5.1 Minimizing the Software Footprint

On systems on which Oracle Linux has been installed, remove unneeded RPMs to minimize the software footprint. For example, you could uninstall the X Windows package (xorg-x11-server-Xorg) if it is not required on a server system.

To discover which package provides a given command or file, use the yum provides command as shown in the following example:

# yum provides /usr/sbin/sestatus
...
policycoreutils-2.0.83-19.24.0.1.el6.x86_64 : SELinux policy core utilities
Repo        : installed
Matched from: 
Other       : Provides-match: /usr/sbin/sestatus

To display the files that a package provides, use the repoquery utility, which is included in the yum-utils package. For example, the following command lists the files that the btrfs-progs package provides.

# repoquery -l btrfs-progs
/sbin/btrfs
/sbin/btrfs-convert
/sbin/btrfs-debug-tree
.
.
. 

To uninstall a package, use the yum remove command, as shown in this example:

# yum remove xinetd
Loaded plugins: refresh-packagekit, security
Setting up Remove Process
Resolving Dependencies
--> Running transaction check
---> Package xinetd.x86_64 2:2.3.14-35.el6_3 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package       Arch          Version                   Repository          Size
================================================================================
Removing:
 xinetd        x86_64        2:2.3.14-35.el6_3         @ol6_latest        259 k

Transaction Summary
================================================================================
Remove        1 Package(s)

Installed size: 259 k
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Erasing    : 2:xinetd-2.3.14-35.el6_3.x86_64                              1/1 
  Verifying  : 2:xinetd-2.3.14-35.el6_3.x86_64                              1/1 

Removed:
  xinetd.x86_64 2:2.3.14-35.el6_3                                               

Complete!

The following table lists packages that you should not install or that you should remove using yum remove if they are already installed.

PackageDescription

krb5-appl-clients

Kerberos versions of ftp, rcp, rlogin, rsh and telnet. If possible, use SSH instead.

rsh, rsh-server

rcp, rlogin, and rsh use unencrypted communication that can be snooped. Use SSH instead.

samba

Network services used by Samba. Remove this package if the system is not acting as an Active Directory server, a domain controller, or as a domain member, and it does not provide Microsoft Windows file and print sharing functionality.

talk, talk-server

talk is considered obsolete.

telnet, telnet-server

telnet uses unencrypted communication that can be snooped. Use SSH instead.

tftp, tftp-server

TFTP uses unencrypted communication that can be snooped. Use only if required to support legacy hardware. If possible, use SSH or other secure protocol instead.

xinetd

The security model used by the Internet listener daemon is deprecated.

ypbind, ypserv

The security model used by NIS is inherently flawed. Use an alternative such as LDAP or Kerberos instead.