Which services to disable on a CentOs 5.8 web/database server?

Mr.Boon asked:

I have just setup my CentOS 5.8 64 [final] server as a webserver.

Specs: 2x E5620 Intel CPU, DDR3 RAM, Hardware Adaptec RAID 10, 4x SAS drives.

I have installed myself:

 Nginx
 PHP-FPM
 MySQL [ourdelta.org version]
 Sphinx
 Vsftpd
 Fail2ban
 Citadel [ddos flood protection]
 Munin
 NTP
 Htop
 Iptraf

These are all things that I actively use to run my websites.

Now my question:

I found this article: http://www.vr.org/kb/1002/Optimize-and-disable-default-CentOS-services.html

Which talks about a whole list of services that you can disable.

This is the list they suggest:

chkconfig anacron off
chkconfig apmd off
chkconfig atd off
chkconfig autofs off
chkconfig cpuspeed off
chkconfig cups off
chkconfig cups-config-daemon off
chkconfig gpm off
chkconfig isdn off
chkconfig netfs off
chkconfig nfslock off
chkconfig openibd off
chkconfig pcmcia off
chkconfig portmap off
chkconfig rawdevices off
chkconfig readahead_early off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig smartd off
chkconfig xfs off
chkconfig ip6tables off
chkconfig avahi-daemon off
chkconfig firstboot off
chkconfig yum-updatesd off 
chkconfig sendmail off
chkconfig mcstrans off
chkconfig pcscd off
chkconfig bluetooth off
chkconfig hidd off

Now I do use sendmail, and smartd, so those I will keep.

But most of the other processes I do not recognize. Is there anything I should be careful with disabling?

My answer:


Be careful with using other people’s “lists” as you may disable things you actually need.

Some obvious problems I see with that list are:

  • anacron makes sure cron jobs missed due to downtime get run when the system comes back up.
  • smartd monitors the health of your disks and can be set up to email you if a disk is failing (though since you have a hardware RAID, you should use the vendor-provided tool instead).
  • ip6tables is the IPv6 firewall… Really? Somebody advised turning off the firewall?!? This really blows their credibility to hell.
  • yum-updatesd provides automatic updates. If you don’t want this, turn it off, though it is useful in some scenarios.

I also have to agree with @aairey’s advice to do a minimal install. In CentOS 5, this requires the use of a kickstart file; CentOS 6 has a special minimal installation CD.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.