Skip to main content

不要なサービスの停止

不要なサービスの確認#

利用しないサービスが起動している事によるセキュリティホール化や、
意図しないサービスによるリソース消費を抑えるために不要なサービスは停止しておく

現在起動しているサービスの確認

# systemctl list-units --type service |grep active

デフォルトで有効化されているサービス例

service namedescription
atd.serviceJob spooling tools
auditd.serviceSecurity Auditing Service
chronyd.serviceNTP client/server
crond.serviceCommand Scheduler
dbus.serviceD-Bus System Message Bus
firewalld.serviceRestore /run/initramfs on shutdown
getty@.serviceGetty on tty1
import-state.serviceImport network configuration from initramfs
irqbalance.serviceirqbalance daemon
kmod-static-nodes.serviceCreate list of required static device nodes for the current kernel
libstoragemgmt.servicelibstoragemgmt plug-in server daemon
lvm2-monitor.serviceMonitoring of LVM2 mirrors, snapshots etc. using dmeventd or progress polling
lvm2-pvscan@8:2.serviceLVM event activation on device 8:2
mcelog.serviceMachine Check Exception Logging Daemon
NetworkManager-wait-online.serviceNetwork Manager Wait Online
NetworkManager.serviceNetwork Manager
nis-domainname.serviceRead and set NIS domainname from /etc/sysconfig/network
polkit.serviceAuthorization Manager
rhsmcertd.serviceEnable periodic update of entitlement certificates.
rngd.serviceHardware RNG Entropy Gatherer Daemon
rsyslog.serviceSystem Logging Service
smartd.serviceSelf Monitoring and Reporting Technology (SMART) Daemon
sshd.serviceOpenSSH server daemon
systemd-journal-flush.serviceFlush Journal to Persistent Storage
systemd-journald.serviceJournal Service
systemd-logind.serviceLogin Service
systemd-random-seed.serviceLoad/Save Random Seed
systemd-remount-fs.serviceRemount Root and Kernel File Systems
systemd-sysctl.serviceApply Kernel Variables
systemd-tmpfiles-setup-dev.serviceCreate Static Device Nodes in /dev
systemd-tmpfiles-setup.serviceCreate Volatile Files and Directories
systemd-udev-trigger.serviceudev Coldplug all Devices
systemd-udevd.serviceudev Kernel Device Manager
systemd-update-utmp.serviceUpdate UTMP about System Boot/Shutdown
systemd-user-sessions.servicePermit User Sessions
tuned.serviceDynamic System Tuning Daemon
user-runtime-dir@0.service/run/user/0 mount wrapper
user@0.serviceUser Manager for UID 0
vdo.serviceVDO volume services

リスニングポートとサービスの確認

# netstat -pan -A inet,inet6
# ss -luatp