Start up scripts
I've taken a look at the start up scripts and prepared a proposal
stripping them down to firewall level. See below.
Debian start up scripts:
Boot Phase:
0 /sbin/init
1 /etc/inittab
2 /etc/init.d/boot
3 /etc/init.d/isapnp
4 /etc/init.d/modules
5 /etc/init.d/network
6 /etc/init.d/urandom
7 /etc/rc.boot/0setserial
8 /etc/rc.boot/nvi
Start-Up Script Phase:
9 /etc/init.d/sysklogd
10 /etc/init.d/kerneld
11 /etc/init.d/netstd_init
12 /etc/init.d/netbase
13 /etc/init.d/gpm
14 /etc/init.d/lpd
15 /etc/init.d/ppp
16 /etc/init.d/netstd_nfs
17 /etc/init.d/netstd_misc
18 /etc/init.d/atd
19 /etc/init.d/cron
20 /etc/init.d/rmnologin
Ok, a few questions, in /etc/init.d/boot:
what in the world is this construct? ": > /etc/mtab"
mount -n -o remount,rw /
rm -f /etc/mtab~ /etc/nologin
: > /etc/mtab
mount -o remount,rw /
mount /proc
just had to ask.
in /etc/init.d/boot:
%%%% REMOVE %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
#
# Load the appropriate modules. This needs to be done here in case fs
modules
# are needed for accessing or mounting local file systems.
#
if [ -x /etc/init.d/modutils ]
then
/etc/init.d/modutils start
elif [ -x /etc/init.d/modules ]
then
/etc/init.d/modules start
fi
%%%% END REMOVE %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
in /etc/init.d/boot:
%%%% REMOVE %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
#
# Now that TCP/IP is configured, mount the NFS file systems in /etc/fstab.
#
echo "Mounting remote file systems ..."
mount -a -t nfs
%%%% END REMOVE %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%% REMOVE: %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
/etc/init.d/modules---->modutils No modules, custom kernel.
/etc/init.d/kerneld Ditto.
/etc/init.d/gpm Don't need a mouse on firewall.
/etc/init.d/lpd Don't need a printer on firewall.
/etc/init.d/ppp If ppp-needed=False.
/etc/init.d/netstd_nfs No NFS.
/etc/init.d/netstd_misc Don't need rwho or boot server.
%%%%% END REMOVE %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
in /etc/init.d/netbase:
comment out the portmap daemon, don't need to do RPC.
I'm not sure why the script exits if /usr/sbin/portmap does not exist.
Can't /usr/sbin/initd run stand-alone?
I figure we need keep /usr/sbin/initd to invoke smtp services for
connection requests to port 25.
Henry Hollenberg speed@barney.iamerica.net
--
E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? e-mail to listmaster@debian.org .
Reply to: