Disable unused services

[Edoardo]

Hello everyone, new member here. I've been messing with this Merlin firmware for few days, now I started looking at the running services that bind to some port (confirmed with an nmap scan).

Since busybox's netstat doesn't seem to have the -p option i installed entware and then lsof to see the actual processes.

I managed to disable the printing service (since I don't use it) but I still have some processes for which I don't know the reason to be on:

wanduck: managing the wan inferface, ok but even if i disable browser redirection it's still bound to tcp/18017 and udp/18018

ots: setup for wireless access point, tcp/9998

cfg_server: port tcp/7788 and udp/7788, unknown?

eapd: udp ports 38000, 42000, 43000, 59000, used for some enterprise wifi authentication?

infosvr: udp/9999, used for router discovery?

Lastly there is syslogd which binds to a random udp port, at first I thought about the feature that sends logs to a remote server, but in this case syslogd would act as a client.

Note: even if those processes bind to 0.0.0.0, they are not open on the WAN side but I don't see the point on having them listening on the LAN anyways.

Should I disable them via jffs script or just firewall them with iptables (ex. below)?

iptables -I INPUT -p tcp -i br0 -m multiport --dports 7788,9998,18017 -j REJECT

 

[Martineau]

I managed to disable the printing service (since I don't use it) but I still have some processes for which I don't know the reason to be on:

Most of the non-essential services have been discussed previously in the forum (or if not then you may review the source code on GitHub)

e.g. most recently:
[Beta 384/NG]Known services that can safely be stopped

However, I believe unless you don't use wireless then eapd shouldn't be stopped?

cfg_server: port tcp/7788 and udp/7788, unknown?

What is cfg_server​

Any way to turn off cfg_server permanently?

 

[Edoardo]

However, I believe unless you don't use wireless then eapd shouldn't be stopped?

Thank you for the links! I think eapd may only play a role if you use WPA2-ENTERPRISE, not for the typical wifi usage. Not sure if stopping would break the whole wifi stack though.
What about syslogd? Is it supposed to be listening too?

 

[Martineau]

What about syslogd? Is it supposed to be listening too?

ps | grep syslogd | grep -v grep

syslogd --help

tail -f /tmp/syslog.log

Do you still want to kill the task?

 

[Edoardo]

Do you still want to kill the task?

Definitely not , in fact I was wondering about the listening port

lsof -i | grep syslogd

 

[Martineau]

Definitely not , in fact I was wondering about the listening port

Have you enabled

Remote Log Server xxx.xxx.xxx.xxx Port: nnn

on the System Log - General Log GUI?

Does the listening port go away if you restart syslogd?

 

[Edoardo]

Have you enabled

Remote Log Server xxx.xxx.xxx.xxx Port: nnn

on the System Log - General Log GUI?

Does the listening port go away if you restart syslogd?

I do have a Remote Log Server set up, but as I said in the first post, in such case the router is acting as a client. Port is still there even after restarting BTW.

Do you have a listening port as well?

 

[Martineau]

I do have a Remote Log Server set up, but as I said in the first post, in such case the router is acting as a client. Port is still there even after restarting BTW.

Do you have a listening port as well?

Only when I 'configure' the Remote Log Server.

i.e. any junk that looks like a valid IP address in the field (Bug?! )

lsof -i | grep syslogd

syslogd   29817  admin    5u  IPv4 2749588      0t0  UDP *:44222

ps | grep syslogd | grep -v grep

29817 admin     1408 S    /sbin/syslogd -m 0 -S -O /tmp/syslog.log -s 256 -l 7 -R 255.255.255.255 -L

 

[Edoardo]

i.e. any junk that looks like a valid IP address in the field (Bug?! )

Maybe, one more reason to firewall the service in such a case