At Thu, 26 Mar 2009 09:39:55 +1300 CentOS mailing list <centos at centos.org> wrote: > > > > > I am looking for a list of services that you disable by default on > > your server. > > what kind of server? smtp server? pop/imap server? proxy server? web > server? ftp server? logging server? voip gateway? firewall? rpm build > box? swipe card reader server? development/source repo server? LDAP, > NFS? > > or are you looking for a set of things that we disable by default on > all servers? At which point I question your choice of removing sendmail > (unless you're replacing it with something like exim or postfix) > because most servers need to send mail, even if it's just to alert you > when a cron job has barfed. There are two options here: whether the service(s) are listening only on 127.0.0.1 (internal IP loopback) or on both 127.0.0.1 AND eth? IP address (external IP access). I *suspect* the OP is talking about this rather than not installing and/or starting various deamons. Of cource, some services make no sense listening only on 127.0.0.1 (eg FTP or SSH), but many do (SMTP, DB backend, CUPS, etc.) and in some cases you really need them running, even if they are only listening on 127.0.0.1 (some sort of SMTP server for example if not sendmail, then something else). > > personally I disable, or don't install SE Linux, Network Manager (with > extreme prejudice), and anything to do with wireless/bluetooth, and X > on every single server. > > >From there it depends on what the server is doing. > > We've got a Kickstart server and boot off USB sticks and CDs that > allow us to pick generic build types off a menu (eg; web server, smtp > server, mail storage server, etc). The kickstart config just pulls down > the packages we want, a few scripts get run doing various things like > updating all packages, setting up our distributed config system, > installing custom packages, and so on. > > However, I don't see the usefulness in seeing what other people > disable. Everybody has different networks, different requirements, and > does different things on their boxes. What you should be doing is > looking at *your* servers and itemising what they do. Then remove all > packages that are not needed to provide those services. Or in some cases making sure they are only listening on the local loopback device and NOT the external network device(s). Or if they are listening on some external network device(s), only on the ones they should be listening on (i.e. if your server is a router for a NAT or something like that). > -- Robert Heller -- 978-544-6933 Deepwoods Software -- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows heller at deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/