I remember one of my predecessors said that Linux servers are actually like building blocks. Small modules and service groups form an operating system. This is the most vivid metaphor for the Linux system. When a Linux server is installed, engineers are asked to select the services to be installed. Most of the time, out of security or other considerations, the system's default installation of service policies is often not the best. To obtain a secure Linux server environment, system administrators often need to install appropriate services. However, there are too many services in Linux, and many services are dazzling.
By default, Linux is a powerful operating system that provides many services and applications. Even if I have been using Linux for nearly ten years, I cannot count the services related to the Linux operating system in detail. However, most of these services and applications are not used after installation. On the contrary, it may cause security risks and performance problems. Generally, I think the following services should not be installed in terms of security, optimization, and performance.
1. dump software package.
Dump is a backup tool program for Linux. It can back up a directory or the entire file system to a specified device or a large file. This software package contains two programs: the dump for backup and the restore for restoration. The dump command can be used to check the files in the file system to determine which files need to be backed up, and then copy these files to the hard disk. This command has strong functions. For example, you can specify the backup start time and date, modify the density and capacity pre-set for backup media, specify the block data of the backup volume, and specify the backup level.
However, in practice, it is good that system engineers use this command to back up and restore system files. This is mainly because the software package has relatively strong functions but is less practical. For example, too many parameters are troublesome during operation. The most critical thing is that the backup files generated using this software are not very stable. Sometimes some inexplicable faults may occur, such as file loss that cannot be identified. Therefore, the author suggests that the system administrator should not use this software package to back up the system and do not need to install this software package when installing the Linux server. You can find other methods for implementation.
2. Finger service.
Finger is a program under the Inernet software package. This command allows the system administrator to view the detailed information of other users in the system, such as the login name, the directory used, the real name, and the time when the user logs on to the system. In addition, this command is not limited to queries on the same server. you can also search for users on a remote server. For example, you only need to enter finger root to display the detailed information of the administrator. However, it is generally not recommended to install this command. This is mainly because it provides useful information for intruders and brings some security risks to Linux servers. In addition, this command is not only available to the root account, but can be used by any user. Therefore, the security risk of this command is relatively large. Therefore, from the security perspective, it is better not to install this service.
III. Fwhois service.
This command is similar to the finger command and is also a program under the Inernet software package. It searches for and displays the user information of the specified account. The difference is that the fwhois command is used to search for the Network Solutions WHOIS database. the account name must be registered on the top for retrieval, and the name is case-insensitive. WHOIS is a type of database maintained by the operating system to store users, operating systems, network settings, and other related databases. This database contains many parameters that are closely related to operating system security. Therefore, if the content in the database is leaked, the security of the Linux server will be greatly affected. In general, these information system engineers do not need to query. This information is pre-planned and archived during preparation. Therefore, there is no need for users to query and add security risks to the operating system on a whitelist. Therefore, I strongly recommend that you do not install this command.
[1] [2] Next page
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
