Remove or Restrict Unneeded Software

You ve done your research and think you know that you can safely remove those extra software packages. If some of the packages are related to services, you can use the techniques described in Chapter 2 to disable the services prior to removing the software to determine the impact on the system. If you don t have that ability or the package is not a service, try to follow a method for removing packages. Don t arbitrarily remove a large group of packages (ten or more) unless you are absolutely positive of the impact on the system. Even if you are sure, try removing packages in small groups and try to remove packages of a group (such as the ones that are related to each other in some way). By removing packages in small groups, you can let your system run a few days to determine the impact on the system. If there are no adverse effects, you can continue to the next set of packages for removal until you have removed all software deemed unnecessary. If there is a problem, you only have to roll back a small amount of packages to determine if that is the root cause. If you were to do all the packages, and problems occurred that were suspected to be related to the package removal, you would have to roll back a large group of packages. The incremental path is the best course of action in this case.


One way to track your actions during a session is to use the script command. This command will allow you to save everything from a terminal window to a file. You can then track all the software modified or removed by reviewing the file at a later date. One problem is that you can accidentally forget to stop the script command, which can create a large file if run too long. To start scripting, run script < filename >. After you have completed your logged session, you can use CTRL-D or CTRL -d (dependent on the shell you are using).

Before removing any packages, you absolutely must have a recent, known good backup of your system and you should always document what you are removing. If you did your homework, you will know what the dependencies are and you can start removing packages with the rpm -e command such as this:

 rpm -e openssl 

Note that you wouldn t succeed if you hadn t removed the package dependencies shown by using rpm -e --test . By default the packages wouldn t be removed with just rpm -e unless you removed the dependent packages, so it is still safe, but it is not in the best form to use -e as a querying tool.

If you installed software with another method than rpm , you will need to view the original makefile that came with your program. Or if you don t have the installation or readme files, you can try to determine where the program and its configuration files resides via the Internet or the source of your software. rpm is the preferred method of installing software due to the ease of removal, update capabilities, and management of the software.

Hardening Linux
Hardening Linux
ISBN: 0072254971
EAN: 2147483647
Year: 2004
Pages: 113

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: