tting down unwanted services

qwertyjjj · 06-28-2010, 09:10 PM

What of the following services could I shutdown on my server?
I only use the server as a public proxy and VPN with mail, sql, and httpd occasionally used

Code:

[root@server ~]# chkconfig --list | grep '3:on'
SystemEmail     0:off   1:off   2:off   3:on    4:off   5:off   6:off
acpid           0:off   1:off   2:off   3:on    4:on    5:on    6:off
anacron         0:off   1:off   2:on    3:on    4:on    5:on    6:off
apmd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
atd             0:off   1:off   2:off   3:on    4:on    5:on    6:off
auditd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
autofs          0:off   1:off   2:off   3:on    4:on    5:on    6:off
avahi-daemon    0:off   1:off   2:off   3:on    4:on    5:on    6:off
bluetooth       0:off   1:off   2:on    3:on    4:on    5:on    6:off
courier-authlib 0:off   1:off   2:on    3:on    4:on    5:on    6:off
cpuspeed        0:off   1:on    2:on    3:on    4:on    5:on    6:off
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
cups            0:off   1:off   2:on    3:on    4:on    5:on    6:off
firstboot       0:off   1:off   2:off   3:on    4:off   5:on    6:off
gpm             0:off   1:off   2:on    3:on    4:on    5:on    6:off
haldaemon       0:off   1:off   2:off   3:on    4:on    5:on    6:off
hidd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
httpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
httpd-matrixsa  0:off   1:off   2:on    3:on    4:on    5:on    6:off
ip6tables       0:off   1:off   2:on    3:on    4:on    5:on    6:off
iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
irqbalance      0:off   1:off   2:on    3:on    4:on    5:on    6:off
kudzu           0:off   1:off   2:off   3:on    4:on    5:on    6:off
lm_sensors      0:off   1:off   2:on    3:on    4:on    5:on    6:off
lvm2-monitor    0:off   1:on    2:on    3:on    4:on    5:on    6:off
matrixsa        0:off   1:off   2:on    3:on    4:on    5:on    6:off
mcstrans        0:off   1:off   2:on    3:on    4:on    5:on    6:off
mdmonitor       0:off   1:off   2:on    3:on    4:on    5:on    6:off
messagebus      0:off   1:off   2:off   3:on    4:on    5:on    6:off
microcode_ctl   0:off   1:off   2:on    3:on    4:on    5:on    6:off
mysqld          0:off   1:off   2:on    3:on    4:on    5:on    6:off
named           0:off   1:off   2:on    3:on    4:on    5:on    6:off
netfs           0:off   1:off   2:off   3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
nfslock         0:off   1:off   2:off   3:on    4:on    5:on    6:off
ntpd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
openvpn         0:off   1:off   2:off   3:on    4:on    5:on    6:off
pcscd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
portmap         0:off   1:off   2:off   3:on    4:on    5:on    6:off
postfix         0:off   1:off   2:on    3:on    4:on    5:on    6:off
rawdevices      0:off   1:off   2:off   3:on    4:on    5:on    6:off
readahead_early 0:off   1:off   2:on    3:on    4:on    5:on    6:off
restorecond     0:off   1:off   2:on    3:on    4:on    5:on    6:off
rpcgssd         0:off   1:off   2:off   3:on    4:on    5:on    6:off
rpcidmapd       0:off   1:off   2:off   3:on    4:on    5:on    6:off
squid           0:off   1:off   2:off   3:on    4:on    5:on    6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off
sysstat         0:off   1:off   2:on    3:on    4:off   5:on    6:off
xfs             0:off   1:off   2:on    3:on    4:on    5:on    6:off

Also, can I turn off avahi-daemon?

Code:

[root@server ~]# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      30986/mysqld
tcp        0      0 0.0.0.0:1194                0.0.0.0:*                   LISTEN      16236/openvpn
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      2320/portmap
tcp        0      0 xx.xxx.xxx.198:80           0.0.0.0:*                   LISTEN      9071/(squid)
tcp        0      0 0.0.0.0:8080                0.0.0.0:*                   LISTEN      9071/(squid)
tcp        0      0 xx.xxx.xxx.199:80           0.0.0.0:*                   LISTEN      3416/httpd
tcp        0      0 0.0.0.0:5555                0.0.0.0:*                   LISTEN      2854/httpd-matrixsa
tcp        0      0 172.16.0.1:53               0.0.0.0:*                   LISTEN      10999/named
tcp        0      0 xx.xxx.xxx.199:53           0.0.0.0:*                   LISTEN      10999/named
tcp        0      0 xx.xxx.xxx.198:53           0.0.0.0:*                   LISTEN      10999/named
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      10999/named
tcp        0      0 127.0.0.1:8087              0.0.0.0:*                   LISTEN      25081/python
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      10999/named
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      3509/master
tcp        0      0 0.0.0.0:893                 0.0.0.0:*                   LISTEN      8767/rpc.statd
tcp        0      0 :::1057                     :::*                        LISTEN      30911/sshd
tcp        0      0 ::1:953                     :::*                        LISTEN      10999/named
tcp        0      0 :::443                      :::*                        LISTEN      3416/httpd
udp        0      0 0.0.0.0:53522               0.0.0.0:*                               8835/avahi-daemon:
udp        0      0 172.16.0.1:53               0.0.0.0:*                               10999/named
udp        0      0 xx.xxx.xxx.199:53           0.0.0.0:*                               10999/named
udp        0      0 xx.xxx.xxx.198:53           0.0.0.0:*                               10999/named
udp        0      0 127.0.0.1:53                0.0.0.0:*                               10999/named
udp        0      0 0.0.0.0:3130                0.0.0.0:*                               9071/(squid)
udp        0      0 0.0.0.0:25576               0.0.0.0:*                               9071/(squid)
udp        0      0 0.0.0.0:5353                0.0.0.0:*                               8835/avahi-daemon:
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               2320/portmap
udp        0      0 0.0.0.0:887                 0.0.0.0:*                               8767/rpc.statd
udp        0      0 0.0.0.0:890                 0.0.0.0:*                               8767/rpc.statd
udp        0      0 172.16.0.1:123              0.0.0.0:*                               3014/ntpd
udp        0      0 xx.xxx.xxx.199:123          0.0.0.0:*                               3014/ntpd
udp        0      0 xx.xxx.xxx.198:123          0.0.0.0:*                               3014/ntpd
udp        0      0 127.0.0.1:123               0.0.0.0:*                               3014/ntpd
udp        0      0 0.0.0.0:123                 0.0.0.0:*                               3014/ntpd
udp        0      0 :::9811                     :::*                                    8835/avahi-daemon:
udp        0      0 :::5353                     :::*                                    8835/avahi-daemon:
udp        0      0 fe80::219:99ff:fe63:123     :::*                                    3014/ntpd
udp        0      0 ::1:123                     :::*                                    3014/ntpd
udp        0      0 :::123                      :::*                                    3014/ntpd

kbp · 06-29-2010, 12:15 AM

You could start with these :-

Code:

for service in anacron apmd autofs avahi-daemon bluetooth cups firstboot gpm named nfslock pcscd readahead-early restorecond rpcgssd rpcidmapd
do
    chkconfig $service off
done

cheers

qwertyjjj · 06-29-2010, 07:19 AM

Quote:

Originally Posted by kbp

You could start with these :-

Code:

for service in anacron apmd autofs avahi-daemon bluetooth cups firstboot gpm named nfslock pcscd readahead-early restorecond rpcgssd rpcidmapd
do
    chkconfig $service off
done

cheers

Isn't named needed for DNS stuff and lookups for websites?

This error on:
error reading information about service readahead-early: No such file or directory

kbp · 06-29-2010, 05:27 PM

Named is not needed unless you're running your own dns server.. sorry - should have been 'readahead_early' not 'readahead-early'

cheers

qwertyjjj · 06-29-2010, 05:29 PM

Quote:

Originally Posted by kbp

Named is not needed unless you're running your own dns server.. sorry - should have been 'readahead_early' not 'readahead-early'

cheers

I think I have a BIND server running on the box though for the most part I try to use opendns addresses in config files.
readahead - doesn't that help speed up the hard drive?

Also, in the server hardening section I found this:
#10: Delete X Windows

X Windows on server is not required. There is no reason to run X Windows on your dedicated mail and Apache web server. You can disable and remove X Windows to improve server security and performance. Edit /etc/inittab and set run level to 3. Finally, remove X Windows system, enter:
# yum groupremove "X Window System"

When I ran that (but didn't confirm the changes) it listed a lot of programs. Is that a safe thing to remove? I'm a bit worried about the dependencies...