FAQ

[CentOS] Disabling services in CentOS 5.5

Ski Dawg
Jun 16, 2010 at 5:06 pm
Hello all,

I have been doing some searching for information about disabling
services within a CentOS 5.5 install. I have found a few different
opinions, and wanted to ask for some feedback.

First off, the system is running a LAMP stack to serve a web
application. It will only be doing email to send occasional messages
out (sent via the application only). It will not be receiving email
for any users. It is an CentOS 5.5 (fully updated) install running
under VMware (esx, I believe). We are not sharing directories via nfs
or samba (either from or to this virtual machine).
From my research, the services that I am thinking of turning off are:
nfs (already off)
nfslock
portmap
rpccgssd
rpcidmapd
rpcsvcgssd
apcid
apmd
mdmpd
mdmonitor

Is there any reason that I need to leave any of these services
running? Are there others that I should disable as well?

Any feedback about this would be greatly appreciated.
--
Doug

Registered Linux User #285548 (http://counter.li.org)
----------------------------------------
Never trust a computer you can't throw out a window.
? -- Steve Wozniak
reply

Search Discussions

6 responses

  • Mark Roth at Jun 16, 2010 at 5:25 pm

    Hello all,

    I have been doing some searching for information about disabling
    services within a CentOS 5.5 install. I have found a few different
    opinions, and wanted to ask for some feedback.
    No brainer.
    First off, the system is running a LAMP stack to serve a web
    application. It will only be doing email to send occasional messages
    out (sent via the application only). It will not be receiving email
    for any users. It is an CentOS 5.5 (fully updated) install running
    under VMware (esx, I believe). We are not sharing directories via nfs
    or samba (either from or to this virtual machine).
    From my research, the services that I am thinking of turning off are:
    nfs (already off)
    service nfs stop
    chkconfig nfs off

    Same for others.

    Oh, and if you don't really need it, turn *off* avahi-daemon, and the same
    for bluetooth, if you don't need it. Also, if you turn off the
    avahi-daemon, close the port opened in iptables (edit
    /etc/sysconfig/iptables and delete it, then restart iptables).

    mark "in a *server* room? hardwired?"
  • John R Pierce at Jun 16, 2010 at 5:28 pm

    Ski Dawg wrote:
    From my research, the services that I am thinking of turning off are:
    nfs (already off)
    nfslock
    portmap
    rpccgssd
    rpcidmapd
    rpcsvcgssd
    all safe to shut off if you're not serving NFS, NIS, etc.
    apci
    power management. I believe you need acpid for things like screen saver.
    apmd
    apmd isn't even installed on my servers, probably only used on legacy
    pre-ACPI hardware.
    mdmpd
    multipath device monitoring, would be required if you have multipath
    disk IO, or ethernet, I believe.
    mdmonitor
    should be running if you use mdraid or any other device mapper kind of
    storage.
  • Miguel Medalha at Jun 16, 2010 at 5:35 pm
    The following NSA document provides very good information on the secure
    configuration of Red Hat Enterprise Linux 5/CentOS 5.x:

    Guide to the Secure Configuration of Red Hat Enterprise Linux 5
    http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf

    It goes through almost all the services and gives you guidance on
    whether and how you should disable a service.
  • Ski Dawg at Jun 17, 2010 at 11:32 pm
    Mark, John, and Miguel,

    Thank you for the information. I will take all of this into
    consideration with the rest of my research. I do appreciate your
    feedback and help.
    --
    Doug

    Registered Linux User #285548 (http://counter.li.org)
    ----------------------------------------
    Never trust a computer you can't throw out a window.
    -- Steve Wozniak


    On Wed, Jun 16, 2010 at 3:06 PM, Ski Dawg wrote:
    Hello all,

    I have been doing some searching for information about disabling
    services within a CentOS 5.5 install. I have found a few different
    opinions, and wanted to ask for some feedback.

    First off, the system is running a LAMP stack to serve a web
    application. It will only be doing email to send occasional messages
    out (sent via the application only). It will not be receiving email
    for any users. It is an CentOS 5.5 (fully updated) install running
    under VMware (esx, I believe). We are not sharing directories via nfs
    or samba (either from or to this virtual machine).

    From my research, the services that I am thinking of turning off are:
    nfs (already off)
    nfslock
    portmap
    rpccgssd
    rpcidmapd
    rpcsvcgssd
    apcid
    apmd
    mdmpd
    mdmonitor

    Is there any reason that I need to leave any of these services
    running? Are there others that I should disable as well?

    Any feedback about this would be greatly appreciated.
  • Eero Volotinen at Jun 18, 2010 at 1:54 am
    www.cisecurity.org/tools2/linux/CIS_RHEL5_Benchmark_v1.1.pdf

    contains very good paper how to harden centos/rhel installation.

    --
    Eero,
    RHCE
  • Ryan Wagoner at Jun 18, 2010 at 10:59 pm

    On Wed, Jun 16, 2010 at 5:06 PM, Ski Dawg wrote:
    Hello all,

    I have been doing some searching for information about disabling
    services within a CentOS 5.5 install. I have found a few different
    opinions, and wanted to ask for some feedback.

    First off, the system is running a LAMP stack to serve a web
    application. It will only be doing email to send occasional messages
    out (sent via the application only). It will not be receiving email
    for any users. It is an CentOS 5.5 (fully updated) install running
    under VMware (esx, I believe). We are not sharing directories via nfs
    or samba (either from or to this virtual machine).
    From my research, the services that I am thinking of turning off are:
    nfs (already off)
    nfslock
    portmap
    rpccgssd
    rpcidmapd
    rpcsvcgssd
    apcid
    apmd
    mdmpd
    mdmonitor

    Is there any reason that I need to leave any of these services
    running? Are there others that I should disable as well?

    Any feedback about this would be greatly appreciated.
    --
    Doug

    Registered Linux User #285548 (http://counter.li.org)
    ----------------------------------------
    Never trust a computer you can't throw out a window.
    ? -- Steve Wozniak
    _______________________________________________
    For my VMware ESXi guests I always turn off the following

    bluetooth
    hidd
    pcscd
    smartd

    Ryan

Related Discussions

Discussion Navigation
viewthread | post