Thursday, February 17, 2005
Trimming down Woody
During install:
- rm -r /target/tmp/* after kernel and modules install, before installing base
- cd /target/var/cache/apt/packages; rm * after packages are installed (be sure to do it on proper time)
- only installed the base system, didn't run tasksel
- only listing main and no source packages in apt.sources (every package repository wastes a lot of disk space, alternatively you can turn off package caches in /etc/apt.conf),
- apt-get install localepurge; localepurge
- apt-get clean
- apt-get --purge remove man.* dhcp-client groff-base ipchains nano ppp.* tasksel base-config modconf
- rm -r /usr/share/{doc*,man*,info,locale} /usr/doc /usr/lib/gconv # remove docs etc
- using syslog to log to a remote host (alternative: use agressive log removal strategy)
- building a custom static kernel (no modules, /lib/modules was a whopping 12 MB)
- strip all binaries
- echo -e 'map! jj \033' > /root/.exrc # make vi more carpal-friendly
- firewall: transfered the firewall scripts from another box
- disabled inetd (you can't remove it as net-base depends on it):
$ update-rc.d inetd stop 20 2 3 4 5 .
(and edit /etc/inetd.conf to be sure everything is OK when it is accidenally started) - apt-get install wget ssh sudo
- DNS serving: compiled ucspi-tcp, daemontools, djbdns and zonenotify in another box and installed these, also compiled and installed dnsmasq from testing.
- disable root login via ssh and create a sudo user with all privileges, avoid su from now on
# posted by Marutosan @ 9:47 AM 
