Since I can directly access the shell of my ipfire system thru vga/monitor display, I’ve disabled sshd and httpd/apache services in order to uphold a high security stance on my setup and I’ve done this by performing
bash# chown -x /etc/init.d/[two services I mentioned]
Now my problem with this is that I always get this annoying notice message filled with words in red and effectively pauses the execution of startup and shutdown of my IPFire machine.
So yeah, I want to know if there is a cleaner way of doing this? I know the services at /etc/init.d are symlinked to the rc something directory and I have no idea how to properly disable services in there.
EDIT:
What I am doing is not recommended to be done for an average use-case because generally, the whole point of IPFire is to use the Web-UI to manage ALL the configuration and there is no particular need to go to the command line in the console except for advanced use-cases.
That will move the startup and shutdown links to the root directory. Before shutting down after these commands you should make sure that both sshd and apache are not running.
You obviously intend to only control IPFire from the command line.
Depending on what options you intend to use in the various config files you might use options that are not available from the WUI. That could mean that when you need to update IPFire to a new Core Update that your config files will have those options removed. I am not totally certain on that. It certainly applies if you manually add an option from the command line and then use the WUI any non IPFire options would be removed.
Also you might need to remove the links again after an update.
Why do you believe the use of the WUI is so insecure? If you were using the WUI you could also turn off ssh from it.
Well, I believe in the concept of reducing the “Surface of attack” to be very important when it comes to taking a really strong stance against security and apparently, the area where I live in is very hostile on the cyber side of things and I ain’t taking chances no more after getting hacked for who knows how many times - so yes, I’m relentlessly securing EVERYTHING across the board.
Thanks for telling me where exactly to do that though I think it’d be better to have told people to move those things to the root directory instead of completely doing an
rm -rf
on it which will prevent them from ever accessing the web-ui no more.
Oh ya, another thing that I wanna know is how to perform a Core Update on the command-line because the documentation does not have an article on how to do this
I understand what you are saying but as they are softlinks I am not sure how that works if you move the link to another location.
Just created a softlink in one place and then moved it to another and the link is maintained but it won’t be in the place that sysvinit would be looking at to start the programs so that would work and is a better idea.
Probably worth saying that what you are doing is not recommended to be done generally as the whole point of IPFire is that you use the WUI to manage all the configuration and generally you don’t need to go to the command line in the console except when you are needing to do/redo a setup.
Doing what you are doing needs to be done with a good understanding of how firewalls and the constituent packages work together and the specifics of how IPFire is constructed to execute that.
Oh right, I forgot to put into attention this important detail. Sounds good!
Thank you for pointing this out as I did forget that what I am is practically advanced level already. Will edit my main post to include this.
EDIT:
It appears that I am not allowed to edit the main post of this thread so I am putting it here below for reference.
What I am doing is not recommended to be done for an average use-case because generally, the whole point of IPFire is to use the Web-UI to manage ALL the configuration and there is no particular need to go to the command line in the console except for advanced use-cases.
