In the process of Linux operation and maintenance, the operation of non-essential services will consume system resources, expand the attack surface, and increase the complexity of maintenance. According to statistics, the default installed CentOS 8 system contains 120+ services, of which about 40% can be safely disabled. Accurately identifying and managing these services is a key practice to improve system performance and security. Especially as a technical position such as a system administrator or operation and maintenance engineer, learning these will help further optimize server performance and security.

From a technical perspective, Linux streamlined management and disabling non-essential service operations involve multiple levels. First, identify which services are non-essential, which needs to be judged in combination with actual business scenarios; secondly, distinguish between stop (temporary) and disable (permanent) operations; finally, security impact and dependencies must be considered. Let's combine this general idea and continue to discuss the method of disabling non-essential servers!

1. Service identification and status analysis

The service discovery technology path can be scanned at the process level:

ps auxf | grep -v '\['

Filter kernel threads (square brackets) and focus on user space service processes. A financial system discovered through this command that the legacy Postfix service occupied 300MB of memory.

Dependency tree analysis reveals the service hierarchy relationship and avoids accidentally stopping key dependencies (such as disabling dbus to cause desktop service crashes):

systemctl list-dependencies --reverse

Network port mapping detects the service process corresponding to the open port. Unknown ports (such as TCP/4444) may be backdoor programs:

ss -tulpn | grep LISTEN

Typical list of services that can be disabled

II. Technical Guide for Service Operations

Temporarily stop the service (not persistent)

sudo systemctl stop avahi-daemon.service # Terminate the process immediately
sudo systemctl mask avahi-daemon.service # Prevent manual/automatic startup

mask creates a symbolic link to /dev/null to achieve strong blocking, which is more thorough than disable.

Permanently disable the service (restart to take effect)

sudo systemctl disable --now cups.service # Stop immediately and disable automatic startup
The --now parameter synchronously executes the stop operation to avoid waiting for restart.

Service status verification

systemctl is-active avahi-daemon # Return inactive to indicate success
systemctl is-enabled cups # Return disabled to confirm disabling

III. Key considerations and risk prevention and control

The dangerous operation in dependency destruction is to directly disable dbus.service, which will cause GNOME to crash and printer failure. The solution is to remove dependent services (such as accounts-daemon) before processing the target service:

systemctl list-dependencies dbus --reverse | grep required

Special service detection command for cloud environment:

sudo strings /usr/sbin/cloud-init | grep -i 'metadata'

Security reinforcement chain reaction, synchronous operation is required after disabling nfs-server:

# Close related ports
sudo firewall-cmd --remove-service=nfs --permanent
# Uninstall kernel module
sudo modprobe -r nfsd

System performance monitoring, perform benchmark tests after service changes:

# Memory usage comparison
free -m | grep Mem
# CPU load detection
sar -u 5 10

IV. Automated management practice

Timed service review script

#!/bin/
# Service whitelist
SAFE_LIST="sshd crond systemd-journald"
for service in $(systemctl list-units --type=service --no-legend | awk '{print $1}'); do
if ! grep -qw "$service" <<< "$SAFE_LIST"; then
if systemctl is-active --quiet "$service"; then
echo "Suspicious running service: $service"
fi
fi
done

Audit and compliance report

# Generate service status report
systemctl list-unit-files --type=service --no-pager service_audit.txt
# Check unmasked services
grep -v masked service_audit.txt | grep enabled
---

V. Deep optimization scenario

Containerized environment disables traditional services such as systemd-logind and enables lightweight alternatives:

Dockerfile
RUN apt-get purge -y dbus && \
apt-get install -y runit

Edge computing nodes remove GUI-related services (gdm.service), kernel-level streamlining:

# Remove useless kernel modules
lsinitramfs /boot/initrd.img-$(uname -r) | grep -E 'nfs|iscsi'

Enable SELinux enforcement mode to protect service processes in a high-security environment:

semanage port -d -t http_port_t -p tcp 8000 # Close non-standard ports

Log enhancement configuration:

journalctl -u sshd --since "1 hour ago" --grep "Failed"

Ultimate practice principle:

Backup before change:

systemctl list-unit-files pre_optimize.txt

Grayscale execution: Test on non-core nodes first and observe for 72 hours

Fuse mechanism: Prepare Live USB emergency recovery image

Three verifications must be done after disabling the service:

1. Restart test:

shutdown -r now

2. Key business connectivity detection (database/network)

3. Security scan:

nmap -sV -O -p- localhost

With the introduction of service sandbox enhancement (RestrictSUIDSGID=yes) in systemd 255, future service management will pay more attention to the principle of least privilege. Only by recording the service fingerprint of each change (systemd-analyze security sshd.service) can a traceable security system be built.

The above shares the service identification method, stop/disable operation steps, precautions, high-risk service processing warnings, etc., to help everyone better manage non-essential services in Linux servers.