[CentOS] Looking for a list of default services to disable in centos 5
I am looking for a list of services that you disable by default on your server. Here is what I am disabling so far. avahi-daemon bluetooth cups firstboot haldaemon hidd hplip ip6tables isdn messagebus pcscd rpcgssd rpcidmapd sendmail xfs xinetd yum-updatesd Thanks for any input you provide! Martin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Looking for a list of default services to disable in centos 5
> I am looking for a list of services that you disable by default on > your server. what kind of server? smtp server? pop/imap server? proxy server? web server? ftp server? logging server? voip gateway? firewall? rpm build box? swipe card reader server? development/source repo server? LDAP, NFS? or are you looking for a set of things that we disable by default on all servers? At which point I question your choice of removing sendmail (unless you're replacing it with something like exim or postfix) because most servers need to send mail, even if it's just to alert you when a cron job has barfed. personally I disable, or don't install SE Linux, Network Manager (with extreme prejudice), and anything to do with wireless/bluetooth, and X on every single server. From there it depends on what the server is doing. We've got a Kickstart server and boot off USB sticks and CDs that allow us to pick generic build types off a menu (eg; web server, smtp server, mail storage server, etc). The kickstart config just pulls down the packages we want, a few scripts get run doing various things like updating all packages, setting up our distributed config system, installing custom packages, and so on. However, I don't see the usefulness in seeing what other people disable. Everybody has different networks, different requirements, and does different things on their boxes. What you should be doing is looking at *your* servers and itemising what they do. Then remove all packages that are not needed to provide those services. -- Spiro Harvey Knossos Networks Ltd 021-295-1923www.knossos.net.nz signature.asc Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Looking for a list of default services to disable in centos 5
My question was targeted at minimal install that I could start with bare bones. Just what you need to run the os. I would use it to build the rest of my kickstarts with adding the needed services for webservers, databases, etc. I see the usefulness it for example You can pretty much say that everyone with a server build does not need Bluetooth and that most people are going to want syslog running. Thanks for the input! I do see your point about looking at my servers. Martin -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Spiro Harvey Sent: Wednesday, March 25, 2009 1:40 PM To: centos@centos.org Subject: Re: [CentOS] Looking for a list of default services to disable in centos 5 > I am looking for a list of services that you disable by default on > your server. what kind of server? smtp server? pop/imap server? proxy server? web server? ftp server? logging server? voip gateway? firewall? rpm build box? swipe card reader server? development/source repo server? LDAP, NFS? or are you looking for a set of things that we disable by default on all servers? At which point I question your choice of removing sendmail (unless you're replacing it with something like exim or postfix) because most servers need to send mail, even if it's just to alert you when a cron job has barfed. personally I disable, or don't install SE Linux, Network Manager (with extreme prejudice), and anything to do with wireless/bluetooth, and X on every single server. >From there it depends on what the server is doing. We've got a Kickstart server and boot off USB sticks and CDs that allow us to pick generic build types off a menu (eg; web server, smtp server, mail storage server, etc). The kickstart config just pulls down the packages we want, a few scripts get run doing various things like updating all packages, setting up our distributed config system, installing custom packages, and so on. However, I don't see the usefulness in seeing what other people disable. Everybody has different networks, different requirements, and does different things on their boxes. What you should be doing is looking at *your* servers and itemising what they do. Then remove all packages that are not needed to provide those services. -- Spiro Harvey Knossos Networks Ltd 021-295-1923www.knossos.net.nz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Looking for a list of default services to disable in centos 5
At Thu, 26 Mar 2009 09:39:55 +1300 CentOS mailing list wrote: > > > > > I am looking for a list of services that you disable by default on > > your server. > > what kind of server? smtp server? pop/imap server? proxy server? web > server? ftp server? logging server? voip gateway? firewall? rpm build > box? swipe card reader server? development/source repo server? LDAP, > NFS? > > or are you looking for a set of things that we disable by default on > all servers? At which point I question your choice of removing sendmail > (unless you're replacing it with something like exim or postfix) > because most servers need to send mail, even if it's just to alert you > when a cron job has barfed. There are two options here: whether the service(s) are listening only on 127.0.0.1 (internal IP loopback) or on both 127.0.0.1 AND eth? IP address (external IP access). I *suspect* the OP is talking about this rather than not installing and/or starting various deamons. Of cource, some services make no sense listening only on 127.0.0.1 (eg FTP or SSH), but many do (SMTP, DB backend, CUPS, etc.) and in some cases you really need them running, even if they are only listening on 127.0.0.1 (some sort of SMTP server for example if not sendmail, then something else). > > personally I disable, or don't install SE Linux, Network Manager (with > extreme prejudice), and anything to do with wireless/bluetooth, and X > on every single server. > > >From there it depends on what the server is doing. > > We've got a Kickstart server and boot off USB sticks and CDs that > allow us to pick generic build types off a menu (eg; web server, smtp > server, mail storage server, etc). The kickstart config just pulls down > the packages we want, a few scripts get run doing various things like > updating all packages, setting up our distributed config system, > installing custom packages, and so on. > > However, I don't see the usefulness in seeing what other people > disable. Everybody has different networks, different requirements, and > does different things on their boxes. What you should be doing is > looking at *your* servers and itemising what they do. Then remove all > packages that are not needed to provide those services. Or in some cases making sure they are only listening on the local loopback device and NOT the external network device(s). Or if they are listening on some external network device(s), only on the ones they should be listening on (i.e. if your server is a router for a NAT or something like that). > -- Robert Heller -- 978-544-6933 Deepwoods Software-- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows hel...@deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Looking for a list of default services to disable in centos 5
Martin Suehowicz wrote: > I am looking for a list of services that you disable by default on your > server. For the packages I install on my systems this is what I disable by default on CentOS 5.2 in kickstart - cat
