from
http://www.360doc.com/content/11/1116/09/7899729_164709023.shtml
The configuration of my CentOS 6.0 ntsysv, the following Enable, the others are all disabled: wr
NetworkManager/ acpid/ auditd/ autofs/ haldaemon/ iscsi/ iscsid
libvirt-guests/ messagebus/ netfs/ network/ nfs/ nfslock/portreserve
postfix/ rpcbind/ rpcidmapd/ rsyslog/ sshd/ sysstat/ tftp/ udev-post
vboxadd/ vboxadd-service/ vboxadd-x11/ xinetd
Redhat official service introduction:
acpid
Listen and dispatch ACPI signals from kernel. Leave it on if you have a fairly new BIOS as it handles shutting of power to your computer
anacron
This runs cron jobs that were scheduled to run when the system was down. Safe to disable, unless you had a cron job that makes backups at thimes the system was down
apmd
Advanced power management daemon. Leave it on If you have a laptop, or a battery backup. Disable it if you have a desktop.
arpwatch
Arpwatch is a tool that monitors ethernet or fddi activity and maintain a database of ethernet/ip address pairings. You can probably disable it.
etc
Controls the at command, which is used to schedule commands. Unless you use the at command, you can turn it off
autofs
autofs is usually used for mounting network shares. Could be disabled for desktop systems.
bluetooth
Well? Do you want bluetooth on when you turn on your computer?
cane
Japanese support. Not needed unless you can read Japanese
cpuspeed
CPUSpeed for Linux adjusts the CPU speed dynamically based on the demand for processing power. Disable it unless you are using a laptop
crond
This handles cron jobs, an essential part of Linux systems. Do NOT turn this off unless you are a lunatic, an expert or both
cups
Common UNIX Printing Solution. It is one system the computer uses to control the print queue. Leave it on if you have a printer
gpm
Lets you use the mouse in text-only console. Leave it off If you never leave X window system
httpd
Makes your computer a webserver. Unless you have a webpage you are hosting, this can be turned Off.
httpsd
Same thing as httpd, except secure. You probably want this off as well, unless you get to your site as https://
inetd/xinetd
Do not confuse this with Xine the movie player. Both of these are importand services. Do not turn off.
iptables
iptables is part of the Linux Firewall. Leave it on if you are on a network, especially if you are connected to the world wide web.
irda
Infra Red Data Association. Unless you are doing IR, you don't need this.
isdn
ISDN deamon for ISDN connections. Not needed unless you connect to the net through ISDN.
kuzdu
New Hardware detection utility. disable it if you never change your setup
lm_sensors
Sensors is used for monitoring motherboard sensor values. Unless your mother board has sensors to measure it's temperature, and other stuff you would like to know, this can be off.
mpmpd/mdmonitor
The mdadm package includes software used to create, manage, and monitor software RAID volumes.
named
Named is a Domain Name Server. You don't need it unless you are acting as a DNS server.
netfs
Mounts/Unmounts all Network File Systems, Samba pount points. Not needed if you don't need to automount remote File Systems
nfs/nfslock/portmap
This is the server functionality for file sharing across TCP/IP networks
ntp/ntpd
Used for syncing time across a network. You probably don't need this.
pcmcia
PCMCIA is to support ethernet and modems in laptops. You can switch it off in desktops
pop3d
Used to run a pop3 server on the machine. Unless you are a mail server, you don't need this
rhnsd
The RedHat network. Not needed if you use yum for all your updates
rpcgssd/rpcidmapd/rpcsvcgssd
These are Network File System Daemons. If You do not use NFS, turn it off
sendmail/smtpd
For use if your machine is a mail server. If not, it will mostly handle log alerts and other similar activities. It will not pose a security threat to leave it on.
smb/smbd/nmbd/winbind
For use if you want to network your linux box with a windows machine, and have the linux box appear in the 'network neighborhood'
snmpd/snmptrapd
Simple Network Management Protocol. You probably don't need this.
squid
Use this to become a sort of cache for internet requests from your local network. Unless internet requests go through you, this can be disabled
sshd/telnetd/rshd
Allow remote users to log onto your computer. Unless you need this, disable it. SSH is the most secure of these.
syslog
Keep this on. It logs your system activities.
vsftpd
This makes your computer an ftp server. Unless you want people to access your computer via ftp, disable this
wine
Keeps a copy of WINE loaded so you can just double click on a .exe to run it. You won't see this option unless you have WINE installed
Detailed explanation of Linux system daemon
Do not turn off the following services:
acpid, haldaemon, messagebus, klogd, network, syslogd
1.NetworkManager, NetworkManagerDispatcher
NetworkManager is a background process that automatically switches network connections. Many laptop users will need to enable this feature, which allows you to switch between wireless and wired networks. Most desktop users should turn the service off. Some DHCP users may need to turn it on.
2.acpid
Configuration file: /proc/acpi/event
Description: Advanced Configuration and Power Interface, a new power management standard introduced to replace the traditional APM power management standard. It is recommended that all laptop users turn it on. Some servers may not require acpi. Common operations supported are: "Power On/Off", "Battery Monitor", "Laptop Lid On/Off", "Laptop Display Brightness", "Hibernate", "Hook Up", etc.
3.anacron
Configuration file: /etc/anacrontab
Description: An automated run task. Red Hat Linux ships with four tools for automating tasks: cron, anacron, at, and batch. When your Linux host is not powered on 24/7, this anacron can help you perform tasks that are not performed within the time set by "crontab". For example, when your host will automatically shut down at 12:00 in the evening, but the routine job of crontab is working at 4:00, the routine job cannot work at this time. But you can do it with anacron.
Does it need to be started: If the host has been powered on for 24 hours and cron is running, then the daemon does not need to be started.
Anacron, atd, cron these schedulers have a small difference. It is recommended to turn on cron, especially if your computer will be running for a long time. For servers, you should look deeper to determine which scheduler should be turned on. Most laptops/desktops should have atd and anacron turned off. Note: Anacron is required to perform some tasks, such as cleaning /tmp or /var.
4.apmd
Configuration file: /etc/sysconfig/apmd
Description: Advanced Power Management, advanced power management. Traditional power management standards. Generally, the system will support both APM and APMD flags, but only one can be loaded when the system is loaded. Useful for laptops to know the "battery level" of the system.
Does it need to be started: If we are using a desktop computer or a model that is always on, we don't need to use this daemon.
5. etc.
Configuration files: /etc/at.allow, /etc/at.deny
Description: An automated run task.
Does it need to be activated: usually needs to be activated. However, if you have been using cron, you can also not start it.
6.autofs
Configuration file: /etc/sysconfig/autofs
Description: Realize the automatic loading of removable storage media such as CD-ROM, floppy disk and U-disk.
Whether it needs to be activated: Generally, no activation is required.
7.avahi-daemon, avahi-dnsconfd
Description: Avahi is an implementation of the zeroconf protocol. It can discover devices and services based on the zeroconf protocol in a local area network without DNS service. It is the same as mDNS. It should be turned off unless you have a compatible device or service that uses the zeroconf protocol.
8. bluetooth, hcid, hidd, sdpd, dund, pand
Note: Bluetooth (Bluetooth) is used for wireless portable devices (non-wifi, 802.11). Many notebooks offer Bluetooth support. There are bluetooth mice, bluetooth headsets and bluetooth enabled mobile phones. If there are no Bluetooth devices or Bluetooth-related services, it should be turned off. Other bluetooth related services are: hcid manages all visible bluetooth devices, hidd provides support for input devices (keyboard, mouse), dund supports dial-up connections to the network via bluetooth, and pand allows you to connect to ethernet via bluetooth.
9. leaders
Note: Only useful for users using ISDN equipment. Most users should turn it off.
10.cpuspeed
Description: Monitor the system idle percentage, reduce or speed up the CPU clock speed and voltage to minimize energy consumption when the system is idle, and maximize system execution speed when the system is busy.
Does it need to be activated: needs to be activated.
11.crond
Configuration file: /etc/crontab
Description: A daemon used to execute routine commands.
Does it need to be activated: must be activated.
12.cups
Configuration file:
CUPS server configuration file: /etc/cups/cupsd.conf
CUPS client configuration file: /etc/cups/client.conf
CUPS printer configuration file: /etc/cups/printers.conf
Class configuration file in CUPS: /etc/cups/classes.conf
Description: Common UNIX Printing System, public UNIX printing support, provides printing capabilities for Linux.
Does it need to be activated: If the printer is not installed, activation is not required.
13.cups-lpd
Description: CUPS Line Printer Daemon ("LPD"), which provides printing capabilities.
Does it need to be activated: If the printer is not installed, activation is not required.
14.dc_client, dc_server
Description: Disk cache (Distcache) is used for distributed session cache. Mainly used in SSL/TLS servers. It can be used by Apache. Most desktops should turn it off.
15. dhcdbd
Description: This is an interface for the DBUS system to control DHCP. The default closed state can be left.
16.diskdump, netdump
Description: Diskdump is used to help debug kernel crashes. It will save a dump file for analysis after a kernel panic. The function of network dump (Netdump) is similar to that of Diskdump, except that it can be stored over the network. They should be turned off unless you are diagnosing a kernel related problem.
17. dund
Description: Supports connecting to the network via Bluetooth dial-up. If there is no bluetooth device, turn it off.
18.firstboot
Description: This service is specific to the Fedora installation process. It performs certain tasks that only need to be performed once on the first boot after installation. It can be turned off.
19.gpm
Configuration file: /etc/sysconfig/mouse
Description: General Purpose Mouse Daemon, gpm provides mouse support for Linux programs in text mode such as mc (Midnight Commander). It also supports mouse copy, paste operations and popup menus under the console. It is generally enabled at level 3 and disabled at level 5.
20.hcid
Description: Used to manage all visible Bluetooth devices. If there is no bluetooth device, turn it off.
21. hidd
Description: Provides support for input devices (keyboard, mouse).
22.iptables
Configuration file: /etc/sysconfig/iptabels
Description: This service is a software firewall for IPv4. It should be turned on.
23.ip6tables
Description: This service is a software firewall for IPv6. Most users should turn it off.
24.irda
Description: Infrared Data Association is an industry standard for realizing infrared wireless data transmission.
25.irqbalance
Description: A daemon that load balances system interrupt requests in the context of multiple system processors.
Does it need to be started: If you only have one CPU installed, you don't need to load this daemon.
26.kudzu
Configuration file:
/etc/sysconfig/hwconf
/etc/sysconfig/kudzu
Description: The hardware automatic detection program will automatically detect whether the hardware has changed, and will add and delete hardware accordingly. When the system starts, kudzu will detect the current hardware and compare it with the hardware information stored in /etc/sysconfig/hwconf. If a piece of hardware is added or removed from the system, then kudzu will Perceived, and notify the user whether to carry out the relevant configuration, and then modify /etc/sysconfig/hwconf to keep the hardware data in sync with the system. If the file /etc/sysconfig/hwconf does not exist, then kudzu will probe for existing hardware from /etc/modprobe.conf, /etc/sysconfig/network-scripts/ and /etc/X11/XF86Config.
Whether it needs to be started: If you start kudzu, every time you start the system, it will check the new hardware (checking new hardware), which will prolong the system startup time. If you do not plan to add new hardware, you can turn off this startup service to speed up system startup time.
27.mcstrans
Note: Enable SELinux if you use it. Fedora Core has SELinux enabled by default.
28.mdmonitor
Description: This service is used to monitor Software RAID or LVM information. Daemons related to RAID devices.
29.mdmpd
Description: This service is used to monitor Multi-Path devices (storage devices of this type that can be accessed by more than one controller or method). Daemons related to RAID devices.
30.messagebus
Description: This is the IPC (Interprocess Communication) service of Linux. Specifically, it interacts with DBUS to provide one-to-one communication between two or more applications. is an important system service. It is strongly recommended to turn it on.
31.microcode_ctl
Description: Can encode and send new microcode to the kernel to update Intel IA32 series processors (Pentium Pro, PII, PIII, Pentium 4, Celeron, Xeon etc - all P6 and higher, excluding pentium classics).
32.netdump
Note: The function of Netdump is similar to that of Diskdump, except that it can be stored over the network. They should be turned off unless you are diagnosing a kernel related problem.
33.netfs
Description: Network Filesystem Mounter, this service is used to automatically mount shared file spaces in the network when the system starts, such as: NFS, Samba, etc. Mount and unmount NFS, SAMBA and NCP network file systems.
34.netplugd
Configuration file:
/etc/netplug/netplugd.conf
/etc/netplug.d/netplug
Description: The network cable hotplug management daemon, netplugd is a daemon that monitors the status of one or more network interfaces and runs an external script when certain events are triggered. It is recommended to keep its default closed state.
35.network
Description: Activate all network interfaces at system startup.
36. nfs
Description: Network file system.
37.nfslock
说明:NFS是一个流行的通过TCP/IP网络共享文件的协议,此服务提供了NFS文件锁定功能。
38.pcmcia
说明:Pcmcia卡,支持笔记本电脑的PCMCIA 设备,如调制解调器, 网络适配器, SCSI卡等等。
39.pcscd
说明:该服务提供智能卡(和嵌入在信用卡,识别卡里的小芯片一样大小)和智能卡读卡器支持。如果你没有读卡器设备,就关闭它。
40.portmap
说明:Portmap守护程序为RPC服务,该服务是 NFS(文件共享)和 NIS(验证)的补充。除非你使用 NFS 或 NIS 服务,否则关闭它。
41.psacct
说明:包括几个工具用来监控进程活动的工具,包括ac,lastcomm, accton 和sa。
42.random
说明:快速的将系统的状态在随机的时间内存到镜象档案中,对于系统相当重要。因为在开机之后,系统会迅速的恢复到开机之前的状态。必须启动。
43.readahead_early、readahead_later
说明:这两个进程的作用是在启动系统期间,将启动系统所要用到的文件首先读取到内存中,然后在内存中进行执行,以加快系统的启动速度。而上面两个配置文件就保存着将要读取到内存的文件列表。
44.restorecond
说明:用于给 SELinux 监测和重新加载正确的文件上下文(file contexts)。它不是必须的,但如果你使用 SELinux 的话强烈建议开启它。
45.rpcgssd, rpcidmapd, rpcsvcgssd
说明:用于 NFS v4。除非你需要或使用 NFS v4,否则关闭它。
46.rhnsd
说明:Red Hat 网络服务。通知你有关官方的安全信息以及为你的系统打补丁。
47.rsync
说明:remote sync,远程数据备份工具。
48.saslauthd
说明:使用SASL的认证守护程序。
49.sgi-fam
说明:实现实时数据镜像。监控文件的变更,提供一个应用程序API接口用来当指定的文件或目录改变时及时通知。
50.smartd
说 明:Self Monitor Analysis and Reporting Technology System,监控你的硬盘是否出现故障。 SMART Disk Monitoring 服务用于监测并预测磁盘失败或磁盘问题(前提:磁盘必须支持 SMART)。大多数的桌面用户不需要该服务,但建议开启它,特别是服务器。
51.syslog
配置文件:/etc/syslog.conf
说明:记录所有的系统行为。
52.time
说明:从远程主机获取时间和日期,采用TCP协议。
53.time-udp
说明:从远程主机获取时间和日期,采用UDP协议。
54.vncserver
说明:VNC (Virtual Network Computing,虚拟网络计算),它提供了一种在本地系统上显示远程计算机整个"桌面"的轻量型协议。
55.xfs
预设端口:TCP 7100
说明:x font server,X Window字型服务器,为本地和远程X服务器提供字型集。
是否需要启动:如果使用run-level为5的图形界面,那么就需要启动。
56.xinetd
配置文件:/etc/xinetd.conf
说 明:xinetd作为inetd的后续版本,负责管理系统中不频繁使用的服务,这些服务程序在有请求时才由xinetd服务负责启动运行,一旦完成服务请 求服务程序结束运行,这样可以有效地减少对系统资源的占用率。通常,xinetd管理的程序有telnet、ftp、rsh和rlogin。关闭 xinetd也就关闭了这些由它管理的服务。
是否需要启动:必须启动。
57.yum
配置文件:/etc/yum.conf
说明:Yellow Dog UpdaterModified,是一个自动更新、安装和删除RPM软件包的管理程序,它会自动计算软件包的管理程序,并判断哪些软件应该安装,哪些软件则不必安装。
是否需要启动:以系统管理策略而决定是否启动