Mumia W.. wrote:
On 07/11/2008 07:26 PM, David Barrett wrote:
Is there any way to "apt-get install ssh" without having it
automatically start sshd? Same for "lighttpd".
Basically, I'm making great progress in my bootable QEMU image script:
I don't know of a way, but you can firewall-off the ssh port before you
install, and you can configure ssh to not start by running update-rc.d.
Ug. That's unfortunate. My primary reason for not wanting it to start
is actually for a different reason than security: I don't know a general
way to determine which packages start up processes that need stopping,
nor how to stop them.
Essentially, I'm writing a script to generate ready-to-deploy bootable
qemu images, One of the inputs of the script is a list of packages to
install. This works fantastic, with the key exception that some of
those packages (ssh and lighttpd, specifically) start up running
processes. These processes need to be stopped before I can dismount the
raw image and zip it up for instant future deployment.
Now it's a nuisance to kill chroot'd processes within a mounted raw
image, but it's doable (you need to mount /proc inside, kill the
processes, and then dismount it before you unmount the raw image). And
the dirty logfiles they leave scattered around are annoying, but not
life threatening.
But I don't know how to determine, given a list of packages like
"lighttpd php5-cgi openssl", which processes need to be stopped (and how
to stop them). I guess I could just test to see if there happens to be
an /etc/init.d script with the same name, and if so, run stop...
Regardless, a much cleaner way in all respects would be to just never
start the process in the first place. I'm actually surprised this isn't
a really commonly used feature; I really expected it to be part of
apt-get. Alas!
Does anyone else have any ideas? Thanks!
-david
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]