Disabling services in CentOS 5.5
 

> Hello all,
>
> I have been doing some searching for information about disabling
> services within a CentOS 5.5 install. I have found a few different
> opinions, and wanted to ask for some feedback.

No brainer.
>
> First off, the system is running a LAMP stack to serve a web
> application. It will only be doing email to send occasional messages
> out (sent via the application only). It will not be receiving email
> for any users. It is an CentOS 5.5 (fully updated) install running
> under VMware (esx, I believe). We are not sharing directories via nfs
> or samba (either from or to this virtual machine).
>
>>From my research, the services that I am thinking of turning off are:
> nfs (already off)

service nfs stop
chkconfig nfs off

Same for others.

Oh, and if you don't really need it, turn *off* avahi-daemon, and the same
for bluetooth, if you don't need it. Also, if you turn off the
avahi-daemon, close the port opened in iptables (edit
/etc/sysconfig/iptables and delete it, then restart iptables).

mark "in a *server* room? hardwired?"

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Disabling services in CentOS 5.5
 

Ski Dawg wrote:
> >From my research, the services that I am thinking of turning off are:
> nfs (already off)
> nfslock
> portmap
> rpccgssd
> rpcidmapd
> rpcsvcgssd
>

all safe to shut off if you're not serving NFS, NIS, etc.

> apci

power management. I believe you need acpid for things like screen saver.

> apmd

apmd isn't even installed on my servers, probably only used on legacy
pre-ACPI hardware.

> mdmpd
>

multipath device monitoring, would be required if you have multipath
disk IO, or ethernet, I believe.

> mdmonitor
>

should be running if you use mdraid or any other device mapper kind of
storage.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Disabling services in CentOS 5.5
 

The following NSA document provides very good information on the secure
configuration of Red Hat Enterprise Linux 5/CentOS 5.x:

Guide to the Secure Configuration of Red Hat Enterprise Linux 5
http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf

It goes through almost all the services and gives you guidance on
whether and how you should disable a service.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Disabling services in CentOS 5.5
 

Mark, John, and Miguel,

Thank you for the information. I will take all of this into
consideration with the rest of my research. I do appreciate your
feedback and help.
--
Doug

Registered Linux User #285548 (http://counter.li.org)
----------------------------------------
Never trust a computer you can't throw out a window.
-- Steve Wozniak



On Wed, Jun 16, 2010 at 3:06 PM, Ski Dawg <centos@skidawg.org> wrote:
> Hello all,
>
> I have been doing some searching for information about disabling
> services within a CentOS 5.5 install. I have found a few different
> opinions, and wanted to ask for some feedback.
>
> First off, the system is running a LAMP stack to serve a web
> application. It will only be doing email to send occasional messages
> out (sent via the application only). It will not be receiving email
> for any users. It is an CentOS 5.5 (fully updated) install running
> under VMware (esx, I believe). We are not sharing directories via nfs
> or samba (either from or to this virtual machine).
>
> From my research, the services that I am thinking of turning off are:
> nfs (already off)
> nfslock
> portmap
> rpccgssd
> rpcidmapd
> rpcsvcgssd
> apcid
> apmd
> mdmpd
> mdmonitor
>
> Is there any reason that I need to leave any of these services
> running? Are there others that I should disable as well?
>
> Any feedback about this would be greatly appreciated.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Disabling services in CentOS 5.5
 

www.cisecurity.org/tools2/linux/CIS_RHEL5_Benchmark_v1.1.pdf

contains very good paper how to harden centos/rhel installation.

--
Eero,
RHCE
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Disabling services in CentOS 5.5
 

On Wed, Jun 16, 2010 at 5:06 PM, Ski Dawg <centos@skidawg.org> wrote:
> Hello all,
>
> I have been doing some searching for information about disabling
> services within a CentOS 5.5 install. I have found a few different
> opinions, and wanted to ask for some feedback.
>
> First off, the system is running a LAMP stack to serve a web
> application. It will only be doing email to send occasional messages
> out (sent via the application only). It will not be receiving email
> for any users. It is an CentOS 5.5 (fully updated) install running
> under VMware (esx, I believe). We are not sharing directories via nfs
> or samba (either from or to this virtual machine).
>
> >From my research, the services that I am thinking of turning off are:
> nfs (already off)
> nfslock
> portmap
> rpccgssd
> rpcidmapd
> rpcsvcgssd
> apcid
> apmd
> mdmpd
> mdmonitor
>
> Is there any reason that I need to leave any of these services
> running? Are there others that I should disable as well?
>
> Any feedback about this would be greatly appreciated.
> --
> Doug
>
> Registered Linux User #285548 (http://counter.li.org)
> ----------------------------------------
> Never trust a computer you can't throw out a window.
> * -- Steve Wozniak
> _______________________________________________

For my VMware ESXi guests I always turn off the following

bluetooth
hidd
pcscd
smartd

Ryan
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos