I am somewhat new to Linux. I am using Fedora 34 with the Xfce desktop.
I would like to harden and optimize my system by disabling services that I don’t need and removing packages that are not needed. I have already done this with several packages and services that I know I will not need, but there are some that I don’t know what they are, what they do, and if they are vital to system operation.
Here is a list of packages that I have removed so far.
geany
atril
catfish
claws-mail
hfsplus-tools
hyperv-daemons
nano (I use vi not nano)
orage
pidgin
transmission
xfburn
asunder
pragha
Are there any other packages that are not vital to the system and can be safely removed?
Here is a list of services that I disabled.
avahi-daemon.socket
avahi-daemon
iscsi.service
iscsiuio.socket
iscsid.socket
bluetooth.service
lvm2-monitor.service
mdmonitor.service
qemu-guest-agent.service
lvm2-lvmpolld.socket
raid-check.timer
nfs-convert.service
nfs-client.target
What other ones could I disable?
Also There are some services that I don’t know if I need or not like the sssd service.
I read that the sssd service is used for accessing network services like if you had a domain, but I don’t have any network services like a domain or file/print sharing. So, could I safely disable this service?
And my last question has to do with optimization of the boot process. I know that disabling unused services can help with the boot process, but if i run systemctl status “service name” it will tell me the status of a service, and it also says that a service is loaded even if it is disabled and not running. How can I prevent a service from even getting loaded if I KNOW that I don’t need it? For example: I don’t use lvm so I KNOW that I don’t need the lvm service. How then can I make it so my system will not even load the service at boot?
Also, you might want to look at the rpmreaper tool if you really want to try to whittle down an existing system. It does a nice job of showing dependencies and you can highlight packages and press i to get a brief description of them as you go.
systemd-analyze critical-chain will show you what is impacting your boot time.
I am fairly certain that running systemctl status loads the unit. I believe loaded just means that the service file has been read into memory.
Stop running systemctl status on it
But seriously, a loaded unit doesn’t mean much. I wouldn’t worry about that as long as it isn’t running. Alternatively, you could use rpm -qf on the service file to see what package it belongs to and uninstall the package.
Lastly, keep in mind that even if it a service is disabled, it can still be started by another unit.
Thank you for your replies. But what services are not necessary and I can disable/mask? For example, can I disable the sssd service? Also if I check the session and startup section in the settings of my computer I see some processes that start when I log in. Again I have no idea what some of these do. The processes in question are: Liveinst Setup, User folders update, Spice vdagent, xapp-sn-watcher. What do these processes do? Do I need them? Thanks for the help.
Sometimes it take a bit of detective work to figure out what some components do. Many of those processes that are automatically started when you log into a graphical session are initiated by a .desktop drop-in file in /etc/xdg/autostart.
Just to use your “User folders update” service as an example, I see that it has a file at /etc/xdg/autostart/user-dirs-update-gtk.desktop.
Using Fedora Linux’s rpm command, I can find the package that provides that file.
Looking at the README file, I get a bit more information about the package.
$ cat /usr/share/doc/xdg-user-dirs-gtk/README
xdg-user-dirs-gtk is a companion to xdg-user-dirs that integrates it into
the Gnome desktop and Gtk+ applications.
It gets run during login and does two things:
* Tracks changes of locale and prompts the user so the directories
can be changed.
* Creates a default gtk bookmarks file if there is none, based
on a set of xdg user dirs.
Then I can do the same for stated “companion” package xdg-user-dirs which eventually leads me to a link to online documentation.