这是我第一次在 Linode 上设置云服务器 - Ubuntu 16.04。我按照他们的文档操作,但一直卡在“删除未使用的面向网络的服务”部分。我不确定应该/可以删除哪些服务(来自 Linode 指南 - “但是,除非您有特殊用途,否则 Exim 和 RPC 是不必要的,应该将其删除。“)。我只是认为我标有‘*’的ssh相关服务应该保留。
结果:sudo ss -lnp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
nl UNCONN 0 0 0:0 *
nl UNCONN 5463 0 5:25280 *
nl UNCONN 879 0 5:0 *
nl UNCONN 0 0 7:0 *
nl UNCONN 0 0 1:25281 *
nl UNCONN 0 0 1:-479899735 *
nl UNCONN 0 0 1:9 *
nl UNCONN 0 0 1:2 *
nl UNCONN 0 0 1:2 *
nl UNCONN 0 0 11:1 *
nl UNCONN 0 0 12:1 *
nl UNCONN 0 0 13:1 *
nl UNCONN 0 0 16:-1610261256 *
nl UNCONN 0 0 16:0 *
nl UNCONN 0 0 16:-2068236147 *
nl UNCONN 0 0 16:4404 *
nl UNCONN 0 0 16:1 *
nl UNCONN 0 0 16:14946 *
nl UNCONN 0 0 16:-1223314811 *
nl UNCONN 0 0 16:-68653604 *
nl UNCONN 0 0 16:14946 *
nl UNCONN 0 0 16:1 *
nl UNCONN 0 0 16:-68653414 *
nl UNCONN 0 0 16:-1214494911 *
nl UNCONN 0 0 16:-3159326147 *
nl UNCONN 0 0 16:4414 *
nl UNCONN 0 0 16:-1666257646 *
nl UNCONN 0 0 17:0 *
nl UNCONN 0 0 22:0 *
u_str LISTEN 0 128 /run/systemd/private 49891 * 0 users:(("systemd",pid=1,fd=26))
u_dgr UNCONN 0 0 /run/systemd/notify 9711 * 0 users:(("systemd",pid=1,fd=12))
u_dgr UNCONN 0 0 /run/systemd/journal/syslog 8791 * 0 users:(("rsyslogd",pid=3675,fd=3),("systemd",pid=1,fd=79))
u_seq LISTEN 0 128 /run/udev/control 8894 * 0 users:(("systemd-udevd",pid=37657,fd=4),("systemd",pid=1,fd=43))
u_str LISTEN 0 128 /run/systemd/fsck.progress 8564 * 0 users:(("systemd",pid=1,fd=41))
u_str LISTEN 0 128 /run/systemd/journal/stdout 8346 * 0 users:(("systemd-journal",pid=2017,fd=4),("systemd",pid=1,fd=36))
u_dgr UNCONN 0 0 /run/systemd/journal/socket 8908 * 0 users:(("systemd-journal",pid=2017,fd=5),("systemd",pid=1,fd=37))
u_dgr UNCONN 0 0 /run/user/1000/systemd/notify 77658 * 0 users:(("systemd",pid=17656,fd=13))
u_str LISTEN 0 128 /run/user/1000/systemd/private 79870 * 0 users:(("systemd",pid=13456,fd=14))
u_dgr UNCONN 0 0 /run/systemd/journal/dev-log 9765 * 0 users:(("systemd-journal",pid=2017,fd=3),("systemd",pid=1,fd=62))
u_str LISTEN 0 128 /var/run/dbus/system_bus_socket 17534 * 0 users:(("dbus-daemon",pid=3561,fd=3),("systemd",pid=1,fd=58))
u_str LISTEN 0 1 /var/run/fail2ban/fail2ban.sock 66316 * 0 users:(("fail2ban-server",pid=12344,fd=3))
u_str LISTEN 0 128 /run/uuidd/request 17654 * 0 users:(("uuidd",pid=37655,fd=3),("systemd",pid=1,fd=64))
u_str LISTEN 0 8 /var/run/sendmail/mta/smcontrol 65439 * 0 users:(("sendmail-mta",pid=12342,fd=6))
u_dgr UNCONN 0 0 * 72463 * 8238 users:(("systemd",pid=11236,fd=3))
u_dgr UNCONN 0 0 * 46426 * 8548 users:(("systemd-udevd",pid=34567,fd=5))
u_dgr UNCONN 0 0 * 79620 * 9675 users:(("(sd-pam",pid=14565,fd=7))
u_dgr UNCONN 0 0 * 19259 * 9545 users:(("dbus-daemon",pid=3781,fd=11))
u_dgr UNCONN 0 0 * 39459 * 38740 users:(("systemd-timesyn",pid=22344,fd=7))
u_dgr UNCONN 0 0 * 35422 * 30871 users:(("systemd-timesyn",pid=22344,fd=10))
u_dgr UNCONN 0 0 * 34320 * 8568 users:(("systemd-timesyn",pid=22344,fd=3))
u_dgr UNCONN 0 0 * 32341 * 33452 users:(("systemd-timesyn",pid=22344,fd=9))
u_dgr UNCONN 0 0 * 35320 * 36549 users:(("systemd-timesyn",pid=22344,fd=8))
u_dgr UNCONN 0 0 * 15679 * 8238 users:(("systemd-logind",pid=356,fd=3))
u_dgr UNCONN 0 0 * 46780 * 42341 users:(("systemd-udevd",pid=36787,fd=7))
u_dgr UNCONN 0 0 * 61238 * 98765 users:(("sendmail-mta",pid=13452,fd=3))
u_dgr UNCONN 0 0 * 74567 * 99875 users:(("sudo",pid=18760,fd=8))
*u_dgr UNCONN 0 0 * 78435 * 9345 users:(("sshd",pid=12346,fd=4),("sshd",pid=13934,fd=4))
u_dgr UNCONN 0 0 * 40981 * 42340 users:(("systemd-udevd",pid=30987,fd=8))
u_dgr UNCONN 0 0 * 63214 * 8908 users:(("systemd",pid=2,fd=16))
*u_dgr UNCONN 0 0 * 75675 * 9565 users:(("sshd",pid=14564,fd=4),("sshd",pid=18768,fd=4))
u_dgr UNCONN 0 0 * 9673 * 8348 users:(("systemd-journal",pid=2017,fd=14))
*tcp LISTEN 0 128 *:11 *:* users:(("sshd",pid=13450,fd=3))
tcp LISTEN 0 10 131.0.0.1:45 *:* users:(("sendmail-mta",pid=12342,fd=4))
tcp LISTEN 0 10 131.0.0.1:987 *:* users:(("sendmail-mta",pid=10982,fd=5))
*tcp LISTEN 0 128 :::33 :::* users:(("sshd",pid=15640,fd=4))
谁有删除不必要的服务的经验?
答案1
欢迎来到 serverfault Greg。什么是“不必要的”是主观的 :-)
当您在 linode 上设置服务器发行版(例如 ubuntu 服务器或 centos)时,通常会预先安装一组最少的应用程序。例如,根据您的使用情况,如果您不使用 fail2ban 或 sendmail,则可能不需要它。
对我来说,如果这是您用来学习的测试服务器,那么这样就没问题了。