Linux in Government: Optimizing Desktop Performance, Part III
If you use Fedora Core 3, you can find the system-config-services tool on you applications menu by selecting applications -> System Settings --> Server Settings --> Services. When you select that option, you then see a prompt asking for you administrator's password. Enter that and you next see a window similar to the one shown in Figure 2.
On the left side of Figure 2 you can see a list of services currently running in runlevel 5, your default run level.
From time to time, Fedora users happy with their distribution may run across comments on mailing lists and forums that call the distribution "bloatware". Webopedia defines bloatware as:
(n.) jargon Software that has lots of features and requires considerable disk space and RAM. As the cost of RAM and disk storage has decreased, there has been a growing trend among software developers to disregard the size of applications. Some people refer to this trend as creeping featuritis. If creeping featuritis is the symptom, bloatware is the disease.
If you look at the services checked list in Figure 2, you can see that many services have been selected. Keep in mind that Red Hat makes Fedora available to provide a test bed for innovations it plans to incorporate into its Red Hat Enterprise Linux offering. One might consider Fedora bloatware if Red Hat sold the product. As it stands, I consider Fedora to be a good product and one I can modify to suit my preferences.
For desktop purposes, I start by disabling apmd, autofs, identd, ip6tables, iptables, isdn, lpd, nfs, portmap, talkd and sendmail. You can do this using system-config-services. Remember, though, that whatever you disable in runlevel 5, you also should consider disabling in other runlevels. If you run the command #init 3 and don't go into that mode elegantly, you have to go back and check your service settings.
Another way to edit your services in Fedora involves the command-line utility called ntsysv. When you run that command, you see a screen similar to the one shown in Figure 3.
Unfortunately, space requirements here do not allow for a detailed discussion of each service. If you are not familiar with them, use the system-config-services utility, shown in Figure 2, and read about each one. Also, use Google to search for the ones with which you are unfamiliar.
Other services people may wish to disable on Fedora include:
mDNSResponder: used by Howl clients to perform Zeroconf service discovery on a network; should not be running otherwise.
mdmonitor: software RAID monitoring and management multipath device not required for single drive systems.
mdmpd: used to create, manage and monitor software RAID volumes.
httpd: not necessary unless you're running a Web server.
iptables: used for firewalls.
kudzu: used to discover new peripheral devices; can be redeployed if you add peripherals later.
mysqld: unnecessary if you are not using a database.
If you are not using the Network File System (NFS), you also can disable netfs, netplugd, network, nfslock and nfs. And, if you are not sharing a network with Microsoft Windows, you can disable smb and nmb.
I also chose to disable SELinux on my desktop because of its resource requirements. I consider SELinux important for servers or, when needed, in secure and classified environments but not necessary for normal desktop use. As with other services, test and see if it slows down your boot process or inhibits desktop performance.
Unlike Fedora, most Linux users do not consider Ubuntu to be a bloatware distribution. In its default mode, few services run unnecessarily. Still, for strictly desktop use, I have found some tweaks that can increase performance.
Ubuntu does not come with a graphical tool to disable services. If you have the necessary skills to run the commands in text mode to manage services, you probably already know which ones you want enabled or disabled. I downloaded several from Ubuntu repositories, including sysv-rc-conf, rcconf and bum. I found bum to be the most comprehensive and user-friendly tool for Ubuntu.
You'll have to download bum from its Web site. Once you install it and log back into your desktop, you should see it in the menu listed as Boot-up Manager, bum for short. See Figure 4.
Once you select bum from the menu, you have to enter your admin password. You should see something similar to the window shown in Figure 5.
As you can see, the Boot-Up Manager for Ubuntu provides significant detail. In many instances it can provide you with enough information to prevent you from making a mistake when you disable or enable a service.
In Ubuntu, I disabled several services for strictly desktop use. I began with the following:
ntpdate: a utility that updates the system clock on each reboot.
pcmcia: used only with laptops if one has PCMCIA cards.
ppp: point-to-point protocol used only if you have a modem. I disabled the built-in modem in my desktop and only use a network interface card.
powernowd: I use an AMD processor with Ubuntu and this service does not work with AMD.
rsync: a utility that provides fast incremental file transfer if you wish to mirror or back up data. I don't use it.
fetchmail: a utility to retrieve and forward mail and act as a gateway to smtp. I use a Linux groupware client, so I do not use this utility.
postfix: a mail transfer agent similar to sendmail. I use a mail server from my ISP and our company domain, so I don't see a need for this.
Once I unchecked these services in bum, I rebooted and noticed a significant decrease in the time required to reach my GNOME desktop. I then surveyed my system and disabled additional services, including LVM, mdadm, EVMS and pppd-dns. Again, I rebooted and saw a significant decease in boot-up time.
Another Note: Ubuntu installs with a default kernel set for i386 processors. Because I use an i686 kernel, I found upgrading also increased my system performance significantly. To do this, you can use Synaptic to search for linux-image-2.6.10-5-k7 if you use AMD or linux-image-2.6.10-5-686 for Pentium Pro/Celeron/Pentium II/Pentium III/Pentium IV.
The developers generally produce kernel image packages if you wish to create a custom kernel from the sources. We will cover that process in a future article.
By selecting and installing the kernel package, you can upgrade your default kernel to one optimized for new processors. You should experience a performance increase.
If you decide to disable the services mentioned above, consider using the graphical Boot-Up Manager (bum). I have read some disturbing suggestions from users concerning modifying init scripts. You want to have the ability to go back and enable services if disabling them causes you trouble. With bum, you can do that. With some command-line techniques, you might discover yourself in a nest of mad hornets without an escape plan.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Humble Hacker?
- BitTorrent Inc.'s Sync
- The Death of RoboVM
- The US Government and Open-Source Software
- New Container Image Standard Promises More Portable Apps
- Open-Source Project Secretly Funded by CIA
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide