Disabling System Services
System services are started by the init system. Disable services that are not necessary to system operation. For example, some services might allow a system to be compromised, due to incorrect configuration. System services under the Sun Linux OS are controlled using the chkconfig command, which you can use to list services available, then disable or enable them.
The chkconfig command does not start or stop system service; it only enables or disables it from running at boot time. If you disable a system service with chkconfig and do not reboot the system, then you must stop the system service using the script in the /etc/rc.d/init.d directory.
To list existing services and their states, use the following command:
# /sbin/chkconfig list
To disable a system service, use the following command:
# /sbin/chkconfig --level 0123456 <service> off
To enable a system service, use the following command:
# /sbin/chkconfig --level 0123456 <service> on
The previous example enables service for each of the system's seven run levels. Use only the number or numbers corresponding to the run levels at which the service should run. For example, to enable a service only for run level 5, then modify the --level option to include only the number 5.
For security purposes, only enable required services. The fewer services that are enabled, the less likely it is that attackers can discover ways to exploit systems.
The packages installed determine what services are enabled by default. Removing unnecessary packages disables some extraneous services. Examine the remaining services to determine their relevance to the system and the hosted applications.
Be aware that installing patches and/or software packages might restore or add new entries for init to start. We recommend that you regularly review the services started by init. In particular, check for new services or changes in the status of existing services after patches or new software are installed on a system.