5.1. Minimizing the Software Footprint

5.1. Minimizing the Software Footprint
Prev	Chapter 5. Secure Deployment Checklist	Next

On systems on which Oracle Linux has been installed, remove unneeded RPMs to minimize the software footprint. For example, you could uninstall the X Windows package (xorg-x11-server-Xorg) if it is not required on a server system.

To discover which package provides a given command or file, use the yum provides command as shown in the following example:

# yum provides /usr/sbin/sestatus
...
policycoreutils-2.0.83-19.24.0.1.el6.x86_64 : SELinux policy core utilities
Repo        : installed
Matched from: 
Other       : Provides-match: /usr/sbin/sestatus

To display the files that a package provides, use the repoquery utility, which is included in the yum-utils package. For example, the following command lists the files that the btrfs-progs package provides.

# repoquery -l btrfs-progs
/sbin/btrfs
/sbin/btrfs-convert
/sbin/btrfs-debug-tree
.
.
.

To uninstall a package, use the yum remove command, as shown in this example:

# yum remove xinetd
Loaded plugins: refresh-packagekit, security
Setting up Remove Process
Resolving Dependencies
--> Running transaction check
---> Package xinetd.x86_64 2:2.3.14-35.el6_3 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package       Arch          Version                   Repository          Size
================================================================================
Removing:
 xinetd        x86_64        2:2.3.14-35.el6_3         @ol6_latest        259 k

Transaction Summary
================================================================================
Remove        1 Package(s)

Installed size: 259 k
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Erasing    : 2:xinetd-2.3.14-35.el6_3.x86_64                              1/1 
  Verifying  : 2:xinetd-2.3.14-35.el6_3.x86_64                              1/1 

Removed:
  xinetd.x86_64 2:2.3.14-35.el6_3                                               

Complete!

The following table lists packages that you should not install or that you should remove using yum remove if they are already installed.

Package	Description
`krb5-appl-clients`	Kerberos versions of ftp, rcp, rlogin, rsh and telnet. If possible, use SSH instead.
`rsh`, `rsh-server`	rcp, rlogin, and rsh use unencrypted communication that can be snooped. Use SSH instead.
`samba`	Network services used by Samba. Remove this package if the system is not acting as an Active Directory server, a domain controller, or as a domain member, and it does not provide Microsoft Windows file and print sharing functionality.
`talk`, `talk-server`	talk is considered obsolete.
`telnet`, `telnet-server`	telnet uses unencrypted communication that can be snooped. Use SSH instead.
`tftp`, `tftp-server`	TFTP uses unencrypted communication that can be snooped. Use only if required to support legacy hardware. If possible, use SSH or other secure protocol instead.
`xinetd`	The security model used by the Internet listener daemon is deprecated.
`ypbind`, `ypserv`	The security model used by NIS is inherently flawed. Use an alternative such as LDAP or Kerberos instead.