[CentOS] Looking for a list of default services to disable in centos 5

Wed Mar 25 21:21:57 UTC 2009
Robert Heller <heller at deepsoft.com>

At Thu, 26 Mar 2009 09:39:55 +1300 CentOS mailing list <centos at centos.org> wrote:

> > I am looking for a list of services that you disable by default on
> > your server. 
> what kind of server? smtp server? pop/imap server? proxy server? web
> server? ftp server? logging server? voip gateway? firewall? rpm build
> box? swipe card reader server? development/source repo server? LDAP,
> NFS? 
> or are you looking for a set of things that we disable by default on
> all servers? At which point I question your choice of removing sendmail
> (unless you're replacing it with something like exim or postfix)
> because most servers need to send mail, even if it's just to alert you
> when a cron job has barfed.

There are two options here: whether the service(s) are listening only
on (internal IP loopback) or on both AND eth? IP
address (external IP access).  I *suspect* the OP is talking about this
rather than not installing and/or starting various deamons.  Of cource,
some services make no sense listening only on (eg FTP or
SSH), but many do (SMTP, DB backend, CUPS, etc.) and in some cases you
really need them running, even if they are only listening on
(some sort of SMTP server for example if not sendmail, then something

> personally I disable, or don't install SE Linux, Network Manager (with
> extreme prejudice), and anything to do with wireless/bluetooth, and X
> on every single server. 
> >From there it depends on what the server is doing.
> We've got a Kickstart server and boot off USB sticks and CDs that
> allow us to pick generic build types off a menu (eg; web server, smtp
> server, mail storage server, etc). The kickstart config just pulls down
> the packages we want, a few scripts get run doing various things like
> updating all packages, setting up our distributed config system,
> installing custom packages, and so on. 
> However, I don't see the usefulness in seeing what other people
> disable. Everybody has different networks, different requirements, and
> does different things on their boxes. What you should be doing is
> looking at *your* servers and itemising what they do. Then remove all
> packages that are not needed to provide those services.

Or in some cases making sure they are only listening on the local
loopback device and NOT the external network device(s).  Or if they are
listening on some external network device(s), only on the ones they
should be listening on (i.e. if your server is a router for a NAT or
something like that).


Robert Heller             -- 978-544-6933
Deepwoods Software        -- Download the Model Railroad System
http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
heller at deepsoft.com       -- http://www.deepsoft.com/ModelRailroadSystem/