UNIX Guidelines

UNIX Guidelines

 

You are encouraged to run UNIX on your personal machine, however, UNIX does require more care and attention than other desktop Operating Systems.

When connecting your UNIX machine to the Mathematics Network, please make sure you turn off or disable all unnecessary services. Your personal machine is not permitted to be a server on the network, only client services are permitted.

Why?

Services such as mail, http, bind, telnet and ftp are forbidden on personal machines. Ssh is permitted.

The easiest way to comply with this policy is to turn off inetd, sendmail/postfix, httpd and xdm/kdm. Choose your Operating System from the list below to learn how to shutdown these services or download a script to do it for you.
If your Operating System is not listed, please contact the help desk

Linux  

Linux
script

Most Linux Distributions will fit these instructions. Debian Linux is a noted exception.

inetd
inetd is started at boot by the script /etc/rc.d/init.d/inet
To disable inetd, rename this script:

mv /etc/rc.d/init.d/inet /etc/rc.d/init.d/inet.orig

sendmail/postfix
These daemons are used for recieving mail, to disable them, remove their startup script.

for sendmail

mv /etc/rc.d/init.d/sendmail /etc/rc.d/init.d/sendmail.orig

for postfix

mv /etc/rc.d/init.d/postfix /etc/rc.d/init.d/postfix.orig

httpd
httpd, or apache, is the most common web server for Linux, to disable this server, remove it's startup script.

mv /etc/rc.d/init.d/httpd /etc/rc.d/init.d/httpd.orig

or, for the secure version,

mv /etc/rc.d/init.d/httpsd /etc/rc.d/init.d/httpsd.orig

xdm/kdm
xdm and kdm are daemons that control X-Window connections to a server through the X-Windows Display Manager Control Protocol (XDMCP). To disable your server from allowing anyone to connect to it through XDMCP, you must edit the config file.

Most linux distributions use XFree86 as the default X-Windows server, the config file used for xdm under XFree86 is /etc/X11/xdm/Xaccess.
To disable xdm, remove the file and replace it with an empty file.

mv /etc/X11/xdm/Xaccess /etc/X11/xdm/Xaccess.orig
touch /etc/X11/xdm/Xaccess; chmod 644 /etc/X11/xdm/Xaccess