Re: How to prevent daemons from ever being started?
Hi, On Mon, May 15, 2006 at 08:49:36PM +0200, Javier Fernández-Sanguino Peña wrote: Please see http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html#s-disableserv and the preceeding paragraph: If you want to keep some services but use them rarely, use the update-commands, e.g. update-inetd and update-rc.d to remove them from the startup process. For more information on how to disable network services read Disabling daemon services, Section 3.6.1. If you want to change the default behaviour of starting up services on installation of their associated packages[4] use policy-rc.d, please read /usr/share/doc/sysv-rcREADME.policy-rc.d.gz for more information. I believe all the mechanisms dissuggested in this thread are already there. Yes, policy-rc.d indeed looks like it does what I want, thanks! Uwe. -- Uwe Hermann http://www.hermann-uwe.de http://www.it-services-uh.de | http://www.crazy-hacks.org http://www.holsham-traders.de | http://www.unmaintained-free-software.org signature.asc Description: Digital signature
Re: How to prevent daemons from ever being started?
On Mon, May 15, 2006 at 10:27:00PM -0700, Vineet Kumar wrote: echo This daemon has been disabled exit 0 near the top of the init.d scripts :) using a /etc/default/daemon DAEMON=disable and a small check in the init.d script is what lots of packages actually do. I think Uwe wanted them to not start automatically at boot but to be able to invoke the init script manually. Both of these ideas prevent the manual invocation as well. Correct. And I also don't like the idea of manually editing files in /etc/init.d... I think policy-rc.d looks like what I want. Uwe. -- Uwe Hermann http://www.hermann-uwe.de http://www.it-services-uh.de | http://www.crazy-hacks.org http://www.holsham-traders.de | http://www.unmaintained-free-software.org signature.asc Description: Digital signature
Re: How to prevent daemons from ever being started?
Hi, On 15.05. 17:09, Uwe Hermann wrote: What is the Debian way to prevent any daemon from ever starting, whether upon reboot, upon upgrade, upon new install etc. If your default runlevel is 2, delete the symlink to the respective init script in /etc/rc2.d or even in /etc/rc[2345].d. Just make sure that there is at least one such symlink still in place in any of /etc/rc[S0123456].d. If you do it like this no new symlinks will be created upon upgrade. Regards uLI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to prevent daemons from ever being started?
On Mon, May 15, 2006 at 01:49:57PM -0300, Henrique de Moraes Holschuh wrote: On Mon, 15 May 2006, Emanuele Rocca wrote: I don't have an answer for the don't start upon new install problem, though. I do. invoke-rc.d support is *mandatory* now in Debian, which means that for Sid and Etch you can write a policy-rc.d file that forbids starting new daemons before you configure them. There are no such scripts packaged yet, although they are quite simple to Sure, the runit-run package includes a policy-rc.d since ages. The runit init scheme's policy is to not run any init scripts at all through invoke-rc.d; so not on packages installation, upgrade, or on system boot. Regards, Gerrit. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
How to prevent daemons from ever being started?
Hi, just a random question I wanted to ask for quite a while now: What is the Debian way to prevent any daemon from ever starting, whether upon reboot, upon upgrade, upon new install etc. I know I can do * /etc/init.d/foobar stop to stop the daemon at this very moment (but it'll be re-started upon reboot, often (always?) also upon upgrade of the foobar package). * /usr/sbin/update-rc.d -f foobar remove to prevent the starting of the daemon upon reboot. However, most often this will have to be done _again_ if the foobar package is upgraded... I have been using a small /etc/rc.boot/remove_daemons script for quite a while now to kill off daemons upon every reboot on my laptop. Basically it looks like: #!/bin/sh /usr/sbin/update-rc.d -f lpd remove /dev/null /usr/sbin/update-rc.d -f fetchmail remove /dev/null /usr/sbin/update-rc.d -f dictd remove /dev/null /usr/sbin/update-rc.d -f xprint remove /dev/null /usr/sbin/update-rc.d -f ssh remove /dev/null [] It kills all daemons I don't want to run per default (but I still want to be installed, e.g. for manual starting in certain situations). Now, I _could_ run my /etc/rc.boot/remove_daemons script in a cronjob every minute or so, but there sure has to be a more elegant way... Besides, I need to manually maintain the contents of the script, adding whatever packages I newly install. That's tedious and error-prone. How would you go about ensuring that _no daemon at all_ is ever started on your system, except when you explicitly type etc/init.d/foobar start? Uwe. -- Uwe Hermann http://www.hermann-uwe.de http://www.it-services-uh.de | http://www.crazy-hacks.org http://www.holsham-traders.de | http://www.unmaintained-free-software.org signature.asc Description: Digital signature
Re: How to prevent daemons from ever being started?
also sprach Uwe Hermann [EMAIL PROTECTED] [2006.05.15.1009 -0500]: What is the Debian way to prevent any daemon from ever starting, whether upon reboot, upon upgrade, upon new install etc. Right now, the best you can do is * /usr/sbin/update-rc.d -f foobar remove to prevent the starting of the daemon upon reboot. However, most often this will have to be done _again_ if the foobar package is upgraded... and then run update-rc.d foobar stop 0 0 1 2 3 4 5 6 . This will stop it on startup, and if the package is upgraded, update-rc.d will not install new links, because some are already in place. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system wer in einem gewissen alter nicht merkt, daß er hauptsächlich von idioten umgeben ist, merkt das aus einem gewissen grund nicht. -- kurt götz signature.asc Description: Digital signature (GPG/PGP)
Re: How to prevent daemons from ever being started?
Hello Uwe, * Uwe Hermann [EMAIL PROTECTED], [2006-05-15 17:09 +0200]: What is the Debian way to prevent any daemon from ever starting, whether upon reboot, upon upgrade, upon new install etc. I know I can do * /etc/init.d/foobar stop to stop the daemon at this very moment (but it'll be re-started upon reboot, often (always?) also upon upgrade of the foobar package). * /usr/sbin/update-rc.d -f foobar remove to prevent the starting of the daemon upon reboot. However, most often this will have to be done _again_ if the foobar package is upgraded... The correct way to disable a service is renaming the symlink to Kxyservice. http://www.debian.org/doc/manuals/reference/ch-system.en.html#s-custombootscripts You should really not use update-rc.d. Quoting update-rc.d(8): Please note that this program was designed for use in package maintainer scripts and, accordingly, has only the very limited functionality required by such scripts. System administrators are not encouraged to use update-rc.d to manage runlevels. They should edit the links directly or use runlevel editors such as sysv-rc-conf and bum instead. I don't have an answer for the don't start upon new install problem, though. ciao, ema signature.asc Description: Digital signature
Re: How to prevent daemons from ever being started?
On Mon, May 15, 2006 at 05:50:26PM +0200, Emanuele Rocca wrote: Hello Uwe, * Uwe Hermann [EMAIL PROTECTED], [2006-05-15 17:09 +0200]: What is the Debian way to prevent any daemon from ever starting, whether upon reboot, upon upgrade, upon new install etc. I know I can do * /etc/init.d/foobar stop to stop the daemon at this very moment (but it'll be re-started upon reboot, often (always?) also upon upgrade of the foobar package). * /usr/sbin/update-rc.d -f foobar remove to prevent the starting of the daemon upon reboot. However, most often this will have to be done _again_ if the foobar package is upgraded... The correct way to disable a service is renaming the symlink to Kxyservice. http://www.debian.org/doc/manuals/reference/ch-system.en.html#s-custombootscripts You should really not use update-rc.d. Quoting update-rc.d(8): Please note that this program was designed for use in package maintainer scripts and, accordingly, has only the very limited functionality required by such scripts. System administrators are not encouraged to use update-rc.d to manage runlevels. They should edit the links directly or use runlevel editors such as sysv-rc-conf and bum instead. I don't have an answer for the don't start upon new install problem, though. while it doesn't cover at system installation time couldn't you get this out of policy-rc.d ?? To impact at system install time I suppose you're talking something like a CDD ? Regards, Paddy -- Perl 6 will give you the big knob. -- Larry Wall -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to prevent daemons from ever being started?
El Mon, May 15, 2006 at 10:27:12AM -0500, martin f krafft va escriure: also sprach Uwe Hermann [EMAIL PROTECTED] [2006.05.15.1009 -0500]: What is the Debian way to prevent any daemon from ever starting, whether upon reboot, upon upgrade, upon new install etc. Right now, the best you can do is * /usr/sbin/update-rc.d -f foobar remove to prevent the starting of the daemon upon reboot. However, most often this will have to be done _again_ if the foobar package is upgraded... and then run update-rc.d foobar stop 0 0 1 2 3 4 5 6 . This will stop it on startup, and if the package is upgraded, update-rc.d will not install new links, because some are already in place. Just FYI, to perform this task I use the sysv-rc-conf program (included on the package with the same name): # sysv-rc-conf foobar off The advantage of using this program instead of doing things manually is that if you re-enable the service: # sysv-rc-conf foobar on the rc.d links are returned to the status they had before the 'off' call. -- Sergio Talens-Oliag [EMAIL PROTECTED] http://people.debian.org/~sto/ Key fingerprint = 29DF 544F 1BD9 548C 8F15 86EF 6770 052B B8C1 FA69 signature.asc Description: Digital signature
Re: How to prevent daemons from ever being started?
On Monday 15 May 2006 16:09, Uwe Hermann wrote: Hi, just a random question I wanted to ask for quite a while now: What is the Debian way to prevent any daemon from ever starting, whether upon reboot, upon upgrade, upon new install etc. I know I can do * /etc/init.d/foobar stop * /usr/sbin/update-rc.d -f foobar remove Not the debian way, but since there doesn't seem to be one (I thought update-rc.d or rcconf did it fine, until now :), you can also put: echo This daemon has been disabled exit 0 near the top of the init.d scripts :) -- Lee Braiden http://DigitalUnleashed.com Since war begins in the minds of men, it is in the minds of men that defences of peace must be constructed. -- Constitution of UNESCO, 1945 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to prevent daemons from ever being started?
On Monday 15 May 2006 11:09, Uwe Hermann wrote: Hi, just a random question I wanted to ask for quite a while now: What is the Debian way to prevent any daemon from ever starting, whether upon reboot, upon upgrade, upon new install etc. ... How would you go about ensuring that _no daemon at all_ is ever started on your system, except when you explicitly type etc/init.d/foobar start? Setting the default run level to 'single user' should nearly do the trick. Change /etc/inittab, thusly: # The default runlevel. id:S:initdefault: It might not be the Debian way, but it's the unix way. :) :) Neal -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to prevent daemons from ever being started?
On Mon, 15 May 2006, Emanuele Rocca wrote: I don't have an answer for the don't start upon new install problem, though. I do. invoke-rc.d support is *mandatory* now in Debian, which means that for Sid and Etch you can write a policy-rc.d file that forbids starting new daemons before you configure them. There are no such scripts packaged yet, although they are quite simple to write. See package policyrcd-script-zg2, and the file /usr/share/doc/sysv-rc/README.policy-rc.d.gz which is distributed by the sysv-rc package. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to prevent daemons from ever being started?
On Monday 15 May 2006 13:31, Lee Braiden wrote: On Monday 15 May 2006 16:09, Uwe Hermann wrote: Hi, just a random question I wanted to ask for quite a while now: What is the Debian way to prevent any daemon from ever starting, whether upon reboot, upon upgrade, upon new install etc. I know I can do * /etc/init.d/foobar stop * /usr/sbin/update-rc.d -f foobar remove Not the debian way, but since there doesn't seem to be one (I thought update-rc.d or rcconf did it fine, until now :), you can also put: echo This daemon has been disabled exit 0 near the top of the init.d scripts :) using a /etc/default/daemon DAEMON=disable and a small check in the init.d script is what lots of packages actually do. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to prevent daemons from ever being started?
On Mon, May 15, 2006 at 05:09:28PM +0200, Uwe Hermann wrote: Hi, just a random question I wanted to ask for quite a while now: What is the Debian way to prevent any daemon from ever starting, whether upon reboot, upon upgrade, upon new install etc. Please see http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html#s-disableserv and the preceeding paragraph: If you want to keep some services but use them rarely, use the update-commands, e.g. update-inetd and update-rc.d to remove them from the startup process. For more information on how to disable network services read Disabling daemon services, Section 3.6.1. If you want to change the default behaviour of starting up services on installation of their associated packages[4] use policy-rc.d, please read /usr/share/doc/sysv-rcREADME.policy-rc.d.gz for more information. I believe all the mechanisms dissuggested in this thread are already there. Patches are still welcome, however. Regards Javier signature.asc Description: Digital signature
Re: How to prevent daemons from ever being started?
* Maximiliano Curia ([EMAIL PROTECTED]) [060515 10:35]: On Monday 15 May 2006 13:31, Lee Braiden wrote: On Monday 15 May 2006 16:09, Uwe Hermann wrote: Hi, just a random question I wanted to ask for quite a while now: What is the Debian way to prevent any daemon from ever starting, whether upon reboot, upon upgrade, upon new install etc. I know I can do * /etc/init.d/foobar stop * /usr/sbin/update-rc.d -f foobar remove Not the debian way, but since there doesn't seem to be one (I thought update-rc.d or rcconf did it fine, until now :), you can also put: echo This daemon has been disabled exit 0 near the top of the init.d scripts :) using a /etc/default/daemon DAEMON=disable and a small check in the init.d script is what lots of packages actually do. I think Uwe wanted them to not start automatically at boot but to be able to invoke the init script manually. Both of these ideas prevent the manual invocation as well. -- http://www.doorstop.net/ -- Extremism in the defense of liberty is no vice. Moderation in the pursuit of justice is no virtue. -- Barry Goldwater signature.asc Description: Digital signature