> Hello all,
>
> I have been doing some searching for information about disabling
> services within a CentOS 5.5 install. I have found a few different
> opinions, and wanted to ask for some feedback.
No brainer.
>
> First off, the system is running a LAMP stack to serve a web
> application. It will only be doing email to send occasional messages
> out (sent via the application only). It will not be receiving email
> for any users. It is an CentOS 5.5 (fully updated) install running
> under VMware (esx, I believe). We are not sharing directories via nfs
> or samba (either from or to this virtual machine).
>
>>From my research, the services that I am thinking of turning off are:
> nfs (already off)
service nfs stop
chkconfig nfs off
Same for others.
Oh, and if you don't really need it, turn *off* avahi-daemon, and the same
for bluetooth, if you don't need it. Also, if you turn off the
avahi-daemon, close the port opened in iptables (edit
/etc/sysconfig/iptables and delete it, then restart iptables).
mark "in a *server* room? hardwired?"
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
06-16-2010, 09:28 PM
John R Pierce
Disabling services in CentOS 5.5
Ski Dawg wrote:
> >From my research, the services that I am thinking of turning off are:
> nfs (already off)
> nfslock
> portmap
> rpccgssd
> rpcidmapd
> rpcsvcgssd
>
all safe to shut off if you're not serving NFS, NIS, etc.
> apci
power management. I believe you need acpid for things like screen saver.
> apmd
apmd isn't even installed on my servers, probably only used on legacy
pre-ACPI hardware.
> mdmpd
>
multipath device monitoring, would be required if you have multipath
disk IO, or ethernet, I believe.
> mdmonitor
>
should be running if you use mdraid or any other device mapper kind of
storage.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
06-16-2010, 09:35 PM
Miguel Medalha
Disabling services in CentOS 5.5
The following NSA document provides very good information on the secure
configuration of Red Hat Enterprise Linux 5/CentOS 5.x:
Guide to the Secure Configuration of Red Hat Enterprise Linux 5
http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf
It goes through almost all the services and gives you guidance on
whether and how you should disable a service.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
06-18-2010, 03:32 AM
Ski Dawg
Disabling services in CentOS 5.5
Mark, John, and Miguel,
Thank you for the information. I will take all of this into
consideration with the rest of my research. I do appreciate your
feedback and help.
--
Doug
Registered Linux User #285548 (http://counter.li.org)
----------------------------------------
Never trust a computer you can't throw out a window.
-- Steve Wozniak
On Wed, Jun 16, 2010 at 3:06 PM, Ski Dawg <centos@skidawg.org> wrote:
> Hello all,
>
> I have been doing some searching for information about disabling
> services within a CentOS 5.5 install. I have found a few different
> opinions, and wanted to ask for some feedback.
>
> First off, the system is running a LAMP stack to serve a web
> application. It will only be doing email to send occasional messages
> out (sent via the application only). It will not be receiving email
> for any users. It is an CentOS 5.5 (fully updated) install running
> under VMware (esx, I believe). We are not sharing directories via nfs
> or samba (either from or to this virtual machine).
>
> From my research, the services that I am thinking of turning off are:
> nfs (already off)
> nfslock
> portmap
> rpccgssd
> rpcidmapd
> rpcsvcgssd
> apcid
> apmd
> mdmpd
> mdmonitor
>
> Is there any reason that I need to leave any of these services
> running? Are there others that I should disable as well?
>
> Any feedback about this would be greatly appreciated.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
contains very good paper how to harden centos/rhel installation.
--
Eero,
RHCE
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
06-19-2010, 02:59 AM
Ryan Wagoner
Disabling services in CentOS 5.5
On Wed, Jun 16, 2010 at 5:06 PM, Ski Dawg <centos@skidawg.org> wrote:
> Hello all,
>
> I have been doing some searching for information about disabling
> services within a CentOS 5.5 install. I have found a few different
> opinions, and wanted to ask for some feedback.
>
> First off, the system is running a LAMP stack to serve a web
> application. It will only be doing email to send occasional messages
> out (sent via the application only). It will not be receiving email
> for any users. It is an CentOS 5.5 (fully updated) install running
> under VMware (esx, I believe). We are not sharing directories via nfs
> or samba (either from or to this virtual machine).
>
> >From my research, the services that I am thinking of turning off are:
> nfs (already off)
> nfslock
> portmap
> rpccgssd
> rpcidmapd
> rpcsvcgssd
> apcid
> apmd
> mdmpd
> mdmonitor
>
> Is there any reason that I need to leave any of these services
> running? Are there others that I should disable as well?
>
> Any feedback about this would be greatly appreciated.
> --
> Doug
>
> Registered Linux User #285548 (http://counter.li.org)
> ----------------------------------------
> Never trust a computer you can't throw out a window.
> * -- Steve Wozniak
> _______________________________________________
For my VMware ESXi guests I always turn off the following
bluetooth
hidd
pcscd
smartd
Ryan
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Disabling services in CentOS 5.5
