CKS Reduce Attack Surface
CKS exam topic: Reduce Attack Surface — concepts, configuration, and practice exercises.
Overview
- only purpose (remove unnecessary services)
- node recycling (should be ephemeral, created from images)
- ubuntu, centos
Use the following systemctl commands to identify running services on a node. These are useful for auditing which services are active and determining whether any unnecessary services should be stopped or disabled.
1
2
3
systemctl list-units | grep <service-name>
systemctl list-units --type=service | grep <service-name>
systemctl list-units --type=service --state=running | grep <service-name>
This post is licensed under CC BY 4.0 by the author.