The same types of issues that apply to Windows service and protocol configurations also apply to Linux. As with Windows, most Linux distros ship with default services, but many are added after installation. The key difference is that Microsoft provides the software for most of the common Windows-based services. Linux, on the other hand, depends on third parties to develop and provide the software. You choose the application you want, and download the package that is appropriate for your distribution and platform. This "mix and match" approach makes the range of possible service and protocol configurations much wider in Linux. As a pen tester, you should research possible exploits for the Linux kernel, service/application, and protocol versions that you discover.
Some notable exploits that have affected Linux services and protocols include the following.
Shellshock CVE-2014-6271, CVE-2014-6278
POODLE CVE-2014-3566, CVE-2014-8730
Linux Service Installation Methods
The most common installation commands include:
- Debian/Ubuntu APT apt-get install <package name>
- Fedora/Redhat yum yum install <package name>
- Mandriva URPM urpmi <package name>
- SUSE YaST yast -i <package name>
- Generic source code, often distributed as a tarball tar -xzvf <name>.tar.gz