Linux Determine which Services are Enabled at Boot

The best protection against vulnerable software is running less software. How do I find out which services are enabled at Boot under CentOS / RHEL / Fedora Linux? How do I disable software which is not needed?

Open terminal and login as root user.

Type the following command to list all services which are enabled at boot:
#chkconfig --list | grep $(runlevel | awk '{ print $2}'):on
Sample output:

acpid          	0:off	1:off	2:off	3:on	4:on	5:on	6:off
anacron        	0:off	1:off	2:on	3:on	4:on	5:on	6:off
atd            	0:off	1:off	2:off	3:on	4:on	5:on	6:off
auditd         	0:off	1:off	2:on	3:on	4:on	5:on	6:off
cpuspeed       	0:off	1:on	2:on	3:on	4:on	5:on	6:off
crond          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
dkms_autoinstaller	0:off	1:off	2:on	3:on	4:on	5:on	6:off
haldaemon      	0:off	1:off	2:off	3:on	4:on	5:on	6:off
hidd           	0:off	1:off	2:on	3:on	4:on	5:on	6:off
irqbalance     	0:off	1:off	2:on	3:on	4:on	5:on	6:off
kudzu          	0:off	1:off	2:off	3:on	4:on	5:on	6:off
lighttpd       	0:off	1:off	2:on	3:on	4:on	5:on	6:off
lm_sensors     	0:off	1:off	2:on	3:on	4:on	5:on	6:off
lvm2-monitor   	0:off	1:on	2:on	3:on	4:on	5:on	6:off
mcstrans       	0:off	1:off	2:on	3:on	4:on	5:on	6:off
mdmonitor      	0:off	1:off	2:on	3:on	4:on	5:on	6:off
messagebus     	0:off	1:off	2:off	3:on	4:on	5:on	6:off
microcode_ctl  	0:off	1:off	2:on	3:on	4:on	5:on	6:off
mysqld         	0:off	1:off	2:on	3:on	4:on	5:on	6:off
named          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
netfs          	0:off	1:off	2:off	3:on	4:on	5:on	6:off
network        	0:off	1:off	2:on	3:on	4:on	5:on	6:off
ntpd           	0:off	1:off	2:on	3:on	4:on	5:on	6:off
pcscd          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
psacct         	0:off	1:off	2:on	3:on	4:on	5:on	6:off
readahead_early	0:off	1:off	2:on	3:on	4:on	5:on	6:off
restorecond    	0:off	1:off	2:on	3:on	4:on	5:on	6:off
rhnsd          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
rpcgssd        	0:off	1:off	2:off	3:on	4:on	5:on	6:off
rpcidmapd      	0:off	1:off	2:off	3:on	4:on	5:on	6:off
sendmail       	0:off	1:off	2:on	3:on	4:on	5:on	6:off
setroubleshoot 	0:off	1:off	2:off	3:on	4:on	5:on	6:off
smartd         	0:off	1:off	2:on	3:on	4:on	5:on	6:off
snmpd          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
sshd           	0:off	1:off	2:on	3:on	4:on	5:on	6:off
stor_agent     	0:off	1:off	2:off	3:on	4:off	5:on	6:off
syslog         	0:off	1:off	2:on	3:on	4:on	5:on	6:off
sysstat        	0:off	1:off	2:on	3:on	4:off	5:on	6:off
vmware         	0:off	1:off	2:on	3:on	4:off	5:on	6:off
xfs            	0:off	1:off	2:on	3:on	4:on	5:on	6:off
xinetd         	0:off	1:off	2:off	3:on	4:on	5:on	6:off
yum-updatesd   	0:off	1:off	2:on	3:on	4:on	5:on	6:off

The first column of above output is the name of a service which is currently enabled at boot. You need to review each service.

Task: Disable service

To stop service, enter:
# service {service-name} stop
# service vmware stop

To disable service, enter:
# chkconfig {service-name} off
# chkconfig vmware off

You can also use ntsysv command to manage all services.

A note about outdated insecure service

All of the following services must be disabled to improve server security:

  1. Inetd and Xinetd (inetd xinetd) – Use direct services configured via SysV and daemons.
  2. Telnet (telnet-server) – Use ssh
  3. Rlogin, Rsh, and Rcp ( rsh-server ) – Use ssh and scp.
  4. NIS (ypserv) : Use OpenLDAP or Fedora directory server.
  5. TFTP (tftp-server) : Use SFTP or SSH.

To delete all of the service enter:
# yum erase inetd xinetd ypserv tftp-server telnet-server rsh-serve

A note about Debian / Ubuntu Linux

Please see my comment below, to find out which services are enabled at boot under Debian / Ubuntu Linux and disable software which is not needed.

Posted by: SXI ADMIN

The author is the creator of SXI LLC and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.