Linux Determine which Services are Enabled at Boot

The best protection against vulnerable software is running less software. How do I find out which services are enabled at Boot under CentOS / RHEL / Fedora Linux? How do I disable software which is not needed?

Open terminal and login as root user.

ADVERTISEMENTS

Type the following command to list all services which are enabled at boot:
#chkconfig --list | grep $(runlevel | awk '{ print $2}'):on
Sample output:

acpid          	0:off	1:off	2:off	3:on	4:on	5:on	6:off
anacron        	0:off	1:off	2:on	3:on	4:on	5:on	6:off
atd            	0:off	1:off	2:off	3:on	4:on	5:on	6:off
auditd         	0:off	1:off	2:on	3:on	4:on	5:on	6:off
cpuspeed       	0:off	1:on	2:on	3:on	4:on	5:on	6:off
crond          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
dkms_autoinstaller	0:off	1:off	2:on	3:on	4:on	5:on	6:off
haldaemon      	0:off	1:off	2:off	3:on	4:on	5:on	6:off
hidd           	0:off	1:off	2:on	3:on	4:on	5:on	6:off
irqbalance     	0:off	1:off	2:on	3:on	4:on	5:on	6:off
kudzu          	0:off	1:off	2:off	3:on	4:on	5:on	6:off
lighttpd       	0:off	1:off	2:on	3:on	4:on	5:on	6:off
lm_sensors     	0:off	1:off	2:on	3:on	4:on	5:on	6:off
lvm2-monitor   	0:off	1:on	2:on	3:on	4:on	5:on	6:off
mcstrans       	0:off	1:off	2:on	3:on	4:on	5:on	6:off
mdmonitor      	0:off	1:off	2:on	3:on	4:on	5:on	6:off
messagebus     	0:off	1:off	2:off	3:on	4:on	5:on	6:off
microcode_ctl  	0:off	1:off	2:on	3:on	4:on	5:on	6:off
mysqld         	0:off	1:off	2:on	3:on	4:on	5:on	6:off
named          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
netfs          	0:off	1:off	2:off	3:on	4:on	5:on	6:off
network        	0:off	1:off	2:on	3:on	4:on	5:on	6:off
ntpd           	0:off	1:off	2:on	3:on	4:on	5:on	6:off
pcscd          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
psacct         	0:off	1:off	2:on	3:on	4:on	5:on	6:off
readahead_early	0:off	1:off	2:on	3:on	4:on	5:on	6:off
restorecond    	0:off	1:off	2:on	3:on	4:on	5:on	6:off
rhnsd          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
rpcgssd        	0:off	1:off	2:off	3:on	4:on	5:on	6:off
rpcidmapd      	0:off	1:off	2:off	3:on	4:on	5:on	6:off
sendmail       	0:off	1:off	2:on	3:on	4:on	5:on	6:off
setroubleshoot 	0:off	1:off	2:off	3:on	4:on	5:on	6:off
smartd         	0:off	1:off	2:on	3:on	4:on	5:on	6:off
snmpd          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
sshd           	0:off	1:off	2:on	3:on	4:on	5:on	6:off
stor_agent     	0:off	1:off	2:off	3:on	4:off	5:on	6:off
syslog         	0:off	1:off	2:on	3:on	4:on	5:on	6:off
sysstat        	0:off	1:off	2:on	3:on	4:off	5:on	6:off
vmware         	0:off	1:off	2:on	3:on	4:off	5:on	6:off
xfs            	0:off	1:off	2:on	3:on	4:on	5:on	6:off
xinetd         	0:off	1:off	2:off	3:on	4:on	5:on	6:off
yum-updatesd   	0:off	1:off	2:on	3:on	4:on	5:on	6:off

The first column of above output is the name of a service which is currently enabled at boot. You need to review each service.

Task: Disable service

To stop service, enter:
# service {service-name} stop # service vmware stop
To disable service, enter:
# chkconfig {service-name} off # chkconfig vmware off
You can also use ntsysv command to manage all services.

A note about outdated insecure service

All of the following services must be disabled to improve server security:

Inetd and Xinetd (inetd xinetd) – Use direct services configured via SysV and daemons.
Telnet (telnet-server) – Use ssh
Rlogin, Rsh, and Rcp ( rsh-server ) – Use ssh and scp.
NIS (ypserv) : Use OpenLDAP or Fedora directory server.
TFTP (tftp-server) : Use SFTP or SSH.

To delete all of the service enter:
# yum erase inetd xinetd ypserv tftp-server telnet-server rsh-serve

A note about Debian / Ubuntu Linux

Please see my comment below, to find out which services are enabled at boot under Debian / Ubuntu Linux and disable software which is not needed.

UP NEXT

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

ADVERTISEMENTS

9 comment

What about debian systems? How is this done?

To list all boot time enabled services use the following costume shell code (type at command prompt):

R=$(runlevel  | awk '{ print $2}')
for s in /etc/rc${R}.d/*; do  basename $s | grep '^S' | sed 's/S[0-9].//g' ;done

Sample output:

policykit
vbesave
acpid
powernowd.early
sysklogd
xserver-xorg-input-wacom
klogd
dbus
avahi-daemon
dnsmasq
mysql-ndb-mgm
mysql-ndb
mysql
acct
apmd
apport
argus-server
dkms_autoinstaller
fancontrol
festival
hddtemp
ipmievd
nscd
scanlogd
sysstat
tcpspy
varnish
vboxdrv
vsftpd
winbind
aumix
dhcdbd
hal
pulseaudio
gdm
squid
system-tools-backends
radvd
anacron
atd
cron
binfmt-support
tomcat5.5
apache2
usplash
acpi-support
laptop-mode
rc.local
rmnologin
stop-readahead

To turn off service use T-GUI tools like rcconf or simply type:
update-rc.d -f {service-name} remove update-rc.d {service-name} stop 20 2 3 4 5 .For example, remove apache2, enter:

 update-rc.d -f apache2 remove
 update-rc.d apache2 stop 20 2 3 4 5 .

Use rcconf tool to view enabled services. See the following posts for more info about Debian / Ubuntu services:

HTH

in debian systems you can use aptitude
search via packages with /
and install or uninstall them by + or –

For gentoo use the rc-update command:
# rc-update show
to show actual daemons starting on boot/default runlevel.
To add new services on default runlevel just type
rc-update add default
or
# man rc-update
for more info on how to use it.

ERRATA: the above comment obviously lacks something.
To add a new service starting at the default runlevel type
rc-update add my-init-script default
(I put my-init-script between angle brackets, and the board tried to interpret it as an html tag)

Matteo,

Thanks for sharing Gentoo specific info.

For Ubuntu, it has to be noted the update-rc.d man-page says update-rc.d should not be used to manually manipulated list of services to start. Instead, it is advised to manually edit the simlinks directly (found at /etc/rc{runlevel}.d) or to use an editor like sysv-rc-conf.

on Ubuntu you can use sysv-rc-conf not only as editor:
root@hostname:/# sysv-rc-conf –help
Usage:
sysv-rc-conf [ *options* ]

sysv-rc-conf –list [ *service* ]

sysv-rc-conf [ –level *levels* ] *service*

On Redhat or most of redhat based linux :
# setup
and then select “System Services”
That should take care everything………..

Happy Linuxing …….

Diddi says:
April 7, 2009 at 10:11 am
What about debian systems? How is this done?
1. nixCraft says:
  April 7, 2009 at 10:31 am
  To list all boot time enabled services use the following costume shell code (type at command prompt):
```
R=$(runlevel  | awk '{ print $2}')
for s in /etc/rc${R}.d/*; do  basename $s | grep '^S' | sed 's/S[0-9].//g' ;done
```
  Sample output:
```
policykit
vbesave
acpid
powernowd.early
sysklogd
xserver-xorg-input-wacom
klogd
dbus
avahi-daemon
dnsmasq
mysql-ndb-mgm
mysql-ndb
mysql
acct
apmd
apport
argus-server
dkms_autoinstaller
fancontrol
festival
hddtemp
ipmievd
nscd
scanlogd
sysstat
tcpspy
varnish
vboxdrv
vsftpd
winbind
aumix
dhcdbd
hal
pulseaudio
gdm
squid
system-tools-backends
radvd
anacron
atd
cron
binfmt-support
tomcat5.5
apache2
usplash
acpi-support
laptop-mode
rc.local
rmnologin
stop-readahead
```
  To turn off service use T-GUI tools like rcconf or simply type:
  update-rc.d -f {service-name} remove update-rc.d {service-name} stop 20 2 3 4 5 .For example, remove apache2, enter:
```
 update-rc.d -f apache2 remove
 update-rc.d apache2 stop 20 2 3 4 5 .
```
  Use rcconf tool to view enabled services. See the following posts for more info about Debian / Ubuntu services:
  - Ubuntu / Debian Linux: Services Configuration Tool to Start / Stop System Services
  - Debian or Ubuntu Linux runlevel configuration tool to start service
  HTH
Hamid says:
April 7, 2009 at 10:55 am
in debian systems you can use aptitude
search via packages with /
and install or uninstall them by + or –
Matteo says:
April 7, 2009 at 3:17 pm
For gentoo use the rc-update command:
# rc-update show
to show actual daemons starting on boot/default runlevel.
To add new services on default runlevel just type
rc-update add default
or
# man rc-update
for more info on how to use it.
Matteo says:
April 7, 2009 at 3:21 pm
ERRATA: the above comment obviously lacks something.
To add a new service starting at the default runlevel type
rc-update add my-init-script default
(I put my-init-script between angle brackets, and the board tried to interpret it as an html tag)
nixCraft says:
April 7, 2009 at 4:55 pm
Matteo,
Thanks for sharing Gentoo specific info.
Kurt Smolderen says:
April 8, 2009 at 11:32 am
For Ubuntu, it has to be noted the update-rc.d man-page says update-rc.d should not be used to manually manipulated list of services to start. Instead, it is advised to manually edit the simlinks directly (found at /etc/rc{runlevel}.d) or to use an editor like sysv-rc-conf.
jrush says:
April 19, 2009 at 1:37 pm
on Ubuntu you can use sysv-rc-conf not only as editor:
root@hostname:/# sysv-rc-conf –help
Usage:
sysv-rc-conf [ *options* ]
sysv-rc-conf –list [ *service* ]
sysv-rc-conf [ –level *levels* ] *service*
Swan says:
June 23, 2009 at 7:44 pm
On Redhat or most of redhat based linux :
# setup
and then select “System Services”
That should take care everything………..
Happy Linuxing …….

Task: Disable service

A note about outdated insecure service

A note about Debian / Ubuntu Linux

Posted by: Vivek Gite

<img class="comments-image" src="https://www.cyberciti.biz/faq/wp-content/themes/cybercity/assets/images/comment.png" title="Comments"> 9 comment

Leave a Comment Cancel reply

9 comment