Hi list! Many of you have probably noticed that openSUSE by default installs (and starts) a number of applications that many people do not need. Examples are the sshd (even started on desktop systems...), Kinternet and the like. If these unneeded programs get removed, we can save a couple of MB of RAM and also make booting faster. I tried this with the following programs that are started by default, but unnecessary on _my_ system: kinternet, sshd, klipper, smpppd, susewatcher. On a freshly booted system, memory usage went down from 87.8 to 82.7 megabytes. This means I can save 5.1MB of RAM. On other systems you will of course have different results because the user may have a different setup. So I think we should have a small tool that asks the user a few questions about his system and disables/uninstalls the programs in question. These few MB could make quite a difference for people with little RAM! Another candidate on my list is portmap. It is needed for importing NFS file systems, which not that many people do. I'm just wondering if it is also necessary for anything else that a user might want? Maybe other programs could be disabled as well. Feel free to suggest one. Cheers nordi
On Friday 02 September 2005 21:56, nordi wrote:
I tried this with the following programs that are started by default, but unnecessary on _my_ system: kinternet, sshd, klipper, smpppd, susewatcher. On a freshly booted system, memory usage went down from 87.8 to 82.7 megabytes. This means I can save 5.1MB of RAM.
So I think we should have a small tool that asks the user a few questions about his system and disables/uninstalls the programs in question.
Regarding klipper, susewatcher, and kinternet. Having them started by default makes it easier to access them for novice users. They see for example the connection icon in their system tray and if they click it can modify their internet connection or get a graph of the transfer speed. If they close the app they get questioned if the app should start automatically next time the user logs in. Now on the other side, if you disable them by default, it's much more difficult for a novice user to access them, if they don't know about the application a priori. Thus from a usability point of view I think the opt-out is here better than the opt-in. Also I don't think it's a good thing to ask the user a lot of questions during installation. I am a big fan of reducing the number of questions during installation as much as possible. Ubuntu gets much praise for their installation because they try hard not to ask questions during installation. I think your tool is more for novice users, right? More knowledable people can choose to not install unneeded stuff at all or disable it with ease. How about an other solution for apps in KDE's kicker (like kinternet, klipper, susewatcher)? If the users doesn't use, i.e. clicks on, the app for some time he gets asked (via passive popup) if the application should be disabled because apparently he doesn't use it? Of course this doesn't help with unneeded daemons. It's probably a very common task to disable all unneeded daemons after installation. Here a small tool which guides the user through the task could be very handy. Another issue regarding daemons. I think it would be a good policy that all daemons which get installed after the initial installation of the system should be disabled by default. Always. Cheers, Andreas
Andreas Simon wrote:
Also I don't think it's a good thing to ask the user a lot of questions during installation. I am a big fan of reducing the number of questions during installation as much as possible.
Yes, the installation should be as simple as possible. But I meant a tool as in "when you want to slim down your Suse system, run this program".
It's probably a very common task to disable all unneeded daemons after installation. Here a small tool which guides the user through the task could be very handy.
This is exactly what I meant. Something like the good old "hardensuse" script, but not (only) for security but for performance. You could automate part of it like gotisdn=`lspci | grep -i ISDN` if [ -z "$gotisdn" ]; then echo "You do not seem to have ISDN hardware. Do you want to...." .... fi This way you could remove another unneeded SUID binary. But how do you find out if the user has used klipper or kinternet? If you want to automatically detect if these have been used you'd need to integrate this directly into the application itself. Maybe for kinternet you could work with access times/md5sums of configuration files (never used it).
Another issue regarding daemons. I think it would be a good policy that all daemons which get installed after the initial installation of the system should be disabled by default. Always.
I agree on this one. I really wonder why it is that the sshd is installed and started by default when the firewall is also started by default, thus making sshd useless. Cheers nordi
Well, I have written a script that will ask you if you need certain applications. It also tries to be smart and detect if you need/use a program and will then not ask you about it. You can get the program at [1]. I called it "haash" as in "harden and shrink". It checks for sshd, smpppd, sudo and i4lbase but will cover more programs as time passes. Try it out and tell me how it can be improved. Cheers nordi [1] http://private.addcom.de/nordi/super/haash.sh
On Thu, Sep 22, 2005 at 02:41:05PM +0200, nordi wrote:
Well, I have written a script that will ask you if you need certain applications. It also tries to be smart and detect if you need/use a program and will then not ask you about it.
You can get the program at [1]. I called it "haash" as in "harden and shrink". It checks for sshd, smpppd, sudo and i4lbase but will cover more programs as time passes. Try it out and tell me how it can be improved.
I ran it on my 9.1 SUSE and there I do not get asked for my password when I was a regurlar user. Otherwise, nice script. It worked under 9.1 houghi -- Quote correct (NL) http://www.briachons.org/art/quote/ Zitiere richtig (DE) http://www.afaik.de/usenet/faq/zitieren Quote correctly (EN) http://www.netmeister.org/news/learn2quote.html
houghi wrote:
I ran it on my 9.1 SUSE and there I do not get asked for my password when I was a regurlar user. Otherwise, nice script. It worked under 9.1
Wow! If it works for older Suse releases as well this is great news. That means the script will be useful for even more people. I have put a second release on the server that will refuse to run unless started by root. Now it also checks for kinternet. Cheers nordi
participants (3)
-
Andreas Simon
-
houghi
-
nordi