Services in SUSE?

"mdnsd" is a very lightweight, simple, portable, and easy to integrate open source implementation of Multicast DNS, so it could be part of your DHCP client ...are you using usb ADSL modem or a LAN based ADSL modem, if it's the former it could well be part of that.
Not exactly sure what filenet is, but I think it might be a lowlevel web caching daemon. I'm on SuSE9.2 and I see neither of these, so not sure what services you could possible stop to get rid of them.

Im running a DSL-modem LAN connection. Thats all. I am not using any USB Network ports, only the standard LAN Card or NIC. But its weird, because I can't locate it under the Yast Services lists.

Could you post a list of the services (under the runlevel editor) that are enabled?

Ok ok ok ok ok ok HOLD ON A MINUTE....

While I was going down the list, I noticed that it does have the "mdnsd"....So, my question is, if I disable this, will my Internet connection work fine or not??? I dont want to mess up my system. So thats why I am asking this...
Anyway, here is the rest that are Enabled... Which ones do I have to DISABLE without having my system work improperly. I only use the PC for surfing the Internet and Email only.

alsasound
cron
cups
dbus
earlykbd
earlykdm
earlysyslog
fbset
hal
hwscan
network
nscd (Start Name Service Cache Daemon)
postfix
random
remgr
smbfs
syslog
xolm

mdnsd is (mDNSresponder to handle Apple Rendezvous requests) but I am not sure if I need that or not. Is it OK to disable it?

And also the bootstrap client which is PORT 68. Thats running also but I can't see it in the Yast services list too.

to see what process is on what port use:

"netstat --inet -pna"

to stop a service use "insserv -r servicename"
or for GUI go to yast and disable there

CORRECTION:
to stop a service use "/etc/init.d/servicename stop"
to DISABLE a service use "insserv -r servicename"
or for GUI go to yast and disable there

Ok I understand....

But my questions is, will STOPPING these services will effect my connection to the Internet or not? Im afraid something will happen to my system if I disable these.

Also heres my output of the services running. But, For those ports and names that I posted, I need to know there names in the YAST Services List. But the names do not show up in that list in YAST. Can it be under a different name?

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -
tcp        0      0 192.168.1.100:45593     69.73.159.57:80         TIME_WAIT   -
tcp        0      0 192.168.1.100:45592     69.73.159.57:80         TIME_WAIT   -
tcp        0      0 192.168.1.100:52192     212.100.246.90:80       ESTABLISHED 6903/firefox-bin
tcp        0      0 192.168.1.100:56729     64.233.187.99:80        ESTABLISHED 6903/firefox-bin
tcp        0      0 192.168.1.100:35284     66.51.197.166:80        ESTABLISHED 6903/firefox-bin
tcp        0      0 192.168.1.100:35285     66.51.197.166:80        ESTABLISHED 6903/firefox-bin
tcp        0      0 192.168.1.100:35296     66.51.197.166:80        ESTABLISHED 6903/firefox-bin
tcp        0      0 192.168.1.100:35297     66.51.197.166:80        ESTABLISHED 6903/firefox-bin
tcp        0      0 192.168.1.100:34795     66.51.197.168:80        ESTABLISHED 6903/firefox-bin
udp        0      0 0.0.0.0:32769           0.0.0.0:*                           -
udp        0      0 0.0.0.0:68              0.0.0.0:*                           -
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           -
udp        0      0 0.0.0.0:631             0.0.0.0:*                           -

"tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -"

That is sendmail (or Postfix running as sendmail).

"tcp        0      0 192.168.1.100:35284     66.51.197.166:80        ESTABLISHED 6903/firefox-bin"

That is your browser (Firefox, good choice).

"udp        0      0 0.0.0.0:32769           0.0.0.0:*                           -"

If I'm not mistaken, that's an RCP listener from the r* family - rexecd, rshd, et. al.

So is it OK to disabled these ports including POstfix?
And what about Port 68 and 5353?? What names do those belong to?

And the only one is ENABLED on the "Rs" lists is the "resmgr"....

run it as root to see ALL processes

alsasound <- sound daemon, keep
cron <- timed commands scheduler, keep
cups <- printing , remove if not needed
dbus <- hal-reated, keep
earlykbd <- boot, keep
earlykdm <- boot, keep
earlysyslog <- boot, keep
fbset <- framebuffer, keep
hal <- hardware abstraction layer, keep
hwscan <- keep
network <- network initialization, keep
nscd (Start Name Service Cache Daemon) <- keep
postfix <- mail, keep
random <- system random device, keep
remgr <- re(s)mgr ? resource manager for device file access, keep
smbfs <- keep
syslog <- error logs, keep
xolm <- ??? xen ??

morer infos: "grep 'Description:' /etc/rc.d/*"

Ok, here is some detailes here. Remember...I want to disalbe ports 68, 5353, and 32769...So, by looking at this, which names can I find under the Yast Services List? And, my question is, if I disable those ports, will I have problems with my Internet connection?

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN      6155/cupsd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      6460/master
tcp        0      0 192.168.1.100:54931     66.102.7.147:80         ESTABLISHED 6825/firefox-bin
udp        0      0 0.0.0.0:32769           0.0.0.0:*                           5982/mdnsd
udp        0      0 0.0.0.0:68              0.0.0.0:*                           5641/dhcpcd
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           5982/mdnsd
udp        0      0 0.0.0.0:631             0.0.0.0:*                           6155/cupsd

port 68 => dhcpcd (DHCP client daemon) will go away if you configure all your interfaces with fixed IP, not DHCP
port 5353 + 32769  => mdnsd - to remove: "insserv -r mdnsd" + "/etc/init.d/mdnsd stop"

But do I need to have mdnsd or not?

So, just to confirm, I need the Port 68 because I am NOT using a static IP when connecting to the DSL modem. Also, Im glad to say that I disabled the mdnsd and my system boots up fine.

And what about Port: 25?? Do I need that at all? I do use an email client (Thunderbird).

a) yes

b) 127.0.0.1:25 ==> loopback interfacd, only visible from local machine, not form the internet

So  do I need to disable port 25  too?

no

So by judging by the output of Listening services below, am I considered to be secure?

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -
tcp        0      0 192.168.1.100:56235     72.3.149.241:80         TIME_WAIT   -
tcp        0      0 192.168.1.100:56227     72.3.149.241:80         TIME_WAIT   -
tcp        0      0 192.168.1.100:56217     72.3.149.241:80         TIME_WAIT   -
tcp        0      0 192.168.1.100:56216     72.3.149.241:80         TIME_WAIT   -
tcp        0      0 192.168.1.100:56222     72.3.149.241:80         TIME_WAIT   -
udp        0      0 0.0.0.0:68              0.0.0.0:*                           -
udp        0      0 0.0.0.0:631             0.0.0.0:*                

firewall or disable cups (631/tcp)
firewall dhcp (68/udp) or use static IP if possible

But am I even close to being secure or not secure at all?

if you close cups and dhcp - yes
there are no ports left open for attack

activating the SUSE firewall in Yast doesn't hurt - just in case you accidentially restart some service :-)

Ok...I know, but If I DISABLE those services will my Internet connection work? Thats all I am asking.

Also, I disabled CUPS in the past I my printer did not respond to print operations. How can I disable CUPS and print at the same time? And what about port 68? What will happen if I disable that?

I dont know why I am being left out in the cold here....Can someone please reply to this?

All I want to know is how can I still print even If the CUPS service is DISABLED? Thats all I want to know.

Or, how would disabling port 68 can effect my Internet connection? Can it effect it? Thats all Im asking for.....I thought this was really an "experts" forum...Beats me.

Go to Yast - Hardware - printer
change printer configuration - set cups to accept only local connections

Ok, what about port 68?? Should I disable that too?

Also, in YAST, can you please tell  me in detail on  how to do this within Yast to have CUPS accept only local connections? Thanks

OK, if thats all done in YAST, will I have to also disable the CUPS service under the YAST services list?

I am still VERY VERY CONFUSED here sorry to say... People are not giving me details here. I went Yast's printing configuration settings and I dont know what to do in there. Do I go to the Set Permissions??? It says Full CUPS Server Installation. Or, do I need to DENY or ALLOW access to which local IP address??

Help me out please.....I am still confused here like crazy. I dont know what to do.

And Im tired from the lack of responses latetly....Or, no one seems to be using SUSE anymore. Please this is very very important here.

Ok, I set ALLOW,DENY to Allow to 127.0.0.1.

And plus, I disabled CUPS in the services....Still, I can't print.

I am really lost now. Where in the Print Settings or Permissions what do I have to do? I tried everything here but my printing does not work.

And after the Print settings configuration, do I have disable cups in the services list?

You are not being detailed here. I want someone to be very very detailed on what to do here.

I'm sorry to hear that you are having a hard time with SuSE, but most people here answer questions based upon specific questions..not general info as you require. To do so would require lots of time that most people here cannot dedicate to you. I would suggest that you read the administration manual that comes with SuSE (assuming that you bought it boxed), as it goes into great detail about what each service is for and the configuration options. SuSE is designed to be secure by default out of the box as long as you ENABLE the firewall (as has been mentioned here by other posters). Enable the firewall and you will be safe to connect to the web, as no services are open by default. Also as mentioned CUPS is NOT visable to outside (unless you enable a hole in your firewall to allow this!!!)

Please rememeber that people who answer here do so out of kindness to others..multiple repeated questions under just one header question is unlikely to get you many responses. If your having difficulty getting answer try upping the points reward (as this will encourage people to answer), but try and contain your questions to just a few specific ones.  

And yes you will need either CUPS or lpd to be able to print.

I want to manually disable CUPS in order for it NOT to be as Listening inder NETSTAT -PAN. Thats my concern here. My question is, can I do that and still be able to print? I want to diable CUPS from LISTENING but still able to print.

Also, I am using the Linksys Firewall Router and everything is stealthed (without the Suse firewall enabled).... But why does it show as LISTENING under netstat?

Ok.....for those who dont understand on what I want to accomplish here...well, here I go. Under netstat, I want to have NO LISTENING ports whatsoever seen. That makes me more secure.

However, I just Probed Port 631 and it came up stealth...So, why is it listening undet NETSTAT -PAN?

A process can still be listening without any traffic going to that port. If you set the SUSE firewall to on and set no open ports on your linksys then it will be safe from port probes from the internet. It's the same analogy as if I was locked in a sound proof room, even though I no sound gets to me ...I can still hear!! You WILL need to enable either CUPS or LPD to be able to print as these are the print daemons that talk to the hardware (same as windows has a built in printer daemon), for the buffering and queuing of jobs. If you disable it you will not be able to print ..it's as simple as that.

Netstat only shows processes on the LOCAL system that are listening...not their visablility to the internet..if you want to check that out I suggest you take a hop over to:

https://www.grc.com/x/ne.dll?bh0bkyd2

and run the full port scan..it will quickly show you if anything is open.

I probed ALL of my ports and ALL ARE STEALTHED... Considering the fact that the SUSEFirewall is in fact DISABLED because I have the router thats doing all the firewalling.

And BTW, does the SUSE-firewall do Stateful Packeting or only NAT? And which is a better firewall? A Stateful Packet kind or a NAT firewall? But which kind of firewall is the SUSE-firewall?

How do I do the points? This forum is way different (AND WAY WAY WAY BETTER) than the other ones.... since I dont know how to establish points, thanks to all of you and Im sorry for my outburts.

BTW, how can tell if SuseFirewall2 is doing SPI??? Please explain...

Also, I dont know how to create iptables, so will the SuseFirewall2 be able to function properly WITHOUT me having to create iptables rulesets???

And....ARE YOU REALLY REALLY SURE that the SUSE-Firewall2 DOES Stateful Packet Inspection? In the book, it only states that it does Packet Filter or NAT... Please explain. will you please?

Oh, and could I CLOSE this forum??? And plus, how can I CLOSE all my rest of my topics. I hate seeing them pile up....