I’m trying to uninstall basically all gui-related applications from an OpenSuse Harlequin, which acts as a server in a small company. Reinstalling it completely is not an option (for now). I’ve tried zypper rm kde*, but whenever I do that, it says that it’s going to install another 5 NEW packages: NetworkManager-gnome NetworkManager-openvpn-gnome NetworkManager-pptp-gnome NetworkManager-vpnc-gnome libnm-gtk0.
Someone answered on another forum that NetworkMananger is an essential package and that’s the reason why it’s doing this. I have trouble believing that, and I told him so (I am running a Centos 7 on a vps on which NetworkMananger is uninstalled), especially given the fact that zypper is not trying to install NetworkMananger per se, but the gnome version, which is rather different.
So my question is, how do I uninstall the the gui-related software without causing too much damage? The server only runs samba and owncloud, so it’s clearly not dependent on any GUI app (except stuff like phpmyadmin, if that counts etc.)
Unless you are really tight on disk space, it would be easier to just leave the GUI software there, but don’t use it.
If I really really had to remove the GUI software, I would probably just do a fresh install using the same partitions, and select “minimal X” during the install. That would give Icewm, and a few basic applications such as “xterm” but omit most of the serious GUI stuff.
First of all, I’m thinking of good practises in linux. Meaning that a server shouldn’t have any redundant, useless software installed. You can never know when it becomes a security threat. And yes, as far as I’m concerned, a real Linux server shouldn’t be GUI, it should be fundamentally text-based. The server is bound to be more vulnerable, because there’s much more code to deal with and you can never know. Of course, I won’t include cpanel, phpmyadmin and stuff like that.
Well it is up to the admin if he wants a GUI or not. GUI’s can make admin tasks easier sometimes but for a server are not needed and only consume resources if booted into. But GUIs in themselves are not a security problem and just running in text mode is not necessarily secure. If you don’t run the GUI it does nothing but take up a bit of disk space like any other program. In Linux the GUI is just another program not part of the kernel.
I agree, but in that case I, as system manager, would install the system as a text only system such from the very beginning. Not first install a huge bunch of applications (because that is what a DE is) that draw in a lot of stuff as dependancies and then trying if I can undo that.
If you’re talking about “attack surface” which is to minimize the ways an attacker might try to exploit your system, the general recommended approach is to minimize the number of potentially exposed functionality.
So yes, especially if you’re building from scratch you might want to select an installation option with minimal functionality, and this would be “best practice.”
If you already have a fully configured system, that might or might not be practical, particularly if it’s complex, ie multiple functionality, possibly configured with a significant number of users.
If re-installing is not an option, you can harden a system which means that unnecessary services are turned off and a “shell” (ie firewall for network purposes) is configured to block anything unnecessary. You would also want to implement a password policy that enforces hack-resistant passwords.
As a currently actively maintained version of openSUSE, updates and patches for 13.2 are continually created and should be applied.
The other main reason to remove or select a “lesser” Desktop is for performance. KDE is meant for relatively non-technical Users who want or need to have many things done automatically. If you appreciate the benefits of so many automated services helping you, then keep KDE. If not, I highly recommend you install either LXDE or XFCE as “lighter” Desktop (Full basic Desktop functionality but without frills) or Server (text only) or MinimalX. Be aware that migrating to a “no GUI at all” Server configuration requires some work and some extra packages that don’t exist when running a Desktop. For many people I would not recommend a text-only Server mode because nowadays people aren’t so fluent without a GUI and I’d admit that there are lots of things that are just easier with a GUI (for example, have you recently tried to browse a website looking for a download using a text-only browser when today’s websites are never built for text only?).
I agree with everything, except what you’re saying about the browser. That’s not a real argument No one who’s fluent in linux and uses virtually only cli would actually browse with a text-based browser. You could easily make up for it by connecting through ssh and use your computer’s browser, if you really need to download something specific, etc.
There’s a lot to learn about the cli, I agree, it’s like a foreign language and that’s why it seems so daunting to so many, but if you become fluent in it, in many ways it’s still much faster, and, more importantly, you understand exactly how the system works, without having to turn to “middleman” gui programs.
