Disable unnecessary system services.
Services also known as daemons are programs that once started run continuously in the background to monitor events in your computer and respond to these changes if requested. For example, the mysql database server has a daemon called mysqld (many service names are ending with the letter d for daemon) that listens to port 3360 on your computer and when it receives a request for a database item, it sends the appropriate results back to the client machine.
Many services are required to run at all time to support critical functions of the operating system. On a dedicated server, many services such as printing (cups), network file system (nfs) are not needed and can be safely disabled. There are two specific reasons for doing so.
Running a service often requires the server to open and listen to a specific known port. This would create an unnecessary security risk to invite intruders to attempt to break in the server via this open port. Running too many services often degrades the server performance since this ultimately requires more memory, wastes more processor cycles and other hardware resources that can be allocated for other server applications. Since the stability of your dedicated server is one of the top concern, reducing the number of services tends to increase the stability of the server.
The following section illustrates how to find out what services are available for the particular operating system platform (chkconfig), how many are currently running (service), and how to start and stop services and eventually automate the launching of these services at boot time.
There are 2 commands used to control services: chkconfig and service.
They are considered system tools and are located in the directory /sbin. To find out the location of chkconfig or any program, use the following command.
[brucelee@192.168.224.109 ~]$ which chkconfig
/sbin/ chkconfig
Services also known as daemons are programs that once started run continuously in the background to monitor events in your computer and respond to these changes if requested. For example, the mysql database server has a daemon called mysqld (many service names are ending with the letter d for daemon) that listens to port 3360 on your computer and when it receives a request for a database item, it sends the appropriate results back to the client machine.
Many services are required to run at all time to support critical functions of the operating system. On a dedicated server, many services such as printing (cups), network file system (nfs) are not needed and can be safely disabled. There are two specific reasons for doing so.
Running a service often requires the server to open and listen to a specific known port. This would create an unnecessary security risk to invite intruders to attempt to break in the server via this open port. Running too many services often degrades the server performance since this ultimately requires more memory, wastes more processor cycles and other hardware resources that can be allocated for other server applications. Since the stability of your dedicated server is one of the top concern, reducing the number of services tends to increase the stability of the server.
The following section illustrates how to find out what services are available for the particular operating system platform (chkconfig), how many are currently running (service), and how to start and stop services and eventually automate the launching of these services at boot time.
There are 2 commands used to control services: chkconfig and service.
They are considered system tools and are located in the directory /sbin. To find out the location of chkconfig or any program, use the following command.
[brucelee@192.168.224.109 ~]$ which chkconfig
/sbin/ chkconfig
chkconfig - this command controls which services are set to start at boot time. These settings are saved and are applied at the next server reboot. Even though the settings are permanent, changing these settings will not start or stop the service immediately, it just flags them to be started from the next reboot. It can also add new services or delete existing services.
service - this command manually controls the starting and stopping of a selected service immediately. This is useful to start, stop, or restart a service without the need to reboot the server.
After you are satisfied with the changes, you can use chkconfig to decide whether a particular service should be started or disabled on the next reboot.
The following example shows a partial listing of all services available for a typical Fedora 9 installation.
[brucelee@192.168.224.109 ~]$ chkconfig --list
named 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
netplugd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:off 3:off 4:off 5:off 6:off
nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off
The list of all services shows one service per line with each column referring to a different run level. A typical dedicated server operates in a non-GUI environment (text mode) so we should pay our attention to those settings in level 3 only. The on and off status refers to whether the service is set to start at the next boot time, it does not tell us if the service is currently running. To see the services with their status at level 3 only, use the following.
[brucelee@192.168.224.109 ~]$ chkconfig --list | grep 3:
IntroductionConfigure & Secure your server
Order Automate 2.1Upload to your server
Linux software bundle
Self-managed Linux server
Top ten reasons for Linux hosting
Steps to secure your server
Establish a secure connection
Verify the installed OS
Verify static IP addresses
Verify root privilege
Set date and time
Create non-root users
Basic Linux file system
Verify server hardware
Login without password
Protect system directories
Disable unused services
Login script automation
Basic Server Administration
Advantages of command lines
Basic Linux commands
Verify installed packages
Set up firewall rules
Secure Windows share
Secure FTP server
Secure Apache web server
Secure MySQL databases
Secure PHP with Zend Guard
Secure PHP with bcompiler
Accelerate PHP with APC
Secure sendmail relaying
Email greylisting
Forum and shopping cart
Contents Management Systems
Remote MySQL management
Remote email management
DNS and subdomains
Installation from source
Script development
More automated operations
Build a test server
Change/recover root password
Choose a dedicated hosting plan
Learn Linux in 30 minutes
Copyright 2000-2008, www.dvd-replica.com
All Rights Reserved, DVD-Replica Media. 832-964-7877
15311 Bonita Springs Ste A, Houston, Texas 77083 USA
All Rights Reserved, DVD-Replica Media. 832-964-7877
15311 Bonita Springs Ste A, Houston, Texas 77083 USA