up in that list in YAST. Can it be under a different name?

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -
tcp        0      0 192.168.1.100:45593     69.73.159.57:80         TIME_WAIT   -
tcp        0      0 192.168.1.100:45592     69.73.159.57:80         TIME_WAIT   -
tcp        0      0 192.168.1.100:52192     212.100.246.90:80       ESTABLISHED 6903/firefox-bin
tcp        0      0 192.168.1.100:56729     64.233.187.99:80        ESTABLISHED 6903/firefox-bin
tcp        0      0 192.168.1.100:35284     66.51.197.166:80        ESTABLISHED 6903/firefox-bin
tcp        0      0 192.168.1.100:35285     66.51.197.166:80        ESTABLISHED 6903/firefox-bin
tcp        0      0 192.168.1.100:35296     66.51.197.166:80        ESTABLISHED 6903/firefox-bin
tcp        0      0 192.168.1.100:35297     66.51.197.166:80        ESTABLISHED 6903/firefox-bin
tcp        0      0 192.168.1.100:34795     66.51.197.168:80        ESTABLISHED 6903/firefox-bin
udp        0      0 0.0.0.0:32769           0.0.0.0:*                           -
udp        0      0 0.0.0.0:68              0.0.0.0:*                           -
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           -
udp        0      0 0.0.0.0:631             0.0.0.0:*                           -
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 14027285
"tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -"

That is sendmail (or Postfix running as sendmail).

"tcp        0      0 192.168.1.100:35284     66.51.197.166:80        ESTABLISHED 6903/firefox-bin"

That is your browser (Firefox, good choice).

"udp        0      0 0.0.0.0:32769           0.0.0.0:*                           -"

If I'm not mistaken, that's an RCP listener from the r* family - rexecd, rshd, et. al.
0
 

Author Comment

by:jslayton01
ID: 14027366
So is it OK to disabled these ports including POstfix?
And what about Port 68 and 5353?? What names do those belong to?
0
 

Author Comment

by:jslayton01
ID: 14027383
And the only one is ENABLED on the "Rs" lists is the "resmgr"....
0
 
LVL 15

Expert Comment

by:DonConsolio
ID: 14029436
run it as root to see ALL processes
0
 
LVL 15

Expert Comment

by:DonConsolio
ID: 14029507
alsasound <- sound daemon, keep
cron <- timed commands scheduler, keep
cups <- printing , remove if not needed
dbus <- hal-reated, keep
earlykbd <- boot, keep
earlykdm <- boot, keep
earlysyslog <- boot, keep
fbset <- framebuffer, keep
hal <- hardware abstraction layer, keep
hwscan <- keep
network <- network initialization, keep
nscd (Start Name Service Cache Daemon) <- keep
postfix <- mail, keep
random <- system random device, keep
remgr <- re(s)mgr ? resource manager for device file access, keep
smbfs <- keep
syslog <- error logs, keep
xolm <- ??? xen ??

morer infos: "grep 'Description:' /etc/rc.d/*"
0
 

Author Comment

by:jslayton01
ID: 14031441
Ok, here is some detailes here. Remember...I want to disalbe ports 68, 5353, and 32769...So, by looking at this, which names can I find under the Yast Services List? And, my question is, if I disable those ports, will I have problems with my Internet connection?

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN      6155/cupsd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      6460/master
tcp        0      0 192.168.1.100:54931     66.102.7.147:80         ESTABLISHED 6825/firefox-bin
udp        0      0 0.0.0.0:32769           0.0.0.0:*                           5982/mdnsd
udp        0      0 0.0.0.0:68              0.0.0.0:*                           5641/dhcpcd
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           5982/mdnsd
udp        0      0 0.0.0.0:631             0.0.0.0:*                           6155/cupsd
0
 
LVL 15

Expert Comment

by:DonConsolio
ID: 14032851
port 68 => dhcpcd (DHCP client daemon) will go away if you configure all your interfaces with fixed IP, not DHCP
port 5353 + 32769  => mdnsd - to remove: "insserv -r mdnsd" + "/etc/init.d/mdnsd stop"
0
 

Author Comment

by:jslayton01
ID: 14033572
But do I need to have mdnsd or not?
0
 

Author Comment

by:jslayton01
ID: 14037006
So, just to confirm, I need the Port 68 because I am NOT using a static IP when connecting to the DSL modem. Also, Im glad to say that I disabled the mdnsd and my system boots up fine.

And what about Port: 25?? Do I need that at all? I do use an email client (Thunderbird).
0
 
LVL 15

Expert Comment

by:DonConsolio
ID: 14038722
a) yes

b) 127.0.0.1:25 ==> loopback interfacd, only visible from local machine, not form the internet
0
 

Author Comment

by:jslayton01
ID: 14038902
So  do I need to disable port 25  too?
0
 
LVL 15

Expert Comment

by:DonConsolio
ID: 14042479
no
0
 

Author Comment

by:jslayton01
ID: 14049516
So by judging by the output of Listening services below, am I considered to be secure?

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -
tcp        0      0 192.168.1.100:56235     72.3.149.241:80         TIME_WAIT   -
tcp        0      0 192.168.1.100:56227     72.3.149.241:80         TIME_WAIT   -
tcp        0      0 192.168.1.100:56217     72.3.149.241:80         TIME_WAIT   -
tcp        0      0 192.168.1.100:56216     72.3.149.241:80         TIME_WAIT   -
tcp        0      0 192.168.1.100:56222     72.3.149.241:80         TIME_WAIT   -
udp        0      0 0.0.0.0:68              0.0.0.0:*                           -
udp        0      0 0.0.0.0:631             0.0.0.0:*                
0
 
LVL 15

Expert Comment

by:DonConsolio
ID: 14049686
firewall or disable cups (631/tcp)
firewall dhcp (68/udp) or use static IP if possible
0
 

Author Comment

by:jslayton01
ID: 14050544
But am I even close to being secure or not secure at all?
0
 
LVL 15

Expert Comment

by:DonConsolio
ID: 14051097
if you close cups and dhcp - yes
there are no ports left open for attack

activating the SUSE firewall in Yast doesn't hurt - just in case you accidentially restart some service :-)
0
 

Author Comment

by:jslayton01
ID: 14052616
Ok...I know, but If I DISABLE those services will my Internet connection work? Thats all I am asking.
0
 

Author Comment

by:jslayton01
ID: 14053594
Also, I disabled CUPS in the past I my printer did not respond to print operations. How can I disable CUPS and print at the same time? And what about port 68? What will happen if I disable that?
0
 

Author Comment

by:jslayton01
ID: 14055315
I dont know why I am being left out in the cold here....Can someone please reply to this?
0
 

Author Comment

by:jslayton01
ID: 14055888
All I want to know is how can I still print even If the CUPS service is DISABLED? Thats all I want to know.
0
 

Author Comment

by:jslayton01
ID: 14055890
Or, how would disabling port 68 can effect my Internet connection? Can it effect it? Thats all Im asking for.....I thought this was really an "experts" forum...Beats me.
0
 
LVL 15

Expert Comment

by:DonConsolio
ID: 14057486
Go to Yast - Hardware - printer
change printer configuration - set cups to accept only local connections
0
 

Author Comment

by:jslayton01
ID: 14062806
Ok, what about port 68?? Should I disable that too?
0
 

Author Comment

by:jslayton01
ID: 14063137
Also, in YAST, can you please tell  me in detail on  how to do this within Yast to have CUPS accept only local connections? Thanks
0
 

Author Comment

by:jslayton01
ID: 14063197
OK, if thats all done in YAST, will I have to also disable the CUPS service under the YAST services list?
0
 

Author Comment

by:jslayton01
ID: 14063725
I am still VERY VERY CONFUSED here sorry to say... People are not giving me details here. I went Yast's printing configuration settings and I dont know what to do in there. Do I go to the Set Permissions??? It says Full CUPS Server Installation. Or, do I need to DENY or ALLOW access to which local IP address??

Help me out please.....I am still confused here like crazy. I dont know what to do.

And Im tired from the lack of responses latetly....Or, no one seems to be using SUSE anymore. Please this is very very important here.
0
 

Author Comment

by:jslayton01
ID: 14063858
Ok, I set ALLOW,DENY to Allow to 127.0.0.1.

And plus, I disabled CUPS in the services....Still, I can't print.
0
 

Author Comment

by:jslayton01
ID: 14063891
I am really lost now. Where in the Print Settings or Permissions what do I have to do? I tried everything here but my printing does not work.

And after the Print settings configuration, do I have disable cups in the services list?

You are not being detailed here. I want someone to be very very detailed on what to do here.
0
 
LVL 6

Expert Comment

by:prof666
ID: 14063906
I'm sorry to hear that you are having a hard time with SuSE, but most people here answer questions based upon specific questions..not general info as you require. To do so would require lots of time that most people here cannot dedicate to you. I would suggest that you read the administration manual that comes with SuSE (assuming that you bought it boxed), as it goes into great detail about what each service is for and the configuration options. SuSE is designed to be secure by default out of the box as long as you ENABLE the firewall (as has been mentioned here by other posters). Enable the firewall and you will be safe to connect to the web, as no services are open by default. Also as mentioned CUPS is NOT visable to outside (unless you enable a hole in your firewall to allow this!!!)

Please rememeber that people who answer here do so out of kindness to others..multiple repeated questions under just one header question is unlikely to get you many responses. If your having difficulty getting answer try upping the points reward (as this will encourage people to answer), but try and contain your questions to just a few specific ones.  
0
 
LVL 6

Expert Comment

by:prof666
ID: 14063932
And yes you will need either CUPS or lpd to be able to print.
0
 

Author Comment

by:jslayton01
ID: 14063956
I want to manually disable CUPS in order for it NOT to be as Listening inder NETSTAT -PAN. Thats my concern here. My question is, can I do that and still be able to print? I want to diable CUPS from LISTENING but still able to print.
0
 

Author Comment

by:jslayton01
ID: 14063962
Also, I am using the Linksys Firewall Router and everything is stealthed (without the Suse firewall enabled).... But why does it show as LISTENING under netstat?
0
 

Author Comment

by:jslayton01
ID: 14064002
Ok.....for those who dont understand on what I want to accomplish here...well, here I go. Under netstat, I want to have NO LISTENING ports whatsoever seen. That makes me more secure.

However, I just Probed Port 631 and it came up stealth...So, why is it listening undet NETSTAT -PAN?
0
 
LVL 6

Expert Comment

by:prof666
ID: 14064025
A process can still be listening without any traffic going to that port. If you set the SUSE firewall to on and set no open ports on your linksys then it will be safe from port probes from the internet. It's the same analogy as if I was locked in a sound proof room, even though I no sound gets to me ...I can still hear!! You WILL need to enable either CUPS or LPD to be able to print as these are the print daemons that talk to the hardware (same as windows has a built in printer daemon), for the buffering and queuing of jobs. If you disable it you will not be able to print ..it's as simple as that.

Netstat only shows processes on the LOCAL system that are listening...not their visablility to the internet..if you want to check that out I suggest you take a hop over to:

https://www.grc.com/x/ne.dll?bh0bkyd2

and run the full port scan..it will quickly show you if anything is open.
0
 

Author Comment

by:jslayton01
ID: 14064078
I probed ALL of my ports and ALL ARE STEALTHED... Considering the fact that the SUSEFirewall is in fact DISABLED because I have the router thats doing all the firewalling.

And BTW, does the SUSE-firewall do Stateful Packeting or only NAT? And which is a better firewall? A Stateful Packet kind or a NAT firewall? But which kind of firewall is the SUSE-firewall?
0
 
LVL 6

Accepted Solution

by:
prof666 earned 1000 total points
ID: 14064139
Stateful packet inspection is much better ...and the SUSE firewall is a SPI firewall (turn it on and then cat /var/log/messages and you will see the packet logging going through). Congrats your system is perfectly safe now.

I would suggest that you now close this question and hand out points to all those who helped along the way.
0
 

Author Comment

by:jslayton01
ID: 14064463
How do I do the points? This forum is way different (AND WAY WAY WAY BETTER) than the other ones.... since I dont know how to establish points, thanks to all of you and Im sorry for my outburts.

BTW, how can tell if SuseFirewall2 is doing SPI??? Please explain...

Also, I dont know how to create iptables, so will the SuseFirewall2 be able to function properly WITHOUT me having to create iptables rulesets???

And....ARE YOU REALLY REALLY SURE that the SUSE-Firewall2 DOES Stateful Packet Inspection? In the book, it only states that it does Packet Filter or NAT... Please explain. will you please?
0
 

Author Comment

by:jslayton01
ID: 14064471
Oh, and could I CLOSE this forum??? And plus, how can I CLOSE all my rest of my topics. I hate seeing them pile up....
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month17 days, 6 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question