Auditing system services with systemctl
On Linux systems that come with
systemctl command is pretty much a universal command.
To view the status of services:
sudo systemctl -t service --state=active
-t service: We want to view information about the services – or, what used to be called daemons – on the system.
--state=active: This specifies that we want to view information about all the system services that are actually running.
This command shows the status of every service that’s running on your system. Generally, you do not want to see much information, although you might at times.
Candidates for removal
Depending on what the server is for:
nmbdindicates a Samba Process. Do you really need to export smb share on windows or other machine?
telnetfor bidirectional interactive text-oriented communication over internet or local area network?
rloginto log in to another host over network?
rexecto execute shell commands on a remote computer.
ftpto transfer files from one host to another host over Internet?
automountto mount different file systems automatically to bring up network file system?
namedto run NameServer (DNS)?
lpdto print to the server.
inetd? If you are running standalone applications like
sshwhich uses other standalone application like
Apache, etc. then you don’t need inetd.
portmap, an Open Network Computing Remote Procedure Call (ONC RPC) which uses
rpcbind. If these processes are running, you are running NFS server. Really? NFS server is running unnoticed?
Stop and disable
To stop a service, then prevent it from restarting at reboot:
sudo systemctl stop <service> sudo systemctl disable <service>
sudo systemctl stop smbd sudo systemctl disable smbd