Athena Wisdom asked:
As part of hardening a standalone/dedicated MySQL 5.6 server running on Ubuntu 12.04 LTS, unnecessary services and packages will have to be removed.
For a server that is serving only as a MySQL server, what services and packages should we remove? Is there a list of services/packages that we can use?
Here’s a list of services running (?). Which are the ones them look like they could be stopped and their packages removed?
[ ? ] acpid [ ? ] anacron [ ? ] atd [ - ] bootlogd [ ? ] console-setup [ ? ] cron [ ? ] cryptdisks [ ? ] cryptdisks-early [ ? ] cryptdisks-enable [ ? ] cryptdisks-udev [ ? ] dbus [ ? ] dmesg [ - ] grub-common [ ? ] hostname [ ? ] hwclock [ ? ] hwclock-save [ - ] keymap.sh [ ? ] killprocs [ ? ] module-init-tools [ ? ] network-interface [ ? ] network-interface-container [ ? ] network-interface-security [ ? ] networking [ ? ] ondemand [ ? ] passwd [ ? ] plymouth [ ? ] plymouth-log [ ? ] plymouth-ready [ ? ] plymouth-splash [ ? ] plymouth-stop [ ? ] plymouth-upstart-bridge [ ? ] procps [ ? ] rc.digitalocean [ ? ] rc.local [ ? ] resolvconf [ - ] rsync [ ? ] rsyslog [ ? ] sendsigs [ ? ] setvtrgb [ + ] ssh [ - ] stop-bootlogd [ - ] stop-bootlogd-single [ ? ] sudo [ ? ] udev [ ? ] udev-fallback-graphics [ ? ] udev-finish [ ? ] udevmonitor [ ? ] udevtrigger [ ? ] umountfs [ ? ] umountnfs.sh [ ? ] umountroot [ - ] unattended-upgrades [ - ] urandom
This is already minimalist. You have ssh enabled and that’s about it. Almost everything else is startup and shutdown tasks.
One thing you should enable is
acpid. Without this, you may not be able to shutdown or reboot your droplet from Digital Ocean’s control panel. (Or, on a physical server, the power button will not perform a graceful shutdown but instead hard power off the machine.)
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.