Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
Disable and Remove Unwanted Services on RHEL_CentOS 8 Minimal Installation
When you install RHEL/CentOS 8 Minimal, the system comes with a minimal set of pre-installed packages and services to keep the system lightweight and secure. However, over time, as you install new packages and services, your system can become bloated and vulnerable to security threats.
In this article, we will discuss how to disable and remove unwanted services and packages on RHEL/CentOS 8 Minimal installation. We will start by identifying unnecessary services and best practices for disabling them to ensure that your system remains secure and functional. Additionally, we will discuss how to remove any packages that are no longer needed, freeing up disk space and potentially reducing security vulnerabilities. By following these steps, you can keep your system lean and secure, improving overall system performance and reliability.
Checking Enabled Services
Before we start disabling services, we need to check which services are currently enabled on our system. To do this, we will use the systemctl command.
$ systemctl list-unit-files --type=service --state=enabled
This command will display a list of all enabled services on your system. Take note of the services that you want to disable.
Identifying unnecessary services
Before you can disable and remove unwanted services, you need to identify which services are necessary and which ones can be safely disabled. One way to do this is to examine the list of enabled services and look up their descriptions to determine what they do.
For example, the following command will show a list of all enabled services along with their descriptions −
systemctl list-unit-files --type=service --all --no-pager
You can then examine each service's description to determine whether it is necessary for your system.
Another approach is to use a tool like systemd-analyze to analyze your system's boot time and identify services that are slowing down the boot process. Services that are not critical to system operation and are slowing down the boot process can often be safely disabled.
Best practices for disabling services
When disabling services, it is important to follow best practices to ensure that your system remains secure and functional. Here are a few tips −
Start by disabling non-critical services that you are sure you do not need. Be cautious when disabling critical services that are necessary for your system to function properly.
Keep a record of the services you disable so that you can easily re-enable them if necessary.
Always test your system after disabling services to ensure that it is still functioning correctly.
Periodically review the list of disabled services to ensure that they are still not needed.
Disabling a Service
Once you have identified the services that you want to disable, you can use the systemctl command to stop and disable them. For example, if you want to disable the postfix service, you would run the following commands −
$ sudo systemctl stop postfix $ sudo systemctl disable postfix
The stop command will immediately stop the service if it is currently running, and the disable command will prevent the service from starting automatically on system boot.
Removing unwanted services
Now that we have disabled the unnecessary services, we can remove them from our system to free up disk space and reduce the attack surface of our system.
List enabled services
To list all enabled services, run the following command −
systemctl list-unit-files --type=service | grep enabled
This will show a list of all enabled services. You can remove any service you don't need using the following command −
sudo systemctl disable <service-name>.service
For example, to disable the "postfix" service, you can use the following command −
sudo systemctl disable postfix.service
Common Services to Disable/Remove
While the services that you need to disable or remove will depend on your specific use case, there are a few common services that you may want to consider disabling or removing on a minimal installation of RHEL/CentOS 8.
FirewallD
FirewallD is a service that manages the firewall on your system. While it is important for security, you may not need it if you are running your system behind a hardware firewall. To disable FirewallD, run the following commands −
$ sudo systemctl stop firewalld $ sudo systemctl disable firewalld
NetworkManager
NetworkManager is a service that manages network connections on your system. If you are running your system on a server that does not require frequent network changes, you can disable this service. To disable NetworkManager, run the following commands −
$ sudo systemctl stop NetworkManager $ sudo systemctl disable NetworkManager
Postfix
Postfix is a mail transfer agent (MTA) that is used to send and receive email on your system. If you are not using your system for email, you can disable and remove this service. To disable and remove Postfix, run the following commands −
$ sudo systemctl stop postfix $ sudo systemctl disable postfix $ sudo yum remove postfix
Avahi
Avahi is a service that is used for zero-configuration networking, allowing devices to discover and communicate with each other on the same network. If you do not require this functionality, you can disable and remove this service. To disable and remove Avahi, run the following commands −
$ sudo systemctl stop avahi-daemon.socket $ sudo systemctl disable avahi-daemon.socket $ sudo yum remove avahi-autoipd avahi-libs avahi-tools
Removing unwanted packages
In addition to removing unwanted services, you may also want to remove any packages that are no longer needed. Unused packages can take up disk space and potentially introduce security vulnerabilities.
To list all installed packages that are not dependencies of any other package, run the following command −
sudo dnf repoquery --unneeded --installed
You can then remove any unnecessary packages using the following command −
sudo dnf remove <package-name>
Be careful when removing packages, as some packages may be necessary for the proper functioning of other packages.
Verify changes
After removing the services and unused packages, it is a good practice to verify that your system is still functioning correctly. You can check the status of your system using the following command −
systemctl list-units --type=service
This will show a list of all services that are currently running on your system. Check that all the necessary services are running and there are no errors.
Conclusion
Disabling and removing unwanted services and packages on RHEL/CentOS 8 Minimal is a critical step in maintaining a secure and stable system. By disabling unnecessary services, you can reduce your system's attack surface and minimize the number of potential vulnerabilities. Removing unused packages also helps to reduce the disk space used by your system, making it more efficient and improving its performance.
We have discussed several ways to identify and disable unnecessary services, including using the systemctl command and examining system logs. Additionally, we have covered the process of removing packages using the yum and dnf package managers. By following these steps, you can keep your system lean, secure, and running efficiently.
We highly recommend periodically auditing your system for unnecessary services and packages and disabling/removing them as necessary to ensure that your system remains secure and optimized. With a little bit of effort and attention to detail, you can keep your system running smoothly and reduce the risk of security breaches.
675 Views
