Today I was idly performing some maintainence upon one of my hosts, and it crossed my mind to look beneath /etc in there I found:
/etc/python /etc/python2.4 /etc/python2.5 /etc/python2.6
That made me look more closely at the contents of /etc - the following command output was surprising:
steve@steve:~$ ls /etc | wc -l 187
Is that average? Heavy? Light? I have no idea, but I purged a hell of a lot of software today. Now I have only python v2.6 although for some reason I still have:
python python-apt python-apt-common python-central python-minimal python-support python2.6 python2.6-minimal
I suspect I could drop the pything2.6-minimal package, but for the moment I'm done. I have to make pretty people look exceptional with my magical camera.
Anyway as part of this cleanup I ran a quick sanity-check on which processes are running and I think, short of kernel processes, I'm as minimal as I can be. I understand the purpose and reason for every running service:
UID PID CMD root 1 init  pdnsd 14091 /usr/sbin/pdnsd --daemon -p /var/run/pdnsd.pid root 14199 /usr/sbin/monit -c /etc/monit/monitrc -s /var/lib/monit/monit.state root 14206 /usr/sbin/syslog-ng -p /var/run/syslog-ng.pid root 14234 /usr/sbin/cron 102 14595 /usr/sbin/exim4 -bd -q30m redis 14627 /usr/bin/redis-server /etc/redis/redis.conf root 14637 /usr/sbin/sshd
These are basic services; I use monit to ensure those essential daemons keep running. The only oddity there is probably the local DNS cache, but it is useful if you run any kind of DNS blacklist-using service, for example.
root 14794 /sbin/getty -L ttyS0 9600 vt100
I need a serial console login for emergencies.
root 14796 runsv node-reverse-proxy root 14797 /bin/sh ./run root 14799 /opt/node/bin/node node-reverse-proxy.js --config ./rewrites.js
These three processes combine to run my reverse proxy which routes incoming HTTP requests to a number of local thttpd instances.
qpsmtpd 27309 /usr/bin/perl -Tw /usr/bin/qpsmtpd-prefork --port 25 --user qpsmtpd --pid-file /var/run/qpsmtpd/qpsmtpd.pid --detach ..
The perl SMTP daemon which runs my incoming mail, passing it to exim4 which listens upon 127.0.0.1:2525. You can read about my setup in the out-of-date writeup Chris & I put together.
/usr/bin/memcached -m 64 -p 11211 -u root -l 127.0.0.1
Memory cache for transient items.
s-blog thttpd -C /etc/thttpd/sites.enabled/blog.steve.org.uk 1030 thttpd -C /etc/thttpd/sites.enabled/edinburgh-portraits.com s-hg thttpd -C /etc/thttpd/sites.enabled/hg.steve.org.uk s-ipv4 thttpd -C /etc/thttpd/sites.enabled/ipv4.steve.org.uk s-ipv6 thttpd -C /etc/thttpd/sites.enabled/ipv6.steve.org.uk s-kvm thttpd -C /etc/thttpd/sites.enabled/kvm-hosting.org ...
One thttpd instance is launched for each distinct HTTP site my server runs. Each site runs under its own UID, with its own chrooted directory tree. This is important for security.
Each local instance listens upon 127.0.0.1 - and the reverse proxy previously mentioned rewrites connections to the appropriate one.
1016 28812 /usr/bin/perl -I./lib/ -I./ /usr/local/bin/blogspam
My anti-spam filter for blog comments.
Here is my christmas challenge. Can you identify each service upon your host? Do you know why you're running what you're running?
Me? I had no idea I had a dbus deamon running. Now I've purged it. Ha!
ObQuote - "I owe everything to George Bailey. Help him, dear Father." - It's a wonderful life.