page 1 | 2 | 3 | 4 | 5
Disable unnecessary system services.
Services also known as daemons are programs that once started run continuously in the background to monitor events in your computer and respond to these changes if requested. For example, the mysql database server has a daemon called mysqld (many service names are ending with the letter d for daemon) that listens to port 3360 on your computer and when it receives a request for a database item, it sends the appropriate results back to the client machine.

Many services are required to run at all time to support critical functions of the operating system. On a dedicated server, many services such as printing (cups), network file system (nfs) are not needed and can be safely disabled. There are two specific reasons for doing so.

Running a service often requires the server to open and listen to a specific known port. This would create an unnecessary security risk to invite intruders to attempt to break in the server via this open port. Running too many services often degrades the server performance since this ultimately requires more memory, wastes more processor cycles and other hardware resources that can be allocated for other server applications. Since the stability of your dedicated server is one of the top concern, reducing the number of services tends to increase the stability of the server.

The following section illustrates how to find out what services are available for the particular operating system platform (chkconfig), how many are currently running (service), and how to start and stop services and eventually automate the launching of these services at boot time.

There are 2 commands used to control services: chkconfig and service.
They are considered system tools and are located in the directory /sbin. To find out the location of chkconfig or any program, use the following command.

[brucelee@192.168.224.109 ~]$ which chkconfig
/sbin/ chkconfig




If you cannot get either of these tools to run, you will need to append /sbin to your current path name.

chkconfig - this command controls which services are set to start at boot time. These settings are saved and are applied at the next server reboot. Even though the settings are permanent, changing these settings will not start or stop the service immediately, it just flags them to be started from the next reboot. It can also add new services or delete existing services.

service - this command manually controls the starting and stopping of a selected service immediately. This is useful to start, stop, or restart a service without the need to reboot the server.

After you are satisfied with the changes, you can use chkconfig to decide whether a particular service should be started or disabled on the next reboot.

The following example shows a partial listing of all services available for a typical Fedora 9 installation.

[brucelee@192.168.224.109 ~]$ chkconfig --list
named 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
netplugd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:off 3:off 4:off 5:off 6:off
nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off


The list of all services shows one service per line with each column referring to a different run level. A typical dedicated server operates in a non-GUI environment (text mode) so we should pay our attention to those settings in level 3 only. The on and off status refers to whether the service is set to start at the next boot time, it does not tell us if the service is currently running. To see the services with their status at level 3 only, use the following.

[brucelee@192.168.224.109 ~]$ chkconfig --list | grep 3:
page 1 | 2 | 3 | 4 | 5