1、关闭不必要的服务
1.1、centos6.x服务操作命令
1.1.1、常用命令
查看服务开启或关闭状态:
[root@localhost ~]# chkconfig --listaegis 0:off 1:off 2:on 3:on 4:on 5:on 6:offagentwatch 0:off 1:off 2:on 3:on 4:on 5:on 6:offatd 0:off 1:off 2:off 3:on 4:on 5:on 6:offauditd 0:off 1:off 2:on 3:on 4:on 5:on 6:offblk-availability 0:off 1:on 2:on 3:on 4:on 5:on 6:offcloud-config 0:off 1:off 2:on 3:on 4:on 5:on 6:offcloud-final 0:off 1:off 2:on 3:on 4:on 5:on 6:offcloud-init 0:off 1:off 2:on 3:on 4:on 5:on 6:offcloud-init-local 0:off 1:off 2:on 3:on 4:on 5:on 6:offcloud-init-upgrade 0:off 1:off 2:on 3:on 4:on 5:on 6:offcloudmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:offcrond 0:off 1:off 2:on 3:on 4:on 5:on 6:offecs_mq-service 0:off 1:off 2:on 3:on 4:on 5:on 6:offeni-service 0:off 1:off 2:on 3:on 4:on 5:on 6:offhtcacheclean 0:off 1:off 2:off 3:off 4:off 5:off 6:offhttpd 0:off 1:off 2:off 3:off 4:off 5:off 6:offip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:offiptables 0:off 1:off 2:off 3:off 4:off 5:off 6:offirqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:offiscsi 0:off 1:off 2:off 3:on 4:on 5:on 6:offiscsid 0:off 1:off 2:off 3:on 4:on 5:on 6:offlvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:offmdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:offmultipathd 0:off 1:off 2:off 3:off 4:off 5:off 6:offmysqld 0:off 1:off 2:off 3:off 4:off 5:off 6:offnetconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:offnetfs 0:off 1:off 2:off 3:on 4:on 5:on 6:offnetwork 0:off 1:off 2:on 3:on 4:on 5:on 6:offnscd 0:off 1:off 2:off 3:off 4:off 5:off 6:offntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:offntpdate 0:off 1:off 2:off 3:off 4:off 5:off 6:offphp-fpm 0:off 1:off 2:off 3:off 4:off 5:off 6:offpostfix 0:off 1:off 2:on 3:on 4:on 5:on 6:offrdisc 0:off 1:off 2:off 3:off 4:off 5:off 6:offrestorecond 0:off 1:off 2:off 3:off 4:off 5:off 6:offrsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:offsaslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:offsshd 0:off 1:off 2:on 3:on 4:on 5:on 6:offsvnserve 0:off 1:off 2:off 3:off 4:off 5:off 6:offsysstat 0:off 1:on 2:on 3:on 4:on 5:on 6:offudev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:offxinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:offxinetd based services:chargen-dgram: offchargen-stream: offdaytime-dgram: offdaytime-stream: offdiscard-dgram: offdiscard-stream: offecho-dgram: offecho-stream: offrsync: offtcpmux-server: offtime-dgram: offtime-stream: off[root@localhost ~]#
单独查看某一个服务的状态:
[root@localhost ~]# chkconfig postfix --listpostfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off[root@localhost ~]#
让某个服务开机不启动:
[root@localhost ~]# chkconfig postfix off[root@localhost ~]# chkconfig postfix --listpostfix 0:off 1:off 2:off 3:off 4:off 5:off 6:off[root@localhost ~]#
让某个服务在指定init级别启动:
[root@localhost ~]# chkconfig postfix --level 234 on[root@localhost ~]# chkconfig postfix --listpostfix 0:off 1:off 2:on 3:on 4:on 5:off 6:off[root@localhost ~]#
让某个服务在指定init级别关闭:
[root@localhost ~]# chkconfig postfix --level 234 off[root@localhost ~]# chkconfig postfix --listpostfix 0:off 1:off 2:off 3:off 4:off 5:off 6:off[root@localhost ~]#
让某个服务在所有级别(默认2345)都启动:
[root@localhost ~]# chkconfig postfix on[root@localhost ~]# chkconfig postfix --listpostfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off[root@localhost ~]#
查看系统服务的相关说明:
[root@localhost ~]# rpm -qi $(rpm -qf /etc/init.d/postfix)Name : postfix Relocations: (not relocatable)Version : 2.6.6 Vendor: CentOSRelease : 6.el6_7.1 Build Date: Tue 10 Nov 2015 05:59:54 PM HKTInstall Date: Wed 22 Aug 2018 11:38:05 AM HKT Build Host: c6b8.bsys.dev.centos.orgGroup : System Environment/Daemons Source RPM: postfix-2.6.6-6.el6_7.1.src.rpmSize : 10190116 License: IBMSignature : RSA/SHA1, Tue 10 Nov 2015 08:41:47 PM HKT, Key ID 0946fca2c105b9dePackager : CentOS BuildSystem http://bugs.centos.orgURL : http://www.postfix.orgSummary : Postfix Mail Transport AgentDescription :Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),TLS[root@localhost ~]#
以上命令只适用于系统自带的服务,或者用yum和rpm安装的一些服务,如果是自己源码安装的,可能没这么详细。
自己安装了一些服务之后,可以手动将它们加进系统服务管理中:
如何增加一个服务:
1、服务脚本必须存放在/etc/ini.d/目录下;
2、chkconfig --add servicename
在chkconfig工具服务列表中增加此服务,此时服务会被在/etc/rc.d/rcN.d中赋予K/S入口了;
3.chkconfig --level35 mysqld on
修改服务的默认启动等级。
1.1.2、关闭不需要的服务
这里,postfix服务是提供邮件服务的,这里我们并没有用到,所以我们选择把它关闭
[root@localhost ~]# chkconfig postfix off[root@localhost ~]# chkconfig postfix --listpostfix 0:off 1:off 2:off 3:off 4:off 5:off 6:off[root@localhost ~]#
服务可能在运行,我们让服务现在就关闭:
[root@localhost ~]# service postfix stopShutting down postfix: [ OK ][root@localhost ~]# service postfix statusmaster is stopped[root@localhost ~]#
其它服务也一样操作,下面我们会列出一个可以关闭的服务列表。
1.2、Centos7.x服务操作命令
1.2.1、常用命令
查看服务开启或关闭状态:
CentOS7已不再使用chkconfig 管理启动项,使用systemctl工具来管理服务程序,包括了service和chkconfig
启动一个服务: systemctl start firewalld.service
关闭一个服务: systemctl stop firewalld.service
重启一个服务: systemctl restart firewalld.service
显示一个服务的状态: systemctl status firewalld.service
在开机时启用一个服务: systemctl enable firewalld.service
在开机时禁用一个服务: systemctl disable firewalld.service
查看服务是否开机启动: systemctl is-enabled firewalld.service;echo $?
查看已启动的服务列表: systemctl list-unit-files|grep enabled
使用 systemctl list-unit-files 可以查看各个服务的状态,这个信息有点多,
所以我们过滤一下打开的:
[root@localhost ~]# systemctl list-unit-files | grep enableauditd.service enabled autovt@.service enabled crond.service enabled dbus-org.fedoraproject.FirewallD1.service enabled firewalld.service enabled getty@.service enabled irqbalance.service enabled kdump.service enabled lvm2-monitor.service enabled microcode.service enabled NetworkManager-wait-online.service enabled postfix.service enabled rsyslog.service enabled sshd.service enabled systemd-readahead-collect.service enabled systemd-readahead-drop.service enabled systemd-readahead-replay.service enabled tuned.service enabled vmtoolsd.service enabled xinetd.service enabled dm-event.socket enabled lvm2-lvmetad.socket enabled lvm2-lvmpolld.socket enabled default.target enabled multi-user.target enabled remote-fs.target enabled runlevel2.target enabled runlevel3.target enabled runlevel4.target enabled [root@localhost ~]#
1.2.2、关闭不需要的服务
同上面一样,接下来我们关闭postfix服务。
[root@localhost ~]# systemctl disable postfix.serviceRemoved symlink /etc/systemd/system/multi-user.target.wants/postfix.service.[root@localhost ~]#[root@localhost ~]# systemctl list-unit-files | grep postfixpostfix.service disabled
关闭正在运行的postfix
[root@localhost ~]# systemctl stop postfix.service
1.3、系统启动项列表
参考:
https://www.cnblogs.com/jonsea/p/5571267.html
https://www.getlinux.cn/centos7-x-chang-yong-fu-wu-jian-jie.html
服务名称 | 功能 | 默认 | 建议 | 备注 |
aegis | 阿里云安骑士 | on | on | |
agentwatch | 阿里云Ecs监控 | on | on | |
atd | 计划任务,/etc/at.allow,/etc/at.deny | on | off | 可用crond代替 |
auditd | 配合selinux审核 | on | off | |
autovt | 登录相关 | on | on | |
blk-availability | lvm2相关 | on | on | 有lvm就开 |
cloud-config | Ecs云配置,配合cloud-init | on | on | |
cloud-final | 配合cloud-init | on | on | |
cloud-init | 云初始化服务 | on | on | |
cloud-init-local | 配合cloud-init | on | on | |
cloud-init-upgrade | 配合cloud-init | on | on | |
cloudmonitor | 云监控 | on | on | |
crond | 计划任务 | on | on | |
dbus-org.fedoraproject.FirewallD1 | 桌面网卡管理 | on | off | |
default.target | 默认启动项 | on | on | |
multi-user.target | 同default.target | on | on | |
ecs_mq-service | Ecs相关 | on | on | |
eni-service | Ecs网卡相关 | on | on | |
firewalld | Centos7的默认防火墙 | on | off | |
getty | tty控制台相关 保留 | on | on | |
htcacheclean | Apache清除磁盘缓存 | off | off | |
httpd | http服务器 | off | off | 看需要,可用Nginx代替 |
ip6tables | ipv6防火墙 | on | off | 不用ipv6就关闭 |
iptables | ipv4防火墙 | on | on | 看需要,阿里云安全组可代替 |
irqbalance | cpu负载均衡 | on | on | 多核cpu需要 |
iscsi | 网络存储相关,san | on | off | 看需要 |
iscsid | 网络存储相关,san | on | off | |
kdump | 内核崩溃信息捕获 | on | on | 看需要 |
lvm2-monitor | Lvm监控 | on | on | 有lvm就开 |
mdmonitor | 软raid监控 | on | on | 建议开 |
microcode | 处理器稳定性增强 保留 | on | on | |
multipathd | off | off | ||
NetworkManager-wait-online | 网卡守护进程 关闭 | on | off | |
netconsole | 网络驱动程序调试用 | off | off | |
netfs | 网络文件系统 | on | off | 有用nfs可以开 |
network | 启动是激活网络接口 | on | on | 必须开 |
nscd | name cache,应该与DNS相关 | off | off | |
ntpd | 自动对时服务 | on | on | |
ntpdate | 自动对时服务 | off | off | |
php-fpm | Php解释器 | off | off | 用到开 |
postfix | 替代sendmail的邮件服务器 | on | off | |
rdisc | 自动检测路由器 | off | off | |
restorecond | selinux相关 | off | off | 用selinux就开 |
rsyslog | 系统的日志服务 | on | on | 必须开 |
saslauthd | sasl认证服务相关 | off | off | |
sshd | ssh服务端 | on | on | 必须开 |
svnserve | Svn服务端 | off | off | 服务端开,客户端关闭 |
sysstat | 系统状态监测命令提供 iostat 和 sar | on | on | |
systemd-readahead-collect | 内核调用--预读取 保留 | on | on | |
systemd-readahead-drop | -- | |||
systemd-readahead-replay | -- | |||
dm-event | 设备映射用 | on | on | |
udev-post | 设备管理系统 | on | on | |
xinetd | 超级守护进程 | on | off | 用到可以开 |
remote-fs.target | 远程挂载文件系统 | on | off | 用到再开 |
runlevel2.target | 运行级别 用于兼容6的SysV | on | on | |
runlevel3.target | -- | on | on | |
runlevel4.target | -- | on | on |