Re: remove unwanted modules
On Wed, Sep 21, 2005 at 09:06:44PM -0500, Marc DM wrote: Actually, I wanted to know just for knowing purposes. The other reason I wanted to know is because I'm using Debian with a single Opteron246 to create a router to handle traffic between 4 vlans and the internet. So I wanted to make sure that I didn't have any modules in there that might be a potential security threat nor any that would degrade performance solely due to its presence. Unused modules on disk won't hurt performance any more than 5 jpegs on the drive does. It just takes diskspace that is all. Modules usually only get loaded if there is a piece of hardware present that requires it. Or some program requires a certain feature. As for security, well unless someone is already root they can't load modules, so I can't really see much chance of a security problem. Len Sorensen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: remove unwanted modules
On Wed, Sep 21, 2005 at 12:24:06AM -0500, Marc DM wrote: Stupid questions : How can I find out which modules my system actually needs and disable the ones I don't need. How can I know if a module I'm disabling at startup isn't needed for another module that I plan to load? Thanks. And I won't ask anymore stupid questions for the rest of the week. You can check the use count from lsmod: Module Size Used by nls_utf82432 0 it87 29472 0 i2c_sensor 3712 1 it87 i2c_isa 2688 0 i2c_dev12288 0 powernow_k811088 0 freq_table 5192 1 powernow_k8 ^ This column If the count is 0, it means the module is not being used, either because the device it supplies isn't currently being used, or because you don't need it. Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: remove unwanted modules
On Wednesday 21 September 2005 12:53 am, Hamish Moffatt wrote: On Wed, Sep 21, 2005 at 12:24:06AM -0500, Marc DM wrote: Stupid questions : How can I find out which modules my system actually needs and disable the ones I don't need. How can I know if a module I'm disabling at startup isn't needed for another module that I plan to load? Thanks. And I won't ask anymore stupid questions for the rest of the week. You can check the use count from lsmod: Module Size Used by nls_utf82432 0 it87 29472 0 i2c_sensor 3712 1 it87 i2c_isa 2688 0 i2c_dev12288 0 powernow_k811088 0 freq_table 5192 1 powernow_k8 ^ This column If the count is 0, it means the module is not being used, either because the device it supplies isn't currently being used, or because you don't need it. Or with regards to the modules loaded in the initrd, change /etc/mkinitrd/mkinitrd.conf to have the line MODULES=dep instead of =[all,most] and then regenerate the initrd. That's what I've done anyway and it works great. One issue with newer kernels is that is seems to load all IDE drivers regardless since they aren't yet tagged as unloadable (shows [permanent] in lsmod). How can one indicate to initrd (or yaird) selectively which ide modules to load? Joel Johnson -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: remove unwanted modules
On Wed, Sep 21, 2005 at 10:22:00AM -0500, Mike Dobbs wrote: to not add eth1394 I added this line into /etc/modprobe.conf : install eth1394 /bin/true If you create /etc/modprobe.conf you disable the use of /etc/modprobe.d which is what debian uses. This is not a good idea. Make your changes in a new file under /etc/modprobe.d instead. Also the common way that I know of ti disable someting is to either blacklist it from discover/hotplug (so you can still load it manually if you want to), or do 'alias eth1394 off' in a modprobe.d/ file. Len Sorensen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: remove unwanted modules
On Wed, Sep 21, 2005 at 11:16:48AM -0700, Joel Johnson wrote: But that still doesn't get to the issue of how mkinitrd decides which IDE modules should be included when set to only include dependent modules. Any insights? That would be controlled by mkinitrd's config. You can actually manually list excactly which modules to load if you want. You can also write a new better mkinitrd if you want (yaird is one other option for example) and it sounds like mkinitrd may need replacing anyhow for initramfs and no devfs in 2.6.13 for some setups in the future. Len Sorensen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: remove unwanted modules
You can check the use count from lsmod: Module Size Used by nls_utf82432 0 it87 29472 0 i2c_sensor 3712 1 it87 i2c_isa 2688 0 i2c_dev12288 0 powernow_k811088 0 freq_table 5192 1 powernow_k8 ^ This column If the count is 0, it means the module is not being used, either because the device it supplies isn't currently being used, or because you don't need it. This is useful info. Thanks. Or with regards to the modules loaded in the initrd, change /etc/mkinitrd/mkinitrd.conf to have the line MODULES=dep instead of =[all,most] and then regenerate the initrd. I actually had to do this on a Tyan Thunder K8W (S2885) in order to get it to mount /home on the sata controller at boot (LVM over Raid1). It would always complain of not being able to find any md devices when loading lvm. I think this is because the sil3114 module was being loaded by hotplug later on in the boot process, long after disks are mounted. to not add eth1394 I added this line into /etc/modprobe.conf : install eth1394 /bin/true I try to stay away from modprobe.conf because of the commemts at the top of the file, so I'm working with modutils.d and mkinitrd.conf Marc DM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: remove unwanted modules
You can check the use count from lsmod: Module Size Used by nls_utf82432 0 it87 29472 0 i2c_sensor 3712 1 it87 i2c_isa 2688 0 i2c_dev12288 0 powernow_k811088 0 freq_table 5192 1 powernow_k8 ^ This column If the count is 0, it means the module is not being used, either because the device it supplies isn't currently being used, or because you don't need it. This is useful info. Thanks. Or with regards to the modules loaded in the initrd, change /etc/mkinitrd/mkinitrd.conf to have the line MODULES=dep instead of =[all,most] and then regenerate the initrd. I actually had to do this on a Tyan Thunder K8W (S2885) in order to get it to mount /home on the sata controller at boot (LVM over Raid1). It would always complain of not being able to find any md devices when loading lvm. I think this is because the sil3114 module was being loaded by hotplug later on in the boot process, long after disks are mounted. to not add eth1394 I added this line into /etc/modprobe.conf : install eth1394 /bin/true I try to stay away from modprobe.conf because of the commemts at the top of the file, so I'm working with modutils.d and mkinitrd.conf Marc DM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: remove unwanted modules
On 09/21/05 12:24:06AM -0500, Marc DM wrote: Stupid questions : How can I find out which modules my system actually needs and disable the ones I don't need. How can I know if a module I'm disabling at startup isn't needed for another module that I plan to load? Thanks. And I won't ask anymore stupid questions for the rest of the week. But why do you want to do this? A full modules directory in /lib/`uname -r` only takes up ~40M. And who knows when you'll plug in some new USB device or something and wish you had that module handy. The only way you're going to get an accurate list is if you know what all of the modules are used for. And stripping out the modules with a 0 reference count won't be enough, for instance ide-cd currently has a ref count of 0 on this machine because there's no disc mounted. Hmmm and somehow tulip has a ref count of 0 as well even though I know I'm using that NIC... Anyway, you'll pretty much have to go through the lsmod output and run modinfo on each module and decide whether it's important enough to keep or not. Regards, Marc DM Jim. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: remove unwanted modules
Jim Crilly wrote: But why do you want to do this? A full modules directory in /lib/`uname -r` only takes up ~40M. And who knows when you'll plug in some new USB device or something and wish you had that module handy. Actually, I wanted to know just for knowing purposes. The other reason I wanted to know is because I'm using Debian with a single Opteron246 to create a router to handle traffic between 4 vlans and the internet. So I wanted to make sure that I didn't have any modules in there that might be a potential security threat nor any that would degrade performance solely due to its presence. Know of any? Marc DM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: remove unwanted modules
On 09/21/05 09:06:44PM -0500, Marc DM wrote: Jim Crilly wrote: But why do you want to do this? A full modules directory in /lib/`uname -r` only takes up ~40M. And who knows when you'll plug in some new USB device or something and wish you had that module handy. Actually, I wanted to know just for knowing purposes. The other reason I wanted to know is because I'm using Debian with a single Opteron246 to create a router to handle traffic between 4 vlans and the internet. So I wanted to make sure that I didn't have any modules in there that might be a potential security threat nor any that would degrade performance solely due to its presence. Know of any? Just a guess, but if a module was known to be a security problem it would most likely have been removed or fixed =) And since you need to be root (or at least have CAP_SYS_MODULE) to load/unload modules, the box will already be compromised by the time they can load any potentially malicious modules. And as for performance, I really doubt any modules would slow anything down to the point where you would notice. Most of the modules that might affect performance require you to do something to activate them, like even if you load every iptables module available it won't matter unless you have rules to make them do something. Especially with a box as fast as an Opteron. You might end up with a little less free memory if you load a few modules that you don't plan on using, but most modules are only few K each anyway. Marc DM Jim. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]