Re: Putting linux on a diet
From: I R A Darth Aggie (sy_nttvr_at_gurcragntba.pbz)
Date: 17 Jul 2003 18:18:26 GMT
On Wed, 16 Jul 2003 16:11:56 +0100,
Simon Tompson <firstname.lastname@example.org>, in
+> Hi - I've just installed YDL3.0 on an old Powerbook 5300c which has only
+> 32mb RAM.
Can you obtain more memory? I think you can do what you want in this
footprint, but your machine will be much more happy if it has more
memory. But that may not be possible, so we'll look at other things
you can do.
+> I'm looking to run this box purely as a web/ftp/mail server so X11 is not
+> installed. Given the limited RAM I'd like to ensure any unnecessary
+> processes are not running.
+> Can anyone advise typical processes I can get rid of on a Linux box
+> used for this purpose alone?
Well, you get rid of anything you don't need[*]. As I recally, YDL is a
Redhat-ish system, so find out what 'chkconfig --list' tells you is
[*]what you think you need and what your services think they need can
be quite different... :-[
You'll get something like:
# chkconfig --list
smbshare 0:off 1:off 2:off 3:on 4:on 5:on 6:off
kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
random 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off
pcmcia 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xinetd based services:
Ok, in the above examle, I notice that the pcmcia subsystem is
enabled. Ok, this is from a desktop machine, I don't *have* pcmcia! so
let's turn it off:
# chkconfig --level 2345 pcmcia off
# chkconfig --list pcmcia
pcmcia 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Ok, so pcmcia is turned off. Once you've checked that, either run an
exhaustive portscan (# nmap localhost -p1-65535), or a "netstat -a"
and get an idea of what ports are open and what applications are
Obviously, you'll have to turn on the web/mail/ftp services. :-) If
this machine will be connected to the commodity internet, you'll also
want to have iptables (or other packet filter/firewall) running, so
you can try to limit the machine's exposure to the outside
world. You'll probably want to have sshd running so you can log in
Most of the contents of /etc/init.d/* will be configurable from
chkconfig. Double check to make sure that nothing unwanted is sneaking
in and runnning without chkconfig's knowledge.
Double check the cron and at job queues to see if there are recurring
jobs that are run. /etc/cron* is a good place to look, and the at
daemon (atd) can probably be turned off in its entirety.
+> Thanks in advance for any help / pointers.
Take a peak at the various "hardening linux" sites.
-- Consulting Minister for Consultants, DNRC I can please only one person per day. Today is not your day. Tomorrow isn't looking good, either. I am BOFH. Resistance is futile. Your network will be assimilated.