[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Post installation problem with chkconfig



On Wed, 28 Jan 2004, Tony Ladd wrote:

>My kickstart file executes the following script (among others) after
>installation
>
>#!/bin/bash
># Set SysV init scripts
>
>off="anacron apmd atd autofs gpm iptables irda isdn kdcrotate kudzu nscd
>nfs pcmcia rhnsd saslauthd sendmail sshd"
>on="ypbind rexec rlogin rsh time time-udp"
>
>for name in ${off}; do
>/sbin/chkconfig --del $name
>done
>
>for name in ${on}; do
>/sbin/chkconfig --add $name
>/sbin/chkconfig $name on
>done

Bzzzzz - incorrect use of --del. Disable the service, but don't remove
it entirely from chkconfig's control.

This is my equivalent:

#!/bin/sh -

# Turn all all unwanted services
BADSERV="arpwatch httpd ipchains iptables kdcrotate kudzu named \
        nfs rwhod sendmail snmpd ypbind xfs apmd gpm pcmcia \
        linuxconf lpd identd rawdevices autofs rhnsd portmap \
        nfslock netfs xinetd atd"

for s in $BADSERV; do
        test -e "/etc/rc.d/init.d/$s" && \
                /sbin/chkconfig --level 0123456 "$s" off
done


Perhaps you need the --level arg? Also, are you sure you need the r*
services? These have a long and rich history of insecurity...

Remember if you prevent kudzu from running you'll miss the first-boot
"updfstab". Without sendmail running full-time, you might want to drop
something to flush the queue in /etc/cron.hourly.


Cheers,
Phil




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]