Disable Unnecessary Services
Services are programs that run in the background. Typically they listen on the network for connection requests using an assigned 'port' number which is essentially an ID number used by the operating system to identify the service to which network traffic is forwarded. To determine which services are running on a Linux PC and listening for network connections, open a command line terminal and type:
and press Enter and the output will list services by name and include the port number if they are listening for network requests.
Services that should be disabled and are most likely not in use include NFS, rsh, rlogin, rexec, rcp (the 'r' services), telnet server, ftp server, BIND, sendmail, exim, postfix, qmail (email services).
If services are listed that should not be running they should be disabled so that they do not run on startup. So to disable a service, first stop the service by typing:
service stop service-name
replacing 'service-name' with the name of the service you wish to stop. Then once the service has stopped, identify the exact name of the startup script for the service by typing:
ls -l /etc/rc.d/rc3.d/S*
and press Enter and then type:
ls -L /etc/rc.d/rc5.d/S*
and press Enter. The output of both commands will show services that start at run level 3 and 5 (run level 5 being graphical mode services). Then use the chkconfig utility to disable the service startup script from starting at boot up by typing the following:
chkconfig -levels 2345 script-name off
replacing 'script-name' with the name of the script to be disabled. Note that these command line operations require superuser permissions and also assume that the command line shell configuration includes the path to binaries for the commands specified. For some distributions such as Ubuntu, it is necessary to start each command with 'sudo' and then type the root or superuser password in order to execute the command. It may also be necessary to provide the full path to the utility binary in order to issue the command, for example:
rather than simply typing the command in order for the command to run.
Note that the Xinetd service is special in that it listens for requests on specified ports and when a connection request is received on one of the ports it starts the service associated with that port in order to handle the request. So to disable a service controlled by Xinetd navigate to the /etc/xinetd.d directory and find the file with the same name as that service then open the file and change the 'disable = no' attribute to 'disable = yes' and then save the change and then reboot the Linux PC or on the command line type:
service xinetd restart
in order for the changes to take effect.
Also, depending upon the distribution of Linux that is installed, it may be easier to access the graphical version of these same utilities. Look under the System or Administration section of the menus for the Services utility then open it and deselect services that should not run at startup and then save the setting.