Linux Determine which Services are Enabled at Boot

Author: Last updated: April 7, 2009 9 comments

The best protection against vulnerable software is running less software. How do I find out which services are enabled at Boot under CentOS / RHEL / Fedora Linux? How do I disable software which is not needed?

Open terminal and login as root user.

ADVERTISEMENTS

Type the following command to list all services which are enabled at boot:
#chkconfig --list | grep $(runlevel | awk '{ print $2}'):on
Sample output:

acpid          	0:off	1:off	2:off	3:on	4:on	5:on	6:off
anacron        	0:off	1:off	2:on	3:on	4:on	5:on	6:off
atd            	0:off	1:off	2:off	3:on	4:on	5:on	6:off
auditd         	0:off	1:off	2:on	3:on	4:on	5:on	6:off
cpuspeed       	0:off	1:on	2:on	3:on	4:on	5:on	6:off
crond          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
dkms_autoinstaller	0:off	1:off	2:on	3:on	4:on	5:on	6:off
haldaemon      	0:off	1:off	2:off	3:on	4:on	5:on	6:off
hidd           	0:off	1:off	2:on	3:on	4:on	5:on	6:off
irqbalance     	0:off	1:off	2:on	3:on	4:on	5:on	6:off
kudzu          	0:off	1:off	2:off	3:on	4:on	5:on	6:off
lighttpd       	0:off	1:off	2:on	3:on	4:on	5:on	6:off
lm_sensors     	0:off	1:off	2:on	3:on	4:on	5:on	6:off
lvm2-monitor   	0:off	1:on	2:on	3:on	4:on	5:on	6:off
mcstrans       	0:off	1:off	2:on	3:on	4:on	5:on	6:off
mdmonitor      	0:off	1:off	2:on	3:on	4:on	5:on	6:off
messagebus     	0:off	1:off	2:off	3:on	4:on	5:on	6:off
microcode_ctl  	0:off	1:off	2:on	3:on	4:on	5:on	6:off
mysqld         	0:off	1:off	2:on	3:on	4:on	5:on	6:off
named          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
netfs          	0:off	1:off	2:off	3:on	4:on	5:on	6:off
network        	0:off	1:off	2:on	3:on	4:on	5:on	6:off
ntpd           	0:off	1:off	2:on	3:on	4:on	5:on	6:off
pcscd          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
psacct         	0:off	1:off	2:on	3:on	4:on	5:on	6:off
readahead_early	0:off	1:off	2:on	3:on	4:on	5:on	6:off
restorecond    	0:off	1:off	2:on	3:on	4:on	5:on	6:off
rhnsd          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
rpcgssd        	0:off	1:off	2:off	3:on	4:on	5:on	6:off
rpcidmapd      	0:off	1:off	2:off	3:on	4:on	5:on	6:off
sendmail       	0:off	1:off	2:on	3:on	4:on	5:on	6:off
setroubleshoot 	0:off	1:off	2:off	3:on	4:on	5:on	6:off
smartd         	0:off	1:off	2:on	3:on	4:on	5:on	6:off
snmpd          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
sshd           	0:off	1:off	2:on	3:on	4:on	5:on	6:off
stor_agent     	0:off	1:off	2:off	3:on	4:off	5:on	6:off
syslog         	0:off	1:off	2:on	3:on	4:on	5:on	6:off
sysstat        	0:off	1:off	2:on	3:on	4:off	5:on	6:off
vmware         	0:off	1:off	2:on	3:on	4:off	5:on	6:off
xfs            	0:off	1:off	2:on	3:on	4:on	5:on	6:off
xinetd         	0:off	1:off	2:off	3:on	4:on	5:on	6:off
yum-updatesd   	0:off	1:off	2:on	3:on	4:on	5:on	6:off

The first column of above output is the name of a service which is currently enabled at boot. You need to review each service.

Task: Disable service

To stop service, enter:
# service {service-name} stop
# service vmware stop
To disable service, enter:
# chkconfig {service-name} off
# chkconfig vmware off
You can also use ntsysv command to manage all services.

A note about outdated insecure service

All of the following services must be disabled to improve server security:

  1. Inetd and Xinetd (inetd xinetd) – Use direct services configured via SysV and daemons.
  2. Telnet (telnet-server) – Use ssh
  3. Rlogin, Rsh, and Rcp ( rsh-server ) – Use ssh and scp.
  4. NIS (ypserv) : Use OpenLDAP or Fedora directory server.
  5. TFTP (tftp-server) : Use SFTP or SSH.

To delete all of the service enter:
# yum erase inetd xinetd ypserv tftp-server telnet-server rsh-serve

A note about Debian / Ubuntu Linux

Please see my comment below, to find out which services are enabled at boot under Debian / Ubuntu Linux and disable software which is not needed.

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
UP NEXT
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
9 comments… add one
  • Diddi Apr 7, 2009 @ 10:11

    What about debian systems? How is this done?

    Reply Link
    • 🐧 nixCraft Apr 7, 2009 @ 10:31

      To list all boot time enabled services use the following costume shell code (type at command prompt):

      R=$(runlevel  | awk '{ print $2}')
for s in /etc/rc${R}.d/*; do  basename $s | grep '^S' | sed 's/S[0-9].//g' ;done

      Sample output:

      policykit
vbesave
acpid
powernowd.early
sysklogd
xserver-xorg-input-wacom
klogd
dbus
avahi-daemon
dnsmasq
mysql-ndb-mgm
mysql-ndb
mysql
acct
apmd
apport
argus-server
dkms_autoinstaller
fancontrol
festival
hddtemp
ipmievd
nscd
scanlogd
sysstat
tcpspy
varnish
vboxdrv
vsftpd
winbind
aumix
dhcdbd
hal
pulseaudio
gdm
squid
system-tools-backends
radvd
anacron
atd
cron
binfmt-support
tomcat5.5
apache2
usplash
acpi-support
laptop-mode
rc.local
rmnologin
stop-readahead

      To turn off service use T-GUI tools like rcconf or simply type:
      update-rc.d -f {service-name} remove
      update-rc.d {service-name} stop 20 2 3 4 5 .
      For example, remove apache2, enter:

       update-rc.d -f apache2 remove
 update-rc.d apache2 stop 20 2 3 4 5 .

      Use rcconf tool to view enabled services. See the following posts for more info about Debian / Ubuntu services:

      HTH

      Reply Link
  • Hamid Apr 7, 2009 @ 10:55

    in debian systems you can use aptitude
    search via packages with /
    and install or uninstall them by + or –

    Reply Link
  • Matteo Apr 7, 2009 @ 15:17

    For gentoo use the rc-update command:
    # rc-update show
    to show actual daemons starting on boot/default runlevel.
    To add new services on default runlevel just type
    rc-update add default
    or
    # man rc-update
    for more info on how to use it.

    Reply Link
  • Matteo Apr 7, 2009 @ 15:21

    ERRATA: the above comment obviously lacks something.
    To add a new service starting at the default runlevel type
    rc-update add my-init-script default
    (I put my-init-script between angle brackets, and the board tried to interpret it as an html tag)

    Reply Link
  • 🐧 nixCraft Apr 7, 2009 @ 16:55

    Matteo,

    Thanks for sharing Gentoo specific info.

    Reply Link
  • Kurt Smolderen Apr 8, 2009 @ 11:32

    For Ubuntu, it has to be noted the update-rc.d man-page says update-rc.d should not be used to manually manipulated list of services to start. Instead, it is advised to manually edit the simlinks directly (found at /etc/rc{runlevel}.d) or to use an editor like sysv-rc-conf.

    Reply Link
  • jrush Apr 19, 2009 @ 13:37

    on Ubuntu you can use sysv-rc-conf not only as editor:
    root@hostname:/# sysv-rc-conf –help
    Usage:
    sysv-rc-conf [ *options* ]

    sysv-rc-conf –list [ *service* ]

    sysv-rc-conf [ –level *levels* ] *service*

    Reply Link
  • Swan Jun 23, 2009 @ 19:44

    On Redhat or most of redhat based linux :
    # setup
    and then select “System Services”
    That should take care everything………..

    Happy Linuxing …….

    Reply Link

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.

Next FAQ:

Previous FAQ: