Removing Unnecessary Services & Packages in a MySQL Ubuntu 12.04 Server

Athena Wisdom asked:

As part of hardening a standalone/dedicated MySQL 5.6 server running on Ubuntu 12.04 LTS, unnecessary services and packages will have to be removed.

For a server that is serving only as a MySQL server, what services and packages should we remove? Is there a list of services/packages that we can use?

Here’s a list of services running (?). Which are the ones them look like they could be stopped and their packages removed?

[ ? ]  acpid
[ ? ]  anacron
[ ? ]  atd
[ - ]  bootlogd
[ ? ]  console-setup
[ ? ]  cron
[ ? ]  cryptdisks
[ ? ]  cryptdisks-early
[ ? ]  cryptdisks-enable
[ ? ]  cryptdisks-udev
[ ? ]  dbus
[ ? ]  dmesg
[ - ]  grub-common
[ ? ]  hostname
[ ? ]  hwclock
[ ? ]  hwclock-save
[ - ]  keymap.sh
[ ? ]  killprocs
[ ? ]  module-init-tools
[ ? ]  network-interface
[ ? ]  network-interface-container
[ ? ]  network-interface-security
[ ? ]  networking
[ ? ]  ondemand
[ ? ]  passwd
[ ? ]  plymouth
[ ? ]  plymouth-log
[ ? ]  plymouth-ready
[ ? ]  plymouth-splash
[ ? ]  plymouth-stop
[ ? ]  plymouth-upstart-bridge
[ ? ]  procps
[ ? ]  rc.digitalocean
[ ? ]  rc.local
[ ? ]  resolvconf
[ - ]  rsync
[ ? ]  rsyslog
[ ? ]  sendsigs
[ ? ]  setvtrgb
[ + ]  ssh
[ - ]  stop-bootlogd
[ - ]  stop-bootlogd-single
[ ? ]  sudo
[ ? ]  udev
[ ? ]  udev-fallback-graphics
[ ? ]  udev-finish
[ ? ]  udevmonitor
[ ? ]  udevtrigger
[ ? ]  umountfs
[ ? ]  umountnfs.sh
[ ? ]  umountroot
[ - ]  unattended-upgrades
[ - ]  urandom

My answer:


This is already minimalist. You have ssh enabled and that’s about it. Almost everything else is startup and shutdown tasks.

One thing you should enable is acpid. Without this, you may not be able to shutdown or reboot your droplet from Digital Ocean’s control panel. (Or, on a physical server, the power button will not perform a graceful shutdown but instead hard power off the machine.)


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.