-1

As part of hardening a standalone/dedicated MySQL 5.6 server running on Ubuntu 12.04 LTS, unnecessary services and packages will have to be removed.

For a server that is serving only as a MySQL server, what services and packages should we remove? Is there a list of services/packages that we can use?

Here's a list of services running (?). Which are the ones them look like they could be stopped and their packages removed?

[ ? ]  acpid
[ ? ]  anacron
[ ? ]  atd
[ - ]  bootlogd
[ ? ]  console-setup
[ ? ]  cron
[ ? ]  cryptdisks
[ ? ]  cryptdisks-early
[ ? ]  cryptdisks-enable
[ ? ]  cryptdisks-udev
[ ? ]  dbus
[ ? ]  dmesg
[ - ]  grub-common
[ ? ]  hostname
[ ? ]  hwclock
[ ? ]  hwclock-save
[ - ]  keymap.sh
[ ? ]  killprocs
[ ? ]  module-init-tools
[ ? ]  network-interface
[ ? ]  network-interface-container
[ ? ]  network-interface-security
[ ? ]  networking
[ ? ]  ondemand
[ ? ]  passwd
[ ? ]  plymouth
[ ? ]  plymouth-log
[ ? ]  plymouth-ready
[ ? ]  plymouth-splash
[ ? ]  plymouth-stop
[ ? ]  plymouth-upstart-bridge
[ ? ]  procps
[ ? ]  rc.digitalocean
[ ? ]  rc.local
[ ? ]  resolvconf
[ - ]  rsync
[ ? ]  rsyslog
[ ? ]  sendsigs
[ ? ]  setvtrgb
[ + ]  ssh
[ - ]  stop-bootlogd
[ - ]  stop-bootlogd-single
[ ? ]  sudo
[ ? ]  udev
[ ? ]  udev-fallback-graphics
[ ? ]  udev-finish
[ ? ]  udevmonitor
[ ? ]  udevtrigger
[ ? ]  umountfs
[ ? ]  umountnfs.sh
[ ? ]  umountroot
[ - ]  unattended-upgrades
[ - ]  urandom
Athena Wisdom
  • 213
  • 2
  • 8
  • Closely related: [Which services to disable on a CentOs 5.8 web/database server?](http://serverfault.com/q/441324/126632) – Michael Hampton Feb 17 '14 at 00:53
  • Is there a business reason to start with Ubuntu Server, instead of.... say.... CentOS? Personal Biases aside, you and me both. – MDMoore313 Feb 17 '14 at 00:55
  • 1
    @MDMoore313 Probably not. The developers just "want" it, usually. One problem with Ubuntu here is that it enables everything by default, has no firewall, ... that's two problems. – Michael Hampton Feb 17 '14 at 00:58
  • 3
    Please do not cross-post: http://stackoverflow.com/questions/21818887/removing-unnecessary-services-packages-in-a-mysql-ubuntu-12-04-server - also, I can only echo the comment in the other question: `Work out what ones are not required. And then do your job` – Mark Henderson Feb 17 '14 at 01:17
  • I dont think its similar to `Tips for Securing a LAMP Server`. The server is a dedicated MySQL server and accepts connections from only the app server. – Athena Wisdom Feb 17 '14 at 01:23
  • OK, so you _say_ it's a dedicated server. What's with all the Digital Ocean stuff, then? – Michael Hampton Feb 17 '14 at 01:31
  • By dedicated, I meant to say the main purpose of the server is to act as a MySQL server, if a public facing web server or reverse proxy like Apache/nginx/Passenger is used it will be on a separate machine/instance. – Athena Wisdom Feb 17 '14 at 01:55
  • Well, you have nothing left to do but actually install the service. – Michael Hampton Feb 17 '14 at 02:11

1 Answers1

0

This is already minimalist. You have ssh enabled and that's about it. Almost everything else is startup and shutdown tasks.

One thing you should enable is acpid. Without this, you may not be able to shutdown or reboot your droplet from Digital Ocean's control panel. (Or, on a physical server, the power button will not perform a graceful shutdown but instead hard power off the machine.)

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940