One of the easiest ways to start securing your server (and speeding it up) is to turn off unnecessary services that are usually running by default. This little script will go through and turn off those services. Please read through the script to see what it is doing and comment out (put a # in front of the line) anything that you want to keep running.
I put little descriptions in front of each to help you determine what each service is/does. Copy this into a file called turn_off_services.sh and chmod +x it to make it executable. Then, just run it!
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 |
#!/bin/sh # Script to disable unneeded services at boot time # Please read through each to ensure you want these disabled. # For /most/ systems, this set up is fine. # anacron # The anacron subsystem is designed to provide cron functionality # for machines which may be shut down during the normal times that # system cron jobs run, frequently in the middle of the night. # Laptops and workstations which are shut down at night should keep # anacron enabled, so that standard system cron jobs will run when # the machine boots. chkconfig anacron off service anacron stop # apmd # APM is being replaced by ACPI and should be considered deprecated. # As such, it can be disabled if ACPI is supported by your hardware # and kernel. If the file /proc/acpi/info exists and contains ACPI # version information, then APM can safely be disabled without loss # of functionality. chkconfig apmd off service apmd stop # autofs # If the autofs service is not needed to dynamically mount NFS # filesystems or removable media, disable the service chkconfig autofs off service autofs stop # avahi-daemon # The Avahi daemon implements the DNS Service Discovery and Multicast # DNS protocols, which provide service and host discovery on a network. # It allows a system to automatically identify resources on the network, # such as printers or web servers. chkconfig avahi-daemon off service avahi-daemon stop # bluetooth # If the system requires no Bluetooth devices, disable this service chkconfig bluetooth off service bluetooth stop # cups # Do you need the ability to print from this machine or to allow others # to print to it? If not: chkconfig cups off service cups stop # gpm # GPM is the service that controls the text console mouse pointer. # (The X Windows mouse pointer is unaffected by this service.) chkconfig gpm off service gpm stop # haldaemon # The haldaemon service provides a dynamic way of managing device # interfaces. It automates device configuration and provides an API for # making devices accessible to applications through the D-Bus interface. chkconfig haldaemon off service haldaemon stop # hidd # If the system requires no Bluetooth devices, disable this service chkconfig hidd off service hidd stop # kudzu # Kudzu, Red Hat’s hardware detection program, represents an unnecessary # security risk as it allows unprivileged users to perform hardware # configuration without authorization. Unless this specific functionality # is required, Kudzu should be disabled. chkconfig kudzu off service kudzu stop # mcstrans # Unless there is some overriding need for the convenience of category # label translation, disable the MCS translation service chkconfig mcstrans off service mcstrans stop # messagebus # If no services which require D-Bus are in use, disable this service chkconfig messagebus off service messagebus stop # nfs services # If NFS is not needed, disable NFS client daemons chkconfig nfslock off service nfslock stop chkconfig rpcgssd off service rpcgssd stop chkconfig rpcidmapd off service rpcidmapd stop # pcscd # If Smart Cards are not in use on the system, disable this service chkconfig pcscd off service pcscd stop # portmap # No NFS, NIS? No portmap chkconfig portmap off service portmap stop # xfs # The system’s X.org requires the X Font Server service (xfs) to function. # The xfs service will be started auto- matically if X.org is activated # via startx. Therefore, it is safe to prevent xfs from starting at # boot when X is disabled, even if users are allowed to run X manually. chkconfig xfs off service xfs stop |
Related posts from Linux Brigade!
How to use GNU Screen in Linux Screen is billed as a “full-screen window manager that multiplexes a physical terminal between several processes (typically interactive shells)” (from the man page). Linux admins use […]
Keep your WordPress site secure! I work for a hosting company. On average, I’ll clean up at least 3-4 WordPress sites each month for our clients. Most of the time, they’re running on old versions of WordPress and have […]
Untangle your network Whether you’re the admin of your office network or your home network (or both), it’s always a good idea to have security and order in place. Untangle is software that you can install as […]
Block Countries from your server easily with CSF If you don’t have a need for certain international visitors to your Linux server, its easy to block them out! First, you’ll need to make sure that CSF is installed. You can follow our […]
Lock down your phpMyAdmin access! There are a couple of ways that I lock it down.. I won’t get into specifics because I don’t want you (or you!) trying to find it, but I can’t count the number of times I’ve seen an old […]
I was wondering if it was your hosting that made your site (WordPress at that!) load so fast, but I now know that it’s all of the tweaking that you’re doing to your server. Thanks for adding the descriptions to your code. I’m a newbie suffering from information overload, so I’m still going to have to do a little homework and refresh my memory for some of this (hidd, nfs, nis…huh??) 🙂
Ah, this will come in handy for sure. It always good to have your servers running as efficiently as possible so turning off unneeded services will be very helpful. I like how you showed that we can specify what will be turned off incase we actually do need one of the services.