Disable and Remove Unwanted Services on RHEL/CentOS 7 Minimal Installation

RHEL/CentOS 7 minimal installation for servers comes with some default pre-installed services, such as Postfix Mail Transfer Agent daemon, Avahi mdns daemon (multicast Domain Name System) and Chrony service, which is responsible to maintain system clock.

Disable Services in CentOS 7

Remove Services in CentOS 7

Now comes to the question.. Why wed need to disable all these services. if they are pre-installed? One of the main reason would be to increase system security level degree, the second reason is system final destination and the third is system resources.

Requirements

  1. CentOS 7 Minimal Installation
  2. RHEL 7 Minimal Installation

If you are planning to use your newly installed RHEL/CentOS 7 to host, let’s say, a small website which runs on Apache or Nginx, or to provide network services like DNS, DHCP, PXE boot, FTP server, etc or other services that don’t require to run Postifx MTA daemon, Chrony or Avahi daemon, then why we should keep all these unnecessary daemons installed or even running on your server.

The main external services that your server truly requires to run after you perform a minimal installation would be just a SSH daemon, in order to allow remote logins on system, and, in some cases, NTP service, to accurately synchronize your server internal clock with external NTP servers.

Disable/Remove Postfix MTA, Avahi and Chrony Services

1. After the installation finishes, login on your server with root account or a user with root privileges and perform a system update, to make sure that your system is up-to-date with all packages and security patches.

# yum upgrade
Upgrade CentOS 7

Upgrade System

2. The next step would be to install some useful system utilities using YUM Package Manager, such as net-tools (this package provides the older
but good ifconfig command), nano text editor, wget and curl for URL transfers, lsof (to list your open files) and bash-completion, which auto completes typed commands.

# yum install nano bash-completion net-tools wget curl lsof
Install System Utilities in CentOS

Install System Utilities

3. Now you can start disabling and remove pre-installed unwanted services. First of all get a list of all your enabled and running services by running netstat command against TCP, UDP and Listen state network sockets.

# netstat -tulpn  	## To output numerical service sockets

# netstat -tulp      	## To output literal service sockets
List Enabled Services

List Enabled Services

4. As you can see Postfix is started and listens on localhost on port 25, Avahi daemon binds on all network Interfaces and Chronyd service binds on localhost and all network interfaces on different ports. Proceed with Postfix MTA service removal by issuing the following commands.

# systemctl stop postfix
# yum remove postfix
Remove Postfix Service in CentOS

Remove Postfix Service

5. Next remove Chronyd service, which will be replaced by NTP server, by issuing the following commands.

# systemctl stop chronyd
# yum remove chrony
Remove Chronyd Service in CentOS

Remove Chronyd Service

6. Now it’s time to remove Avahi daemon. Looks like in RHEL/CentOS 7 Avahi daemon is strongly tight and depends on Network Manager service. Performing Avahi daemon removal can leave your system without any network connections.

So, pay extra attention to this step. If you really need automatic network configuration provided by Network Manager or you need to edit your interfaces
through nmtui network and interface utility, then you should only stop and disable Avahi daemon and perform no removal at all.

If you still want to completely remove this service then you must manually edit network configuration files located in /etc/sysconfig/network-scripts/ifcfg-interface_name, then start and enable networking service.

Issue the following commands to remove Avahi mdns daemon. Caution: Do not attempt to remove Avahi daemon if you connected through SSH.

# systemctl stop avahi-daemon.socket avahi-daemon.service
# systemctl disable avahi-daemon.socket avahi-daemon.service
--------- Stop here if you don't want removal --------- 

# yum remove avahi-autoipd avahi-libs avahi
Remove Avahi Daemon in CentOS

Remove Avahi Daemon

7. This step is required only if you removed Avahi daemon and your network connections crashed and you need to manually configure Network Interface Card again.

To edit your NIC to use IPv6 and static IP Address, go to /etc/sysconfig/network-scripts/ path, open NIC interface file (usually the first card is named ifcfg-eno1677776 and is already configured by Network Manager) and use the following excerpt as a guide in case your
network interface has no configuration.

IPV6INIT=no
IPV6_AUTOCONF=yes
BOOTPROTO=none
DEVICE=eno16777736
ONBOOT=yes
UUID=c3f0dc21-d2eb-48eb-aadf-10a520b13df0
TYPE=Ethernet
#DEFROUTE=no
IPV4_FAILURE_FATAL=no
IPV6_DEFROUTE=no
IPV6_FAILURE_FATAL=no
NAME="System eno16777736"
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
HWADDR=00:0C:29:E2:06:E9
                IPADDR=192.168.1.25
                NETMASK=255.255.255.0
                GATEWAY=192.168.1.1
                DNS1=192.168.1.1
                DNS2=8.8.8.8
Configure Network Interface in CentOS

Configure Network Interface

The most important settings here you should take into consideration are:

  1. BOOTPROTO – Set to none or static – for static IP Address.
  2. ONBOOT – Set to yes – to bring up your interface after reboot.
  3. DEFROUTE – Statement commented with a # or completely removed – do not use default route (If you use it here you should add “DEFROUTE: no” to all network interfaces, not used as the default route).

8. If your infrastructure has an DHCP Server that automatically assigns IP Addresses, use the following excerpt for Network Interfaces Configuration.

IPV6INIT=no
IPV6_AUTOCONF=yes
BOOTPROTO=dhcp
DEVICE=eno16777736
ONBOOT=yes
UUID=c3f0dc21-d2eb-48eb-aadf-10a520b13df0
TYPE=Ethernet
##DEFROUTE=no
IPV4_FAILURE_FATAL=no
IPV6_DEFROUTE=no
IPV6_FAILURE_FATAL=no
NAME="System eno16777736"
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
HWADDR=00:0C:29:E2:06:E9
Configure DHCP Interface

Configure DHCP Interface

Same as the configuration with Static IP Address, assure that BOOTPROTO is set to dhcp, DEFROUTE statement is commented or removed and the device is configured to automatically start on boot. If you don’t use IPv6 just remove or comment all the lines containing IPV6.

9. In order to apply the new configurations for your network interfaces you must restart network service. After you restart network daemon use ifconfig
or ip addr show command to get your interface settings and try to ping a domain name to see if network is functional.

# service network restart	## Use this command before systemctl
# chkconfig network on
# systemctl restart network
# ifconfig
# ping domain.tld
Confirm Network Settings

Confirm Network Settings

10. As a final setting make sure you set up a name for system hostname using hostnamectl utility and review your configuration with hostname command.

# hostnamectl set-hostname FQDN_system_name
# hostnamectl status
# hostname
# hostname -s   	## Short name
# hostname -f   	## FQDN name
Setup System Hostname in CentOS 7

Setup System Hostname

11. That’s all! As a final test run netstat command again to get a look of what services are running on your system.

# netstat -tulpn
# netstat -tulp
Verify Running Services

Verify Running Services

12. Besides SSH server, if your network uses DHCP to pull dynamic IP configurations, a DHCP Client should run and be active on UDP ports.

# netstat -tulpn
Verify DHCP Service

Verify DHCP Service

13. As an alternative to netstat utility you can output your running network sockets with the help of Sockets Statistics command.

# ss -tulpn 
ss Command to Check Network

ss Command to Check Network

14. Reboot your server and run systemd-analize command to determine your system boot-up time performance and, also, use free and Disk
Free
command to display RAM and HDD statistics and top command to see a top of the most used system resources.

# free -h
# df -h
# top 
Check System Boot Time in Linux

Check System Boot Time

Check Memory and Disk Usage

Check Memory and Disk Usage

Congratulations! Now you have a clean minimal RHEL/CentOS 7 system environment with less services installed and running and more resources available for future configurations.

Read Also: Stop and Disable Unwanted Services from Linux

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Matei Cezar

I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

10 Responses

  1. Tech says:

    Thank you for your time – excellent tuts on this site!

  2. Tech says:

    I was also able to disable and remove the Avahi daemon with no issues. IS there something that I should keep an eye on just in case? Why are you using ntp instead of chrony?

    • Matei Cezar says:

      If you are running a server, removing Avahi daemon is a good security practice. Using ntp instead of crony is a personal choice, anyway if you just want to sync time with upstream ntp servers you can use ntpdate command from crontab.

  3. Pedro Rodrigues says:

    Well, I just removed the Avahi daemon from a fresh Centos 7 install while connected with SSH, and there was no problem at all. Did a netinstall with a minimal software configuration, maybe that makes a difference. Chrony was not installed, also. Anyway, thanks for the article, very informative. Am just getting my feet wet on Centos 7 and it helped me quite a bit.

  4. Olivier says:

    Why are you using ntp instead of chrony ???

    ps: happy new year :)

  5. Alex wang says:

    sorry for the redundant and unnecessary absolutely word :)

  6. Alex wang says:

    Hi Cezar , nice article, for a minmal install,

    very handy even for virtual box,vmware labs when you can clone a base vm with absolutely minimal ,then create a handful of nodes and work on those nodes necessary for your network topology/service requirements(for example internal and external network router dmz scenario ), no need to clone a bloated system with huge ram requirements(given that if your host machine suffers from it)

    I have two question what is the absolutely minimal ram for your minimal installation will be? and what is absolutely minimal ram for server with gui with no package selected installation

    Thanks

  7. Matei Cezar says:

    @Joseph Bloe: you are wrong…if you remove Avahi daemon you can lose SSH connectivity because Avahi daemon removes NetworkManager also…so no Network Manager no connection…that’s the point!

  8. Joseph Bloe says:

    LMFAO @ “Caution: Do not attempt to remove Avahi daemon if you connected through SSH.”

    That’s not even close to being realistic, since Avahi isn’t required for SSH to function.

Leave a Reply to Matei Cezar Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.