Disable unnecessary and unused services

The single best thing you can do to improve security is disable unnecessary daemons.

Most daemons are started by inetd as configured in /etc/inetd.conf. The very first thing you should do when you install a system is to edit this file and comment out (insert a # mark at the beginning of the line) any daemons that you don't use. If you don't know what it does, you don't need it.

After you have edited this file, you must restart inetd. There are various ways of doing this, but the most generic way is to type killall -HUP inetd.

The only daemon that you probably do want to keep is auth, which is pretty innocuous anyway.

Some distributions insist on distributing daemons that are known to be very broken. Get rid of wuftpd if you have it installed. Sometimes it may be called in.wuftpd. Examine /etc/inetd.conf to see which you have installed.

A much better ftp daemon is ProFTPD.