Disable and Remove Unwanted Services on RHEL_CentOS 8 Minimal Installation

When you install RHEL/CentOS 8 Minimal, the system comes with a minimal set of pre-installed packages and services to keep the system lightweight and secure. However, over time, as you install new packages and services, your system can become bloated and vulnerable to security threats.

In this article, we will discuss how to disable and remove unwanted services and packages on RHEL/CentOS 8 Minimal installation. We will start by identifying unnecessary services and best practices for disabling them to ensure that your system remains secure and functional. Additionally, we will discuss how to remove any packages that are no longer needed, freeing up disk space and potentially reducing security vulnerabilities.

Checking Enabled Services

Before we start disabling services, we need to check which services are currently enabled on our system. To do this, we will use the systemctl command.

$ systemctl list-unit-files --type=service --state=enabled

This command will display a list of all enabled services on your system. Take note of the services that you want to disable.

Identifying Unnecessary Services

Before you can disable and remove unwanted services, you need to identify which services are necessary and which ones can be safely disabled. One way to do this is to examine the list of enabled services and look up their descriptions to determine what they do.

For example, the following command will show a list of all services along with their descriptions

$ systemctl list-unit-files --type=service --all --no-pager

You can then examine each service's description to determine whether it is necessary for your system.

Another approach is to use systemd-analyze to analyze your system's boot time and identify services that are slowing down the boot process

$ systemd-analyze blame

Services that are not critical to system operation and are slowing down the boot process can often be safely disabled.

Best Practices for Disabling Services

When disabling services, it is important to follow best practices to ensure that your system remains secure and functional. Here are a few tips

• Start by disabling non-critical services that you are sure you do not need. Be cautious when disabling critical services that are necessary for your system to function properly.

• Keep a record of the services you disable so that you can easily re-enable them if necessary.

• Always test your system after disabling services to ensure that it is still functioning correctly.

• Periodically review the list of disabled services to ensure that they are still not needed.

Disabling a Service

Once you have identified the services that you want to disable, you can use the systemctl command to stop and disable them. For example, if you want to disable the postfix service, you would run the following commands

$ sudo systemctl stop postfix
$ sudo systemctl disable postfix

The stop command will immediately stop the service if it is currently running, and the disable command will prevent the service from starting automatically on system boot.

Common Services to Disable

While the services that you need to disable will depend on your specific use case, here are common services that you may want to consider disabling on a minimal installation of RHEL/CentOS 8.

Disabling FirewallD

FirewallD manages the firewall on your system. If you are running your system behind a hardware firewall, you may disable it

$ sudo systemctl stop firewalld
$ sudo systemctl disable firewalld

Disabling NetworkManager

NetworkManager manages network connections dynamically. If you are running a server with static network configuration, you can disable this service

$ sudo systemctl stop NetworkManager
$ sudo systemctl disable NetworkManager

Disabling Postfix

Postfix is a mail transfer agent used to send and receive email. If you are not using your system for email, you can disable this service

$ sudo systemctl stop postfix
$ sudo systemctl disable postfix

Disabling Avahi

Avahi provides zero-configuration networking, allowing devices to discover each other on the same network. If you do not require this functionality, you can disable it

$ sudo systemctl stop avahi-daemon.socket
$ sudo systemctl disable avahi-daemon.socket

Removing Unwanted Packages

In addition to disabling services, you may also want to remove packages that are no longer needed. Unused packages can take up disk space and potentially introduce security vulnerabilities.

To list all installed packages that are not dependencies of any other package

$ sudo dnf repoquery --unneeded --installed

You can then remove any unnecessary packages using the following command

$ sudo dnf remove <package-name>

For example, to completely remove postfix and its configuration files

$ sudo dnf remove postfix

To remove avahi-related packages

$ sudo dnf remove avahi-autoipd avahi-libs avahi-tools

Verifying Changes

After disabling services and removing packages, it is important to verify that your system is still functioning correctly. You can check the status of your system using the following commands

$ systemctl list-units --type=service --state=running
$ systemctl list-unit-files --type=service --state=enabled

Check that all necessary services are running and there are no errors. You can also verify boot performance improvement

$ systemd-analyze time

Conclusion

Disabling and removing unwanted services and packages on RHEL/CentOS 8 Minimal is a critical step in maintaining a secure and stable system. By following these practices, you reduce your system's attack surface, free up disk space, and improve boot performance. Remember to periodically audit your system and always test changes to ensure proper functionality.