Re: Command to check if a service is enabled or disabled ?

Fida jlassi · ‎08-24-2015

Hi,

Which command can be used to check if the unused services are disbled or enabled?

We use Cisco 2811.

Thanks.

Rolando Valenzuela · ‎08-24-2015

Can you be more specific?

Which type of services are you talking about? because it depends on the service or what you are looking for...

Is a good practice to disable all the services you are not going to use on your router, so lets say for example we submit the following commands:

conf t

no identd

no ip domain-lookup

no ip http server

no ip finger

no service pad

no snmp-serverno

no snmp-server community private

no snmp-server community public

no service tcp-small-servers

no service udp-small-servers

no ip gratuitous-arps

Now, instead of check one service at the time you can try with

show run | i no ----------------->(adding a space at the end) and see which service are disable.

Is there an specific command to do that, I dont know it.

P1h3r1e3d13 · ‎11-05-2019

show running-config all shows the full config including defaults.
show running-config all | include ^service|^no service will show you all the services that are enabled or disabled.

This being IOS, I wouldn't be absolutely sure that's everything. E.g. [no] service ? in config mode offers alignment, finger, and others that aren't in the show run all.
And it's not actually a list of what's running on the device. For that, I don't think there's anything better than show process and knowing the names of the services to look for.

I couldn't find a good reference for services either (that's how I ended up here), but this bit got me looking in the right places:
Cisco Guide to Harden Cisco IOS Devices # Disable Unused Services