Whilst the Firewall can be configured to
block the ports
used by the the various Linux services, if they are not required it is
also good
policy the
disable any unused services on the Linux system.
Not only does this provide an additional level of Linux security but it
also
avoids
having unnecessary processes running and using up system resources. In
this
chapter we will explore the configuration of Linux services.
Before talking more about Linux services it
is first important to understand a little about Runlevels. A typical
Linux system can be configured to
boot up into one
of five different runlevels. During the boot a process called init
looks in the
/etc/inittab file to find the default runlevel. Having identified the
runlevel
it proceeds to execute the appropriate startup scripts to run the
services that
are required for the system.
The good news is that both the runlevel and
the services
that get started are configurable.
4.1
Linux Init and Runlevels
During
the boot process for Redhat 9.0 and Fedora Core systems, for example,
the init
command
opens the /etc/inittab file to decide what "runlevel" the
system should be booted to. The /etc/inittab file is a plain
text file
that can be opened with your favorite text editor.
The relevant section of a sample /etc/inittab file is as
follows:
# Default
runlevel. The runlevels used by RHS are:
# 0 - halt (Do NOT set initdefault to this)
# 1 - Single user mode
# 2 - Multiuser, without NFS (The same as 3, if you do not
have
networking)
# 3 - Full multiuser mode
# 4 - unused
# 5 - X11
# 6 - reboot (Do NOT set initdefault to this)
#
id:3:initdefault:
The key line in the example above is:
id:3:initdefault:
This tells the init process that the default run level for the system
is run
level 3. To change to a different run level simply change the number
and save
the /etc/inittab file. Before doing this, however, be absolutely sure
you know
which run level you want. Selecting the wrong runlevel can have serious
consequences. To help with this a detailed description of the
individual run
levels is outlined in the table below:
Table 1: Linux Runlevel Descriptions
|
Runlevel
|
Runlevel
Description
|
|
Runlevel
0
|
The
halt runlevel - this is the runlevel at which the system shuts down.
For obvious reasons it is unlikely you would want this as your default
runlevel.
|
|
Runlevel
1
|
Single
runlevel. This causes the system to start up in a single user mode
under which only the root user can log in. In this mode the system does
not start any networking or X windowing, X or multi-user services. This
run level is ideal for system administrators to perform system
maintenance or repair activities.
|
|
Runlevel
2
|
Boots
the system into a multi-user mode with text based console login
capability. This runlevel does not, however, start the network.
|
|
Runlevel
3
|
Similar
to runlevel 2 except that networking services are started. This is the
most common runlevel for server based systems that do not require any
kind of graphical desktop environment.
|
|
Runlevel
4
|
Undefined
runlevel. This runlevel can be configured to provide a custom boot
state.
|
|
Runlevel
5
|
Boots
the system into a networked, multi-user state with X Window System
capability. By default the graphical desktop environment will start at
the end of the boot process. This is the most common run level for
desktop or workstation use.
|
|
Runlevel
6
|
Reboots
the system. Another runlevel that you are unlikely to want as your
default.
|
