Mumia W.. wrote:
On 07/11/2008 07:26 PM, David Barrett wrote:Is there any way to "apt-get install ssh" without having it automatically start sshd? Same for "lighttpd".Basically, I'm making great progress in my bootable QEMU image script:I don't know of a way, but you can firewall-off the ssh port before you install, and you can configure ssh to not start by running update-rc.d.
Ug. That's unfortunate. My primary reason for not wanting it to start is actually for a different reason than security: I don't know a general way to determine which packages start up processes that need stopping, nor how to stop them.
Essentially, I'm writing a script to generate ready-to-deploy bootable qemu images, One of the inputs of the script is a list of packages to install. This works fantastic, with the key exception that some of those packages (ssh and lighttpd, specifically) start up running processes. These processes need to be stopped before I can dismount the raw image and zip it up for instant future deployment.
Now it's a nuisance to kill chroot'd processes within a mounted raw image, but it's doable (you need to mount /proc inside, kill the processes, and then dismount it before you unmount the raw image). And the dirty logfiles they leave scattered around are annoying, but not life threatening.
But I don't know how to determine, given a list of packages like "lighttpd php5-cgi openssl", which processes need to be stopped (and how to stop them). I guess I could just test to see if there happens to be an /etc/init.d script with the same name, and if so, run stop...
Regardless, a much cleaner way in all respects would be to just never start the process in the first place. I'm actually surprised this isn't a really commonly used feature; I really expected it to be part of apt-get. Alas!
Does anyone else have any ideas? Thanks! -david