Tuesday, August 18, 2009

Linux Determine which Services are Enabled at Boot

SkyHi @ Tuesday, August 18, 2009
The best protection against vulnerable software is running less software. How do I find out which services are enabled at Boot under CentOS / RHEL / Fedora Linux? How do I disable software which is not needed?

Open terminal and login as root user.

Type the following command to list all services which are enabled at boot:
#chkconfig --list | grep $(runlevel | awk '{ print $2}'):on
Sample output:

acpid 0:off 1:off 2:off 3:on 4:on 5:on 6:off
anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
dkms_autoinstaller 0:off 1:off 2:on 3:on 4:on 5:on 6:off
haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
hidd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
irqbalance 0:off 1:off 2:on 3:on 4:on 5:on 6:off
kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off
lighttpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
lm_sensors 0:off 1:off 2:on 3:on 4:on 5:on 6:off
lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:off
mcstrans 0:off 1:off 2:on 3:on 4:on 5:on 6:off
mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off
messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off
microcode_ctl 0:off 1:off 2:on 3:on 4:on 5:on 6:off
mysqld 0:off 1:off 2:on 3:on 4:on 5:on 6:off
named 0:off 1:off 2:on 3:on 4:on 5:on 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
pcscd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
psacct 0:off 1:off 2:on 3:on 4:on 5:on 6:off
readahead_early 0:off 1:off 2:on 3:on 4:on 5:on 6:off
restorecond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rhnsd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rpcgssd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
rpcidmapd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off
setroubleshoot 0:off 1:off 2:off 3:on 4:on 5:on 6:off
smartd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
snmpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
stor_agent 0:off 1:off 2:off 3:on 4:off 5:on 6:off
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sysstat 0:off 1:off 2:on 3:on 4:off 5:on 6:off
vmware 0:off 1:off 2:on 3:on 4:off 5:on 6:off
xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
yum-updatesd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

The first column of above output is the name of a service which is currently enabled at boot. You need to review each service.
Task: Disable service

To stop service, enter:
# service {service-name} stop
# service vmware stop
To disable service, enter:
# chkconfig {service-name} off
# chkconfig vmware off
You can also use ntsysv command to manage all services.
A note about outdated insecure service

All of the following services must be disabled to improve server security:

1. Inetd and Xinetd (inetd xinetd) - Use direct services configured via SysV and daemons.
2. Telnet (telnet-server) - Use ssh
3. Rlogin, Rsh, and Rcp ( rsh-server ) - Use ssh and scp.
4. NIS (ypserv) : Use OpenLDAP or Fedora directory server.
5. TFTP (tftp-server) : Use SFTP or SSH.

To delete all of the service enter:
# yum erase inetd xinetd ypserv tftp-server telnet-server rsh-serve