25Aug/090
How to determine which sevices are enabled at boot time in linux
How do I find out which services are enabled at Boot under Ubuntu/CentOS/RHEL/Fedora Linux? How can I disable a service which is not needed or I dont want to run every time the linux machine starts?
Open terminal and login as root user.
Type the following command to list all services which are enabled at boot:
1 | #chkconfig --list | grep $(runlevel | awk '{ print $2}'):on |
Sample output:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 | acpid 0:off 1:off 2:off 3:on 4:on 5:on 6:off anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off dkms_autoinstaller 0:off 1:off 2:on 3:on 4:on 5:on 6:off haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off hidd 0:off 1:off 2:on 3:on 4:on 5:on 6:off irqbalance 0:off 1:off 2:on 3:on 4:on 5:on 6:off kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off lighttpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off lm_sensors 0:off 1:off 2:on 3:on 4:on 5:on 6:off lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:off mcstrans 0:off 1:off 2:on 3:on 4:on 5:on 6:off mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off microcode_ctl 0:off 1:off 2:on 3:on 4:on 5:on 6:off mysqld 0:off 1:off 2:on 3:on 4:on 5:on 6:off named 0:off 1:off 2:on 3:on 4:on 5:on 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off pcscd 0:off 1:off 2:on 3:on 4:on 5:on 6:off psacct 0:off 1:off 2:on 3:on 4:on 5:on 6:off readahead_early 0:off 1:off 2:on 3:on 4:on 5:on 6:off restorecond 0:off 1:off 2:on 3:on 4:on 5:on 6:off rhnsd 0:off 1:off 2:on 3:on 4:on 5:on 6:off rpcgssd 0:off 1:off 2:off 3:on 4:on 5:on 6:off rpcidmapd 0:off 1:off 2:off 3:on 4:on 5:on 6:off sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off setroubleshoot 0:off 1:off 2:off 3:on 4:on 5:on 6:off smartd 0:off 1:off 2:on 3:on 4:on 5:on 6:off snmpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off yum-updatesd 0:off 1:off 2:on 3:on 4:on 5:on 6:off |
The first column of above output is the name of a service which is currently enabled at boot. You need to review each service.
Task: Disable services
To stop service, enter:
1 2 | # service {service-name} stop # service vmware stop |
To disable service, enter:
1 2 | # chkconfig {service-name} off # chkconfig vmware off |
You may also use ntsysv command to manage all services.
A note about outdated insecure service
All of the following services must be disabled to improve server security:
- Inetd and Xinetd (inetd xinetd) - Use direct services configured via SysV and daemons.
- Telnet (telnet-server) - Use ssh
- Rlogin, Rsh, and Rcp ( rsh-server ) - Use ssh and scp.
- NIS (ypserv) : Use OpenLDAP or Fedora directory server.
- TFTP (tftp-server) : Use SFTP or SSH.
To delete all of the service enter:
1 | # yum erase inetd xinetd ypserv tftp-server telnet-server rsh-serve |