[CentOS] Looking for a list of default services to disable in centos 5
I am looking for a list of services that you disable by default on your server. Here is what I am disabling so far. avahi-daemon bluetooth cups firstboot haldaemon hidd hplip ip6tables isdn messagebus pcscd rpcgssd rpcidmapd sendmail xfs xinetd yum-updatesd Thanks for any input you provide! Martin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Looking for a list of default services to disable in centos 5
I am looking for a list of services that you disable by default on your server. what kind of server? smtp server? pop/imap server? proxy server? web server? ftp server? logging server? voip gateway? firewall? rpm build box? swipe card reader server? development/source repo server? LDAP, NFS? or are you looking for a set of things that we disable by default on all servers? At which point I question your choice of removing sendmail (unless you're replacing it with something like exim or postfix) because most servers need to send mail, even if it's just to alert you when a cron job has barfed. personally I disable, or don't install SE Linux, Network Manager (with extreme prejudice), and anything to do with wireless/bluetooth, and X on every single server. From there it depends on what the server is doing. We've got a Kickstart server and boot off USB sticks and CDs that allow us to pick generic build types off a menu (eg; web server, smtp server, mail storage server, etc). The kickstart config just pulls down the packages we want, a few scripts get run doing various things like updating all packages, setting up our distributed config system, installing custom packages, and so on. However, I don't see the usefulness in seeing what other people disable. Everybody has different networks, different requirements, and does different things on their boxes. What you should be doing is looking at *your* servers and itemising what they do. Then remove all packages that are not needed to provide those services. -- Spiro Harvey Knossos Networks Ltd 021-295-1923www.knossos.net.nz signature.asc Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Looking for a list of default services to disable in centos 5
Martin Suehowicz wrote: I am looking for a list of services that you disable by default on your server. For the packages I install on my systems this is what I disable by default on CentOS 5.2 in kickstart - cat EOF; ### ## Turn off unneeded services in advance ## ### EOF export SERVICES=anacron atd auditd avahi-daemon cpuspeed cups gpm haldaemon ip6tables iptables iscsi iscsid iscsid kudzu lm_sensors mcstrans mdmonitor mess agebus pcscd readahead_early restorecond rpcgssd rpcidmapd xfs yum-updatesd for service in $SERVICES; do chkconfig --level 12345 $service off; chkconfig --list $service; done For CentOS 4.6 - cat EOF; ### ## Turn off unneeded services in advance ## ### EOF export SERVICES=anacron atd auditd autofs cpuspeed cups gpm haldaemon iptables kudzu lm_sensors mdmonitor messagebus rawdevices rhnsd rpcgssd rpcidmapd xfs for service in $SERVICES; do chkconfig --level 12345 $service off; chkconfig --list $service; done Depending on what the server does, the service may get re-enabled again automatically by cfengine after the system boots up, of the services above the only one I recall that ever gets re-enabled is iscsi(only on a few systems). I also have cfengine force shut down all of those services every day at around 2PM in case someone were to start one up by accident and forget about it. Of course there are many more services available in CentOS, the above just comes from the package list I install. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos