Re: [CentOS] Disabling services in CentOS 5.5
On Wed, Jun 16, 2010 at 5:06 PM, Ski Dawg cen...@skidawg.org wrote: Hello all, I have been doing some searching for information about disabling services within a CentOS 5.5 install. I have found a few different opinions, and wanted to ask for some feedback. First off, the system is running a LAMP stack to serve a web application. It will only be doing email to send occasional messages out (sent via the application only). It will not be receiving email for any users. It is an CentOS 5.5 (fully updated) install running under VMware (esx, I believe). We are not sharing directories via nfs or samba (either from or to this virtual machine). From my research, the services that I am thinking of turning off are: nfs (already off) nfslock portmap rpccgssd rpcidmapd rpcsvcgssd apcid apmd mdmpd mdmonitor Is there any reason that I need to leave any of these services running? Are there others that I should disable as well? Any feedback about this would be greatly appreciated. -- Doug Registered Linux User #285548 (http://counter.li.org) Never trust a computer you can't throw out a window. -- Steve Wozniak ___ For my VMware ESXi guests I always turn off the following bluetooth hidd pcscd smartd Ryan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Disabling services in CentOS 5.5
Mark, John, and Miguel, Thank you for the information. I will take all of this into consideration with the rest of my research. I do appreciate your feedback and help. -- Doug Registered Linux User #285548 (http://counter.li.org) Never trust a computer you can't throw out a window. -- Steve Wozniak On Wed, Jun 16, 2010 at 3:06 PM, Ski Dawg cen...@skidawg.org wrote: Hello all, I have been doing some searching for information about disabling services within a CentOS 5.5 install. I have found a few different opinions, and wanted to ask for some feedback. First off, the system is running a LAMP stack to serve a web application. It will only be doing email to send occasional messages out (sent via the application only). It will not be receiving email for any users. It is an CentOS 5.5 (fully updated) install running under VMware (esx, I believe). We are not sharing directories via nfs or samba (either from or to this virtual machine). From my research, the services that I am thinking of turning off are: nfs (already off) nfslock portmap rpccgssd rpcidmapd rpcsvcgssd apcid apmd mdmpd mdmonitor Is there any reason that I need to leave any of these services running? Are there others that I should disable as well? Any feedback about this would be greatly appreciated. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Disabling services in CentOS 5.5
www.cisecurity.org/tools2/linux/CIS_RHEL5_Benchmark_v1.1.pdf contains very good paper how to harden centos/rhel installation. -- Eero, RHCE ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Disabling services in CentOS 5.5
Hello all, I have been doing some searching for information about disabling services within a CentOS 5.5 install. I have found a few different opinions, and wanted to ask for some feedback. No brainer. First off, the system is running a LAMP stack to serve a web application. It will only be doing email to send occasional messages out (sent via the application only). It will not be receiving email for any users. It is an CentOS 5.5 (fully updated) install running under VMware (esx, I believe). We are not sharing directories via nfs or samba (either from or to this virtual machine). From my research, the services that I am thinking of turning off are: nfs (already off) service nfs stop chkconfig nfs off Same for others. Oh, and if you don't really need it, turn *off* avahi-daemon, and the same for bluetooth, if you don't need it. Also, if you turn off the avahi-daemon, close the port opened in iptables (edit /etc/sysconfig/iptables and delete it, then restart iptables). mark in a *server* room? hardwired? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Disabling services in CentOS 5.5
Ski Dawg wrote: From my research, the services that I am thinking of turning off are: nfs (already off) nfslock portmap rpccgssd rpcidmapd rpcsvcgssd all safe to shut off if you're not serving NFS, NIS, etc. apci power management. I believe you need acpid for things like screen saver. apmd apmd isn't even installed on my servers, probably only used on legacy pre-ACPI hardware. mdmpd multipath device monitoring, would be required if you have multipath disk IO, or ethernet, I believe. mdmonitor should be running if you use mdraid or any other device mapper kind of storage. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Disabling services in CentOS 5.5
The following NSA document provides very good information on the secure configuration of Red Hat Enterprise Linux 5/CentOS 5.x: Guide to the Secure Configuration of Red Hat Enterprise Linux 5 http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf It goes through almost all the services and gives you guidance on whether and how you should disable a service. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos