关掉centos所有不必要的服务和端口

其他 2019-02-28 09:01:13 阅读次数: 0
版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/gsl371/article/details/84140138

文章目录

查看已开通的服务

centos作为服务器开放的服务多了,难免一些服务软件有漏洞,开放的端口号越多,上线的服务器越危险,所以我们必须在服务器上线之前把centos里面不必要的服务全部干掉,不让坏人有可乘之机。

[root@centos ~]# chkconfig --list | grep "3:on"
NetworkManager  0:off   1:off   2:on    3:on    4:on    5:on    6:off
abrt-ccpp       0:off   1:off   2:on    3:on    4:on    5:on    6:off
abrtd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
acpid           0:off   1:off   2:on    3:on    4:on    5:on    6:off
atd             0:off   1:off   2:on    3:on    4:on    5:on    6:off
auditd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
autofs          0:off   1:off   2:on    3:on    4:on    5:on    6:off
blk-availability    0:off   1:on    2:on    3:on    4:on    5:on    6:off
certmonger      0:off   1:off   2:on    3:on    4:on    5:on    6:off
cgconfig        0:off   1:off   2:on    3:on    4:on    5:on    6:off
cgred           0:off   1:off   2:on    3:on    4:on    5:on    6:off
cpuspeed        0:off   1:on    2:on    3:on    4:on    5:on    6:off
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
cups            0:off   1:off   2:on    3:on    4:on    5:on    6:off
dnsmasq         0:off   1:off   2:on    3:on    4:on    5:on    6:off
haldaemon       0:off   1:off   2:on    3:on    4:on    5:on    6:off
ip6tables       0:off   1:off   2:on    3:on    4:on    5:on    6:off
ipsec           0:off   1:off   2:on    3:on    4:on    5:on    6:off
iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
irqbalance      0:off   1:off   2:on    3:on    4:on    5:on    6:off
kdump           0:off   1:off   2:on    3:on    4:on    5:on    6:off
lvm2-monitor    0:off   1:on    2:on    3:on    4:on    5:on    6:off
mcelogd         0:off   1:off   2:on    3:on    4:on    5:on    6:off
mdmonitor       0:off   1:off   2:on    3:on    4:on    5:on    6:off
messagebus      0:off   1:off   2:on    3:on    4:on    5:on    6:off
netconsole      0:off   1:off   2:on    3:on    4:on    5:on    6:off
netfs           0:off   1:off   2:on    3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
nfs             0:off   1:off   2:on    3:on    4:on    5:on    6:off
nfslock         0:off   1:off   2:on    3:on    4:on    5:on    6:off
ntpd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
ntpdate         0:off   1:off   2:on    3:on    4:on    5:on    6:off
numad           0:off   1:off   2:on    3:on    4:on    5:on    6:off
oddjobd         0:off   1:off   2:on    3:on    4:on    5:on    6:off
portreserve     0:off   1:off   2:on    3:on    4:on    5:on    6:off
postfix         0:off   1:off   2:on    3:on    4:on    5:on    6:off
pppoe-server    0:off   1:off   2:on    3:on    4:on    5:on    6:off
psacct          0:off   1:off   2:on    3:on    4:on    5:on    6:off
quota_nld       0:off   1:off   2:on    3:on    4:on    5:on    6:off
rdisc           0:off   1:off   2:on    3:on    4:on    5:on    6:off
restorecond     0:off   1:off   2:on    3:on    4:on    5:on    6:off
rngd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
rpcbind         0:off   1:off   2:on    3:on    4:on    5:on    6:off
rpcgssd         0:off   1:off   2:on    3:on    4:on    5:on    6:off
rpcsvcgssd      0:off   1:off   2:on    3:on    4:on    5:on    6:off
rsyslog         0:off   1:off   2:on    3:on    4:on    5:on    6:off
saslauthd       0:off   1:off   2:on    3:on    4:on    5:on    6:off
smartd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
sssd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
svnserve        0:off   1:off   2:on    3:on    4:on    5:on    6:off
sysstat         0:off   1:on    2:on    3:on    4:on    5:on    6:off
udev-post       0:off   1:on    2:on    3:on    4:on    5:on    6:off
winbind         0:off   1:off   2:on    3:on    4:on    5:on    6:off
wpa_supplicant  0:off   1:off   2:on    3:on    4:on    5:on    6:off
ypbind          0:off   1:off   2:on    3:on    4:on    5:on    6:off

关掉不必要的服务

这会儿问题来了,我们的服务器哪些服务必须保留呢?

  • network提供网络的服务,服务器不上网怎么能行呢?
  • crond时间计划任务服务,服务器日常的计划执行离不开这个服务
  • sshd 我们需要通过ssh 才能远程连接到我们的Linux,总不能天天在idc机房拿kvm来工作吧
  • rsyslog 服务器做了哪些事情都需要靠日志才能知道,rsyslog就是用来记录日志的,原来名字叫syslog
  • sysstat 监控系统性能的服务,对服务器掌控怎么能离得了它,sar,mpstat,iostat,vmstat都是非常有用的工具,都在这个服务里面

总结一下,系统必须开启的服务有network,sshd,crond,rsyslog,sysstat五个
把该留下的留下,其他全部干掉,直接给答案:

[root@centos ~]# chkconfig --list | grep 3:on | egrep -v "sshd|network|rsyslog|sysstat|crond" | awk '{print "chkconfig",$1,"off"}' 
chkconfig NetworkManager off
chkconfig abrt-ccpp off
chkconfig abrtd off
chkconfig acpid off
chkconfig atd off
chkconfig auditd off
chkconfig autofs off
chkconfig blk-availability off
chkconfig certmonger off
chkconfig cgconfig off
chkconfig cgred off
chkconfig cpuspeed off
chkconfig cups off
chkconfig dnsmasq off
chkconfig haldaemon off
chkconfig ip6tables off
chkconfig ipsec off
chkconfig iptables off
chkconfig irqbalance off
chkconfig kdump off
chkconfig lvm2-monitor off
chkconfig mcelogd off
chkconfig mdmonitor off
chkconfig messagebus off
chkconfig netconsole off
chkconfig netfs off
chkconfig nfs off
chkconfig nfslock off
chkconfig ntpd off
chkconfig ntpdate off
chkconfig numad off
chkconfig oddjobd off
chkconfig portreserve off
chkconfig postfix off
chkconfig pppoe-server off
chkconfig psacct off
chkconfig quota_nld off
chkconfig rdisc off
chkconfig restorecond off
chkconfig rngd off
chkconfig rpcbind off
chkconfig rpcgssd off
chkconfig rpcsvcgssd off
chkconfig saslauthd off
chkconfig smartd off
chkconfig sssd off
chkconfig svnserve off
chkconfig udev-post off
chkconfig winbind off
chkconfig wpa_supplicant off
chkconfig ypbind off
[root@centos ~]# chkconfig --list | grep 3:on | egrep -v "sshd|network|rsyslog|sysstat|crond" | awk '{print "chkconfig",$1,"off"}' | bash

查看结果

[root@centos ~]# chkconfig --list |grep "3:on"
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
rsyslog         0:off   1:off   2:on    3:on    4:on    5:on    6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
sysstat         0:off   1:on    2:on    3:on    4:on    5:on    6:off

猜你喜欢

转载自blog.csdn.net/gsl371/article/details/84140138
今日推荐
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
国产云输入法——仅华为无云端数据上传安全问题
开源日报 | 工业开源项目OGG 1.0;姐姐,你要和我一起配置火狐吗;苹果AI遥遥落后?Fedora 40
开放签电子签章:停止新增,优化体验,前进更进(五一假期前工作)
开源日报 | 中学生开源前端动画引擎;全球首个Llama3 8B中文版开源模型;联想电脑恐出局;Linus讽刺AI炒作
周排行
浏览器对同一域名进行请求的最大并发连接数
React Hook之自定义Hook
【转】MyBatis缓存机制
-Java-泛型
自动化测试常用脚本-发送邮件
LeetCode#859: Buddy Strings
java、Python处理字符串
第二篇の博客
Hadoop伪分布式环境安装
SQL Server进阶(十一)临时表、表变量
每日归档
更多
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)
2024-04-22(39)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022