How can I disable many services on my system ?

[Johnthom]

Hi all,

I am new to Linux OS ( previously I'm used to using MS Windows NT ). I have just installed a Red Hat Linux computer as mail server for my company, and I would like to disable all unnecessary servies except main servicces for mail server function. Please tell me services I should disable, serivecs I should enable so that my computer is quite secure. And how to disable a service on my computer. And how to verify that done well ? What software I can use to for that verifying purpose. Please expalain me as much as possible.

All your help would be appriciated.

John THom

 

[RhythmAce]

If you are new to linux, you might try downloading a program from

http://www.webmin.com.

Webmin can help you with setting up servers as well as starting and stopping services and a bunch of other stuff. Good luck.

 

[krischrist]

Hi,
You can try 'ntsysv' at the command prompt and disable the services or the daemons you don't want.

Krischrist
regards

http://krischrist.tripod.com

http://krischrist.xaper.com

 

[Nostradamus]

You can issue the command 'ps -ef | more' to see what processes is running. Just a good command to know. /Sören

 

[ifincham]

Hi,

With redhat I find it is easiest to use 'chkconfig'. This controls both the services that are initiated through the sysv init process (at different run-levels) and via xinted (which is a 'super-server' that loads various servers like telnet & ftp on demand).

To see what is active do :

/sbin/chkconfig --list

The top part is the sysv stuff and tells you whether a service is on or off at the various runlevels which are :

0 — Halt
1 — Single-user mode
2 — Multi-user mode, without networking
3 — Full multi-user mode
4 — Not used
5 — Full multi-user mode (with an X-based login screen)
6 — Reboot

(NB the above run-levels are REDHAT specific - other distros are not necessarily the same)

You can turn off sysv services like this :

/sbin/chkconfig --level 2345 httpd off

and xinetd services :

/sbin/chkconfig telnet off

There are other (manual) ways of acheiving the same result but this is definitely easiest on Redhat.

Rgds

 

[Guest_imported]

If it is RH 7.1, many services are maintained by separate config files inside of /etc/xinetd.d. look at those with a text editor (emacs, vi) and make sure that they all contain the line: "disable = yes".

also, do you know if you are using ipchains? if you choose RH 7.1 security settings during the install, ipchains is the network filter installed with it. run the command "ipchains -L" and if it lists a bunch of rules, you are using ipchains. you can then run the command "lokkit" which will bring up an interface for locking down network connections to the machine. choose "high" security settings, then choose "custom" and open up only the smtp port (or smtp and ssh if you need remote management). that way, all ports on the box will be closed except the smtp port. closing all ports except smtp will provide a ton of extra security (not total security, but it's a good step).

if you're not using ipchains, then i think RH 7.1 uses iptables. i don't know much about these yet since i am still using ipchains, but i would suggest that you get the filtering rules down to open only the ports that are needed.