Posted January 19Jan 19 You are reading Part 7 of the 57-part series: Harden and Secure Linux Servers. [Level 1]This series covers progressive security measures, from fundamental hardening techniques to enterprise-grade defense strategies. Each article delves into a specific security practice, explaining its importance and providing step-by-step guidance for implementation.To explore more security best practices, visit the main guide for a full breakdown of all levels and recommendations.Every running service on your Linux server can be a potential entry point for attackers. The more services you have enabled, the greater the attack surface. Disabling unnecessary services helps improve security by reducing vulnerabilities, freeing up system resources, and minimizing potential exploits.How to Identify and Disable Unnecessary ServicesList all active services:sudo systemctl list-unit-files --type=service --state=enabledThis command displays all enabled services on your system.Determine which services are unnecessary:If you're unsure about a service, you can check its description:systemctl status service_nameResearch whether the service is essential for your system or applications.Disable unneeded services:sudo systemctl disable service_nameThis prevents the service from starting automatically on boot.Stop a running service immediately:sudo systemctl stop service_name(This will stop the service for the current session but won’t disable it at boot.)Verify that the service is disabled:sudo systemctl is-enabled service_nameIf it returns disabled, the service won’t start automatically anymore.Common Services That Can Often Be Disabled (If Not Needed):cups → Printer service (disable if you don't need printing).avahi-daemon → Network discovery (not needed on most servers).bluetooth → Wireless Bluetooth (disable if not used).rpcbind → Remote procedure calls (disable if not running NFS).sendmail or postfix → Mail services (disable if the server isn't handling emails).Best Practices for Managing Services:✅ Only enable services that are essential for your server's function.✅ Regularly audit running services to identify unnecessary ones.✅ Use systemctl mask to completely prevent a service from being started (even manually):sudo systemctl mask service_name By disabling unnecessary services, you reduce security risks, improve server performance, and minimize potential attack vectors, making your Linux server more secure and efficient.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.