Hardening SUSE LInux 11.1 - questions

Good morning Suse Experts
I have found this very extensive tutorial on Suse Security written by Æleen Frisch (author of Essential System Administration)
Linux Hardening

For most of the services i have discovered what their function is on my linux box, but i can not find any documentation on the following services:

Service…YAST->System Services (RunLevel)-> Internal Comment:
a11y…enables a11y support on livecd ??
acpid…acpid reads events from /proc/acpi/event and dispatches them (by SuSE default) to other “users” like powersaved, HAL and IAL. Actions for those events are (by SUSE default) configured in the powersaved configuration. Additionally this start script loads all needed modules.??
brld…Starts brld the braille server ??
sbl…Start suse-blinux ??
avahi-daemon…Avahi, a ZeroConf daemon for mDNS and service registration ??
fbsetup…Framebuffer setup ??
nscd…Start Name Service Cache Daemon ??
postfix…Start the Postfix MTA ??
rpcbind…TI-RPC program number mapper ??
splash…Splash screen setup ??
splash_early…Kills animation after network start ??
stopblktrace…Stopping and parsing the blktrace output ??

**Questions: **

  1. Can you help me with finding more documentation on these services? so i can determine if i can shut these services down or not?

  2. Is there a way / command / program that helps me to identify which service (deamon) belongs to with installed software package?

Thanks for your time and answers

Have you tried http://www.novell.com/documentation/opensuse111/?

And what about the *man *pages of these products. I just took one (nscd) and the man page is there. When you studied it and still havce questions we are there to try to help you.

Hi

  1. man is your friend (as long as you have installed the manual pages). e.g. ‘man rpcbind’. postfix is the mail transport agent and is the default on openSuSE-11.1. It is intended as a replacement for sendmail.

  2. You could use Yast’s search function in the software installation menu.

Thanks for the references to the self-study material already present in my Open Suse installation

Question:

  1. Are their any more sources on a default Suse installation that i can look into myself? (besides the man man command)

Regards, Ronald

ronaldvermeij wrote:

>
> QUESTION:
> 1. Are their any more sources on a default Suse installation that i can
> look into myself? (besides the man man command)
>
This is a very general question, have you looked at the official pdf manuals
from novell?

http://www.novell.com/documentation/opensuse112/

esp. ReferenceGuide and Security Guide

ronaldvermeij wrote:
> 1. Are their any more sources on a default Suse installation that i can
> look into myself?

try wandering around in /usr/share/doc in the browser of your choice
(take a bottle of water and a pillow)

and, if don’t find there all you need then have a look at one of my
previous postings on documentation: http://tinyurl.com/ybklh48


palladium

Thanks Martin for pointing me to those manuals… I did not have discovered them yet :slight_smile: and I’m downloading them right now.

Question:

  1. What is the usual “Linux community way” to walk when
    **man <something> **
    does return the error "there is no man pages for this item?
    A - “Post my question in Open Suse forums (and get referred back to a non existing manual page?”)
    B - “Fire up browser and keep googling for the answer?”
    C - The other option ??
    D - The next option ??

**2. Are there any more “fountains / sources of 100 % pure Suse Linux knowledge” online. **
So I can look and learn my own Open Suse Linux related answers?

Thanks for your willingness, effort and time to help me get around in Open Suse Linux land

Regards, Ronald

@Voodoo:

  1. You could use Yast’s search function in the software installation menu.

This does not always help me to learn more about a certain service. Sometimes the description is very crappy and does not contribute to a meaningfull insight of the function of that software / service installed on your computer system.

To show you what i mean… here are some example of this “crappyness”
Start → Yast → System Services
*-> a11y → this enables a11y support on livecd’s
→ brld → starts brld the braille service
→ fbsetup → Framebuffer setup
→ raw → raw devices
→ sbl → start suse-blinux
*

Simple “oneliners as comment” that give me no clue to their functionality
or wether i can turn this service on,off without endangering my computers operational stablility…

Question
Is there, do you know a “Open Suse Linux services dependency tree” / documentation, which can provide me insight in

  • which services depend on which other services
  • which services i do not need (from the default installation)
  • which services can be safely turned off in order to gain more speeds, cpupower, security?

I have already found the /etc/rcd.X/ABCDEFA…files in which i can read the following information

BEGIN INIT INFO

Provides:

Required to start:

Should start

Should stop

Short Description:

END INIT INFO

Thanks for you answers, Ronald

No i can find the linux answers myself again :slight_smile:
THAT was EXACTLY what i was searching for!

Thank you, Thank you, Thank you very much Palladium…
Regards, Ronald

“Just show me the path to the manual, and i assimilate it myself”

ronaldvermeij wrote:

>
> Thanks Martin for pointing me to those manuals… I did not have
> discovered them yet :slight_smile: and I’m downloading them right now.
>
>
> QUESTION:
> 1. What is the usual “Linux community way” to walk when
> MAN <SOMETHING>
> does return the error "there is no man pages for this item?
> A - “Post my question in Open Suse forums (and get referred back to a
> non existing manual page?”)
> B - “Fire up browser and keep googling for the answer?”
> C - The other option ??
> D - The next option ??
>
>
> 2. ARE THERE ANY MORE “FOUNTAINS / SOURCES OF 100 % PURE SUSE LINUX
> KNOWLEDGE” ONLINE.
> So I can look and learn my own Open Suse Linux related answers?
>
>
> Thanks for your willingness, effort and time to help me get around in
> Open Suse Linux land
>
> Regards, Ronald
>
>
There is of course the /usr/share/doc with package specific information
(sometimes it contains many informations sometimes nearly nothing)

The command “susehelp” opens the help center

And the info command

If you find nothing in man/info/susehelp (which can happen of course) it
will be difficult to do it “the linux way”, it is the point when I start
“googling”.

There are of course many not distro specific documentations available
(opensuse is after all a linux - so not everything is specific) and you may
want to look at the linux documentation project

tldp.org

and there is the opensuse wiki with a search function

http://en.opensuse.org/Welcome_to_openSUSE.org

and the inofficial

http://opensuse-community.org/Welcome_to_openSUSE-Community.org

Thank you very much too Martin!

It feels like i no have all the Linux knowledge I need :slight_smile: in order to really master my OpenSuse system.

Regards, Ronald

ronaldvermeij wrote:
> QUESTION:
> 1. What is the usual “Linux community way” to walk when
> MAN <SOMETHING>
> does return the error "there is no man pages for this item?

usually when you get that error it means the manual for (say) atop is
not on you machine because atop is not either (that is, not every
possible service, utility, etc which exists for Linux in automatically
installed, but when/if you decide to install atop the manual will
automatically be installed also!!

cool huh?


palladium

Hello Palladium,

usually when you get that error it means the manual for (say) atop is not on you machine because atop is not either

  1. I understand when something is NOT installed on your system, their is also NO documentation installed with it.
    This seems very logical to me.

that is, not every possible service, utility, etc which exists for Linux in automatically installed, but when/if you decide to install atop the manual will automatically be installed also!!

  1. Is that a 100% guaranty? Or is that dependant on the software builder and packager of this software_rpm, package to include documentation to (beside the executable, sourcecode and readme files)

  2. Can I come to this conclusion that, if i enter

  • man <some app_name>,
  • man <utility_name> or
  • man <service name>
    and it gives back an error, then this items is not installed on my computer?

ronaldvermeij wrote:
> 2. Is that a 100% guaranty? Or is that dependant on the software
> builder and packager of this software_rpm, package to include
> documentation to (beside the executable, sourcecode and readme files)

if you want a guaranty then you need to purchase guaranteed software
from people who do not make any mistakes, ever… :wink:

> 3. Can I come to this conclusion that, if i enter
> - man <some app_name>,
> - man <utility_name> or
> - man <service name>
> and it gives back an error, then this items is not installed on my
> computer?

no, i would assume that of the thousands and thousands of application,
utilities and services that there are MANY with no, or out of date man
pages…but, i’ve not yet run into any apps/utils/services that i
couldn’t find what i need either via man, info (don’t forget to try
info [something]) or Google!!

but, most of the time you get an error it will be the case that the
app/etc is not installed…

however, SOME of the time you may be trying to read documents that are
not in the user’s path (because the are usually needed by root, only)…

in that case you might find it by first becoming root in the terminal with


su -

and then try man/info

do you know how to find if you do have the [something] installed, and
where it is hiding on your drives?
if not see:


man find
man locate
man which

and, before your next question see if you can find the answer by
beginning here: http://tinyurl.com/ybklh48


palladium

if you want a guaranty then you need to purchase guaranteed software from people who do not make any mistakes, ever… :wink:

Lol :stuck_out_tongue:

but, i’ve not yet run into any apps/utils/services that i
couldn’t find what i need either via man, info (don’t forget to try
info [something]) or Google!!

Thanks for refreshing my mind on the info command.

do you know how to find if you do have the [something] installed, and where it is hiding on your drives?

Yeap!

  • Open terminal window to the commandline
  • promote myself to Root via SU
  • find / | grep <searchstring> | more or
  • find / | grep <searchstring> > tekstfile.txt and digg throught the results

and, before your next question see if you can find the answer by
beginning here: Beginner resources - openSUSE Forums

Thanks Palladium!
Your extensive and detailed help has giving me more than enough (up to date) resources and homework to continue to study on (Open Suse) Linux :-).

Last night I rediscovered an old and dusty “Suse Linux 6.3 - installation, configuration - First steps manual” in a stack of dusty old computer books on my attic. This book answered a lot of questions i had on various topics, so i guess it will take a while before showing up and ask questions again

Regards, Ronald

[Personal message to Palladium and Martin_Helm:]

I want to both thank you personally for the time and effort you helped me with. In gently showing me “the way” to get familiar and around in Linux Land. Is it because of people like you that make online communities VERY worth visiting!!

You both respect a persons willingness to learn (and not let your ego get in the way!) and help them with tiny(url) step-by-step… That is the same teaching spirit I have in other fields of ict-expertize and many other field of knowlegde

Thank you “Linux Masters”… for educating me in “The True way of the Pinguin”

Regards, Ronald

hmmm…thanks, but i’m a linux novice, i’ve only been using off and on
since RH5.1 came inside a multi-pound (weight) 1998 book <Linux
Unleashed - Third Edition> i still use…

i didn’t actually abandon Redmond until 1995, and used nothing but
OS/2 until i started dabbling with RH…switched entirely to RH in
about 2001/2, then mandrivia, and i don’t remember until SuSE 9.x
which fit…(fit better than 11.2…i’m still on 10.3 :slight_smile:

my suggestion to read before asking was NOT to run you off,
really…we LIKE questions from folks who read their way into a corner!!

and, as for your search via ‘find’ i just wanna suggest you look into
installing ‘locate’ then read man locate and man updatedb…then run
it in a root powered terminal at a time you can let the machine ‘sit
and think’ a while…afterwards you will like the speed…

also, as teased you with a Q, one of the answers i was thinking about
was ‘which’ as in which man


palladium

Please note that you did not do what was suggested; it was suggested that you look in the Yast > Install software and you looked in Yast > Stop and Start Services.

Err, although in the case of such services it wouldn’t have helped much; the reason for this is that most of the services are not packages in themselves but a file within a package that includes a few related services and utilities. The description that you get is then a description of the overall package which probably only gives a somewhat indirect clue to what a particular service does for you.

-> brld -> starts brld the braille service

…and do you want Braille?

  • which services can be safely turned off in order to gain more speeds, cpupower, security?

You probably won’t gain much speed this way -after all, we are discussing services that are apparently doing nothing for you- unless, maybe you are rather short of memory and not running a service helps save enough memory to make a difference. So, don’t get you hopes up too high.

  1. Is that a 100% guaranty?

For software that you got for zero cost, under certain circumstances, you can get all the money that you paid to the Vendor back if it doesn’t meet your requirements :expressionless:

Of course, you can always pay more for the software in order to get more money back. You’ll still not get more than you paid for it, so this doesn’t seem like a money-making scheme, although some people see this as an argument for paying for software.

@Palladium:

we LIKE questions from folks who read their way into a corner!!

Then you speak - purely for yourself - and i like you for that Palladium!
Other forumusers @ this place sometimes appears to me if they “feel offened” that a novice like me, dares even to bother their ego, time, knowlegde and that is what i seriously hate. It seems to me that “those forums users”, use “novice people” as a target to unleash their own frustrations upon, and that is NOT why i show up here and start asking (novice_level) questions.

@markone:
I discovered this section today which makes me really happy :slight_smile:
http://www.novell.com/products/server/techspecs.html

You probably won’t gain much speed this way -after all, we are discussing services that are apparently doing nothing for you- unless, maybe you are rather short of memory and not running a service helps save enough memory to make a difference. So, don’t get you hopes up too high.

Thanks for the reminder markone.
I’m still on a “recon-mission” through my (default setup) Open Suse system, to identify the services and their boot-order which have been installed by default.
Now i am on a search_trail to finding out if i do really NEED all the default packages …
The less the better is my motto

After all, a service that you do not load, boot cannot be compromised from the outside :wink: right?
In this “stripping process” i also free up memory for the rest of the Operating System. This will - automatically - redirect more remaining processorpower to the rest of the (necessary) services and applications i am running. So its is a win-win situation for me.

For software that you got for zero cost, under certain circumstances, you can get all the money that you paid to the Vendor back if it doesn’t meet your requirements. Of course, you can always pay more for the software in order to get more money back. You’ll still not get more than you paid for it, so this doesn’t seem like a money-making scheme, although some people see this as an argument for paying for software.

That is not my intention markone.
I like Linux (in general) very much and Open Suse (especially), so i want to “get to know it”, “master it inside-out”, like i did on the windows platform for the last 3 decades.

Thanks for your kindly reply guys :slight_smile: