Why Remove Services?
Every running service is a potential attack surface. Minimizing installed services reduces security risk and frees system resources.
List Running Services
# All running services
systemctl list-units --type=service --state=running
# All listening ports
ss -tlnp
# All enabled services (start on boot)
systemctl list-unit-files --type=service --state=enabledCommon Unnecessary Services
| Service | Purpose | Action |
|---|---|---|
| avahi-daemon | mDNS/DNS-SD | Disable on servers |
| cups | Printing | Disable unless needed |
| bluetooth | Bluetooth | Disable on servers |
| ModemManager | Modem management | Disable on servers |
| snapd | Snap packages | Remove if not using snaps |
Disable a Service
# Stop and disable
sudo systemctl stop avahi-daemon
sudo systemctl disable avahi-daemon
# Mask to prevent accidental re-enabling
sudo systemctl mask avahi-daemonRemove Unnecessary Packages
# Ubuntu/Debian
sudo apt remove --purge snapd avahi-daemon cups
sudo apt autoremove
# Rocky/Alma
sudo dnf remove avahi cupsRestrict Existing Services
For services you cannot remove, restrict their exposure:
# Bind to localhost only (e.g., MySQL)
bind-address = 127.0.0.1
# Use firewall to block external access
sudo ufw deny 3306Regular Auditing
# Run monthly
ss -tlnp | grep -v "127.0.0.1\|::1" > /tmp/open-ports.txt
# Review for unexpected listeners