To reduce the network load on the Debian repositories, make sure to set up a
local HTTP proxy using squid for packages downloaded through APT
and, if necessary, set the http_proxy environment variable or set
the http value in /etc/apt/apt.conf. This greatly
improves the performance of network upgrades, especially with multiple Debian
boxes on the LAN.
Although the pinning feature of apt_preferences(5) is powerful, it
does not solve all the dependency issues since dependency requirements tend to
pull in newer versions of other fundamental program packages.
The use of the method described in chroot, раздел 8.6.34 is
desirable for simultaneously securing both system stability and access to the
latest versions of software.
This chapter is based on a Woody system but most information also applies to a
Potato system (except for apt_preferences(5) and topics related to
/etc/apt/preferences).
If reading all the developer documentation is too much for you, read this chapter first and start enjoying the full power of Debian with testing/unstable :-)
dselect – menu-driven package management tool (top level)
dpkg – install package (package-file centric)
apt-get – install package (package-archive centric, CLI APT)
tasksel – install task (a set of packages)
aptitude – install package (package & task, ncurses APT)
deity – alternative ncurses APT
synaptic, gsynaptic – GUI APT alternatives
These are not equal-level tools. dselect runs on the top of APT
(the command-line command is apt-get) and dpkg.
APT uses /var/lib/apt/lists/* for tracking available packages,
while dpkg uses /var/lib/dpkg/available. If you have
installed packages directly using apt-get or similar programs such
as aptitude, make sure to update the
/var/lib/dpkg/available file from the [U]pdate
selection menu in dselect or with the shell command
"dselect update" prior to running dselect
select, tasksel, or dpkg -l.
As for package dependencies, apt-get automatically pulls in
packages with depends but leaves packages with
recommends and suggests, while
dselect offers menu driven-control over choices of these packages
and prompts for the choice of packages based on depends,
recommends, and suggests.
aptitude offers the option to pull in all packages automatically
based on depends, recommends, and
suggests. See Зависимости пакетов, раздел 2.2.8.
apt-cache - check package archive in local cache
dpkg-reconfigure - reconfigure an already installed package
(if it uses debconf)
dpkg-source - manage source package file
dpkg-buildpackage - automate the building of a package file
...
You can install a set of packages called a task or install individual packages or upgrade the system using package management tools as described below. Also refer to Debian System installation hints, Глава 3, Upgrading a distribution to testing, Глава 5 and Rescue editors, раздел 11.2.
tasksel or aptitude
tasksel is the Debian Task Installer, which is
offered as the "simple" option during system
installation.
When one needs to install a common function which requires multiple packages, this is the best way to do it. Make sure to run the commands as follows:
# dselect update
# tasksel
aptitude also offers access to the task. This not only
enables you to select tasks but also enables you to deselect packages
in the task selectively through a menu.
If you try to track mixed environment as described here, you may likely to hit some package dependency conflicts. It is good idea not to mix flavors. Followings are for people who is willing to experiment knowing some risks.
For selective upgrade while tracking the testing distribution, the
APT system (>Woody) must be set up as in Transition of APT to the Woody
version, раздел 5.1 to use apt_preferences(5) features.
First, add the sources for stable, testing, and
unstable to your /etc/apt/sources.list. Then, edit
/etc/apt/preferences to set the proper Pin-Priority. [31]
Package: *
Pin: release a=stable
Pin-Priority: 500
Package: *
Pin: release a=testing
Pin-Priority: 600
Package: *
Pin: release a=unstable
Pin-Priority: 50
dselect
When started, dselect automatically selects all
"Required", "Important", and "Standard" packages.
In the Potato system, some large programs such as teTeX and Emacs used to
belong here and were best skipped for the initial install by manually
unselecting them (by typing `_'). In Woody, these have moved to the
"Optional" package category.
dselect has a somewhat strange user interface. There are four
ambiguous commands (Capital means CAPITAL!):
Key-stroke Action
Q Quit. Confirm current selection and quit anyway.
(override dependencies)
R Revert! I did not mean it.
D Damn it! I do not care what dselect thinks. Just Do it!
U Set all to sUggested state
With D and Q, you can select conflicting selections
at your own risk. Handle these commands with care. Currently,
dselect is the mature menu-driven tool which offers fine-grained
control over choices of suggests and
recommends.
Add a line containing the option "expert" in
/etc/dpkg/dselect.cfg to reduce noise. For a slower machine, you
may run dselect on another fast machine to find packages and may
use apt-get install to install them.
dselect does not offer access to packages that are not preferred
by the Pin-Priority.
aptitude
aptitude is a new menu-driven package installer similar to
dselect. This can be also used as an alternative command-line
command in place of apt-get. See aptitude(1).
aptitude accepts single-key commands which are usually lowercase.
Keystroke Action
F10 Menu
? Help for keystroke
u Update package archive information
g Download and install selected packages
q Quit current screen and save changes
x Quit current screen and discard changes
Enter View information about a package
aptitude offers the option to pull in all packages automatically
based on depends, recommends, and
suggests. You can change this behavior by choosing F10
-> Options -> Dependency handling in its menu.
aptitude offers access to all versions of a package.
apt-cache and apt-get commandsWhile tracking testing as described in the above example, we can manage the system by using the following commands:
This tracks the testing distribution and upgrades all the packages on the system while installing their dependencies from testing.
This tracks the testing distribution and upgrades all the packages on the system while installing and resolving their dependencies from testing.
This tracks the testing distribution and upgrades all the packages
on the system according to the selections of dselect.
This installs package and its dependencies from the testing distribution.
This installs package from the unstable distribution while installing its dependencies from the testing distribution.
This installs package from the unstable distribution while installing its dependencies also from the unstable distribution by setting the Pin-Priority of unstable to 990.
This checks the status of packages foo bar ....
This checks the information for packages foo bar ....
This installs the particular version 2.2.4-1 of the foo package.
This installs the foo package and removes the bar package
This removes the bar package but keeps the customized configuration files intact.
This removes the bar package together with all the customized configuration files.
In the above examples, using the -u option ensures that
apt-get will print a list of all packages that are to be upgraded
and prompt the user before taking action. The following sets the
-u option as the default action:
$ cat >> /etc/apt/apt.conf << .
// Always show packages to be upgraded (-u)
APT::Get::Show-Upgraded "true";
.
Use the -s option to simulate upgrade without performing an actual upgrade.
Depending on your preference for a flavor of Debian to track, you can change
the sample /etc/apt/preferences in Set up
APT system, раздел 6.2.2 to fit your needs:
track stable: change Pin-Priority of testing to 50
track testing: keep settings as shown above
track testing(unstable): change Pin-Priority of unstable to 500
track unstable(testing): change Pin-Priority of unstable to 800
A guideline for the choice of Pin-Priority is to move from the top to bottom in the above table as the time moves from a time immediately after a distribution release to a time of freeze for the next release.
Caution: tracking the testing flavor of Debian has a side effect of providing very slow security fixes.
If you mix flavors of Debian, testing with stable or unstable with stable, you will be likely to pull in unintentionally key packages from testing or unstable that may be buggy. So be warned.
Examples of /etc/apt/preferences which lock some key packages to
the more mature version while tracking the less mature version for other
nonessential packages are available in the examples
subdirectory as preferences.testing and
preferences.unstable. On the other hand,
preferences.stable forces all packages to be downgraded to
stable.
To downgrade all packages to stable, edit
/etc/apt/preferences as follows:
Package: *
Pin: release a=stable
Pin-Priority: 1001
and run "apt-get upgrade", which forces downgrade due to Pin-priority > 1000. Be warned, there may be some small glitches in dependencies.
/etc/apt/preferences
In the example /etc/apt/preferences presented in Set up APT system, раздел 6.2.2, "Package: *"
in the first line means that this section applies to all packages. You may use
a package name instead of "*" to specify the Pin-Priority for that
package.
In the second line, "Pin: release a=stable" means that
apt-get gets the Packages.gz file from the archive
containing a Release file with the line "Archive:
stable".
In the last line, "Pin-Priority: 500" specifies Pin-Priority to be 500.
If there are multiple packages of the same name, normally the one with the highest Pin-Priority value is the one that gets installed.
Here, the meanings of Pin-Priority are:
Downgrade of the package is allowed for this range of Pin-Priority.
Downgrade of the package is not allowed. A few key Pin-Priority values:
apt-get(8) option.
The same effects as --target-release can be obtained by setting
/etc/apt/apt.conf as:
# echo 'APT::Default-Release "testing";' >> /etc/apt/apt.conf
The command-line option --target-release and setting in the
/etc/apt/apt.conf supersedes the setting in
/etc/apt/preferences. Be careful with this interference when
playing with /etc/apt/preferences.
With this knowledge, one can live a life of eternal "upgrade" :-)
If you are experiencing problems regarding a specific package, make sure to
check out these sites first before you seek help or before you file a bug
report. (lynx, links, and w3m work
equally well):
$ lynx http://bugs.debian.org/
$ lynx http://bugs.debian.org/package-name # if you know package name
$ lynx http://bugs.debian.org/bugnumber # if you know bug number
Search Google (www.google.com) with search words including "site:debian.org".
When in doubt, read the fine manual. Set CDPATH as follows:
export CDPATH=.:/usr/local:/usr/share/doc
and type
$ cd packagename
$ pager README.Debian # if this exists
$ mc
More support resources are listed at Support for Debian, Глава 15.
Package dependency problems may occur when upgrading in unstable/testing as described in Upgrade the Debian system, раздел 5.3. Most of the time, this is because a package that will be upgraded has a new dependency that isn't met. These problems are fixed by using
# apt-get dist-upgrade
If this does not work, then repeat one of the following until the problem resolves itself:
# apt-get upgrade -f # continue upgrade even after error
... or
# apt-get dist-upgrade -f # continue dist-upgrade even after error
Some really broken upgrade scripts may cause persistent trouble. It is usually
better to resolve this type of situation by inspecting the
/var/lib/dpkg/info/packagename.{post,pre}{inst,rm}
scripts of the offending package and then running:
# dpkg --configure -a # configures all partially installed packages
If a script complains about a missing configuration file, look in
/etc for the corresponding configuration file. If one exists with
an extension of .new (or something similar), change
(mv) it to remove the suffix.
Package dependency problems may occur when installing in unstable/testing. There are ways to circumvent dependency.
# apt-get install -f package # override broken dependencies
An alternative method to fix these situations is to use the equivs
package. See /usr/share/doc/equivs/README.Debian and The equivs package, раздел 6.5.2.
dpkg
Ad hoc recovery of a crashed dselect (APT) can be done on a really
broken system by just using dpkg without APT:
# cd /var/cache/apt/archives
# dpkg -i libc6* libdb2* perl*
# dpkg -i apt* dpkg* debconf*
# dpkg -i * # until no error occurs
If a package is missing, get it from mirror sites by:
# mc # use "FTP link" pointing to Debian FTP server
As of recently, actual packages on the HTTP/FTP server may not be located under
the classic /dist directory but rather under the new
/pool directory. (See Каталог
pool, раздел 2.1.10.)
Then install by:
# dpkg -i /var/cache/apt/archives/packagefile.deb
For a broken dependency, fix it or use:
# dpkg --ignore-depends=package1,... -i packagefile.deb
# dpkg --force-depends -i packagefile.deb
# dpkg --force-depends --purge package
# dpkg --force-confmiss -i packagefile.deb # Install missing conffile
If /var/lib/dpkg/status becomes broken for any reason, the Debian
system loses package selection data and suffers severely. Look for the old
/var/lib/dpkg/status file at /var/lib/dpkg/status-old
or /var/backups/dpkg.status.*.
Keeping /var/backups/ in a separate partition may be a good idea
since this directory contains lots of important system data.
If the old /var/lib/dpkg/status file is not available, you can
still recover information from directories in /usr/share/doc/.
# ls /usr/share/doc | \
grep -v [A-Z] | \
grep -v '^texmf$' | \
grep -v '^debian$' | \
awk '{print $1 " install"}' | \
dpkg --set-selections
# dselect --expert # reinstall system, de-select as needed
/var
Since the /var directory contains regularly updated data such as
mail, it is prone to be corrupted. Separating it in an independent partition
limits risks. If disaster happens, you may have to rebuild the
/var directory to rescue your Debian system.
Obtain the skeleton content of the /var directory from a minimum
working Debian system based on the same or older Debian version, for example
var.tar.gz
# cd /
# mv var var-old # if any useful contents are left
# tar xvzf var.tar.gz # use Woody skeleton file
# aptitude # or dselect
This should provide a working system. You can expedite the recovery of package selections by using the technique described in Recover package selection data, раздел 6.3.4. ([FIXME]: This procedure needs more experiments to verify.)
Boot into Linux using a Debian rescue floppy/CD or an alternative partition in
a multiboot Linux system. See Booting the
system, раздел 8.1. Mount the unbootable system on /target
and use the chroot install mode of dpkg.
# dpkg --root /target -i packagefile.deb
Then configure and fix problems.
By the way, if a broken lilo is all that prevents booting, you can
boot using a standard Debian rescue disk. At boot prompt, assuming the root
partition of your Linux installation is in /dev/hda12 and you want
runlevel 3, enter:
boot: rescue root=/dev/hda12 3
Then you are booted into an almost fully functional system with the kernel on floppy disk. (There may be minor glitches due to lack of kernel features or modules.)
dpkg command is broken
A broken dpkg may make it impossible to install any
.deb files. A procedure like the following will help you recover
from this situation. (In the first line, you can replace "links"
with your favorite browser command.)
$ links http://http.us.debian.org/debian/pool/main/d/dpkg/
... download the good dpkg_version_arch.deb
$ su
password: *****
# ar x dpkg_version_arch.deb
# mv data.tar.gz /data.tar.gz
# cd /
# tar xzfv data.tar.gz
For i386, http://packages.debian.org/dpkg may also be used as the URL.
Enlightenment with these commands will save a person from the eternal karmic struggle of upgrade hell and let him reach Debian nirvana. :-)
To find the package to which a particular file belongs:
$ dpkg {-S|--search} pattern # search for pattern in installed packages
$ wget http://ftp.us.debian.org/debian/dists/sarge/Contents-i386.gz
$ zgrep -e pattern Contents-i386.gz
# find filename-pattern of files in the debian archive
Or use specialized package commands:
# apt-get install dlocate
# conflicts with slocate (secure version of locate)
$ dlocate filename # fast alternative to dpkg -L and dpkg -S
...
# apt-get install auto-apt # on-demand package installation tool
# auto-apt update # create db file for auto-apt
$ auto-apt search pattern
# search for pattern in all packages, installed or not
Search and display information from package archives. Make sure to point APT
to the proper archive(s) by editing /etc/apt/sources.list. If you
want to see how packages in testing/unstable do
against the currently installed one, use apt-cache
policy—quite nice.
# apt-get check # update cache and check for broken packages
$ apt-cache search pattern # search package from text description
$ apt-cache policy package # package priority/dists information
$ apt-cache show -a package # show description of package in all dists
$ apt-cache showsrc package # show description of matching source package
$ apt-cache showpkg package # package information for debugging
# dpkg --audit|-C # search for partially installed packages
$ dpkg {-s|--status} package ... # description of installed package
$ dpkg -l package ... # status of installed package (1 line each)
$ dpkg -L package ... # list filenames installed by the package
apt-cache showsrc is not documented as of the Woody release but works :)
You can also find package information in (I use mc to browse these):
/var/lib/apt/lists/*
/var/lib/dpkg/available
The comparison of the following files provides information on what exactly has happened in the last few install sessions.
/var/lib/dpkg/status
/var/backups/dpkg.status*
For an unattended installation, add the following line in
/etc/apt/apt.conf:
Dpkg::Options {"--force-confold";}
This equivalent to running apt-get -q -y packagename.
Because this automatically answers "yes" to all prompts, it may cause
problems, so use this trick with care. See apt.conf(5) and
dpkg(1).
You can configure any particular packages later by following Reconfigure installed packages, раздел 6.4.4.
Use the following to reconfigure any already-installed package.
# dpkg-reconfigure --priority=medium package [...]
# dpkg-reconfigure --all # reconfigure all packages
# dpkg-reconfigure locales # generate any extra locales
# dpkg-reconfigure --p=low xserver-xfree86 # reconfigure X server
Do this for debconf if you need to change the debconf
dialog mode permanently.
Some programs come with special configuration scripts.
apt-setup - create /etc/apt/sources.list
install-mbr - install a Master Boot Record manager
tzconfig - set the local time zone
gpmconfig - set gpm mouse daemon
sambaconfig - configure Samba in Potato (Woody uses debconf)
eximconfig - configure Exim (MTA)
texconfig - configure teTeX
apacheconfig - configure Apache (httpd)
cvsconfig - configure CVS
sndconfig - configure sound system
...
update-alternatives - set default command, e.g., vim as vi
update-rc.d - System-V init script management
update-menus - Debian menu system
...
Remove a package while maintaining its configuration:
# apt-get remove package ...
# dpkg --remove package ...
Remove a package and all configuration:
# apt-get remove --purge package ...
# dpkg --purge package ...
For example, holding of libc6 and libc6-dev for
dselect and apt-get -u upgrade package can
be done as follows:
# echo -e "libc6 hold\nlibc6-dev hold" | dpkg --set-selections
apt-get -u install package will not be hindered by this
"hold". To hold a package through forcing automatic downgrade for
apt-get -u upgrade package or apt-get -u
dist-upgrade, add the following to /etc/apt/preferences:
Package: libc6
Pin: release a=stable
Pin-Priority: 2000
Here the "Package:" entry cannot use entries such as
"libc6*". If you need to keep all binary packages
related to the glibc source package in a synchronized version, you
need to list them explicitly.
The following will list packages on hold:
dpkg --get-selections "*"|grep -e "hold$"
apt-show-versions can list available package versions by
distribution.
$ apt-show-versions | fgrep /testing | wc
... how many packages you have from testing
$ apt-show-versions -u
... list of upgradeable packages
$ apt-get install `apt-show-versions -u -b | fgrep /unstable`
... upgrade all unstable packages to their newest versions
Package installation with APT leaves cached package files in
/var/cache/apt/archives and these need to be cleaned.
# apt-get autoclean # removes only useless package files
# apt-get clean # removes all cached package files
To make a local copy of the package selection states:
$ dpkg --get-selections "*" >myselections # or use \*
"*" makes myselections include package entries for "purge" too.
You can transfer this file to another computer, and install it there with:
# dselect update
# dpkg --set-selections <myselections
# apt-get -u dselect-upgrade # or dselect install
For partial upgrades of the stable system, rebuilding a package
within its environment using the source package is desirable. This avoids
massive package upgrades due to their dependencies. First, add the following
entries to /etc/apt/sources.list:
deb-src http://http.us.debian.org/debian testing \
main contrib non-free
deb-src http://non-us.debian.org/debian-non-US testing/non-US \
main contrib non-free
deb-src http://http.us.debian.org/debian unstable \
main contrib non-free
deb-src http://non-us.debian.org/debian-non-US unstable/non-US \
main contrib non-free
Here each entry for deb-src is broken into two lines because of
printing constraints, but the actual entry in sources.list should
consist of a single line.
Then get the source and make a local package:
$ apt-get update # update the source package search list
$ apt-get source package
$ dpkg-source -x package.dsc
$ cd package-version
... inspect required packages (Build-depends in .dsc file) and
install them too. You need the "fakeroot" package also.
$ dpkg-buildpackage -rfakeroot
...or (no sig)
$ dpkg-buildpackage -rfakeroot -us -uc # use "debsign" later if needed
...Then to install
$ su -c "dpkg -i packagefile.deb"
Usually, one needs to install a few packages with the "-dev" suffix
to satisfy package dependencies. debsign is in the
devscripts package. auto-apt may ease satisfying
these dependencies. Use of fakeroot avoids unnecessary use of the
root account.
In Woody, these dependency issues can be simplified. For example, to compile a
source-only pine package:
# apt-get build-dep pine
# apt-get source -b pine
In order to create a local package archive which is compatible with APT and the
dselect system, Packages needs to be created and
package files need to be populated in a particular directory tree.
A local deb repository similar to an official Debian archive can be made in this way:
# apt-get install dpkg-dev
# cd /usr/local
# install -d pool # physical packages are located here
# install -d dists/unstable/main/binary-i386
# ls -1 pool | sed 's/_.*$/ priority section/' | uniq > override
# editor override # adjust priority and section
# dpkg-scanpackages pool override /usr/local/ \
> dists/unstable/main/binary-i386/Packages
# cat > dists/unstable/main/Release << EOF
Archive: unstable
Version: 3.0
Component: main
Origin: Local
Label: Local
Architecture: i386
EOF
# echo "deb file:/usr/local unstable main" \
>> /etc/apt/sources.list
Alternatively, a quick-and-dirty local deb repository can be made:
# apt-get install dpkg-dev
# mkdir /usr/local/debian
# mv /some/where/package.deb /usr/local/debian
# dpkg-scanpackages /usr/local/debian /dev/null | \
gzip - > /usr/local/debian/Packages.gz
# echo "deb file:/usr/local/debian ./" >> /etc/apt/sources.list
These archives can be remotely accessed by providing access to these
directories through either HTTP or FTP methods and changing entries in
/etc/apt/sources.list accordingly.
alien enables the conversion of binary packages provided in Redhat
rpm, Stampede slp, Slackware tgz, and
Solaris pkg file formats into a Debian deb package.
If you want to use a package from another Linux distribution than the one you
have installed on your system, you can use alien to convert it to
your preferred package format and install it. alien also supports
LSB packages.
debsums enables verification of installed package files against
MD5 checksums. Some packages do not have available MD5 checksums. A possible
temporary fix for sysadmins:
# cat >>/etc/apt/apt.conf.d/90debsums
DPkg::Post-Install-Pkgs {"xargs /usr/bin/debsums -sg";};
^D
per Joerg Wendland joergland@debian.org (untested).
sources.list
In short, fancy efforts to create an optimized sources.list did
not produce a significant improvement for me from a location in the USA. I
manually chose a nearby site using apt-setup.
apt-spy creates sources.list automatically, based on
latency and bandwidth. netselect-apt creates a more complete
sources.list, but uses an inferior method of choosing the best
mirror (ping time comparison).
# apt-get install apt-spy
# cd /etc/apt ; mv sources.list sources.list.org
# apt-spy -d testing -l sources.apt
dpkg-divert command
File diversions are a way of forcing dpkg not to
install a file into its default location, but to a diverted
location. Diversions can be used through the Debian package
scripts to move a file away when it causes a conflict. System administrators
can also use a diversion to override a package's configuration file, or
whenever some files (which aren't marked as conffiles) need to
be preserved by dpkg, when installing a newer version of a package
which contains those files (see Сохранение текущей конфигурации, раздел
2.2.4).
# dpkg-divert [--add] filename # add "diversion"
# dpkg-divert --remove filename # remove "diversion"
It's usually a good idea not to use dpkg-divert unless it is
absolutely necessary.
equivs packageIf you compile a program from source, it is best to make it into a real local debianized package (*.deb). Use equivs as a last resort.
Package: equivs
Priority: extra
Section: admin
Description: Circumventing Debian package dependencies
This is a dummy package which can be used to create Debian
packages, which only contain dependency information.
To make the command vi run vim, use
update-alternatives:
# update-alternatives --display vi
...
# update-alternatives --config vi
Selection Command
-----------------------------------------------
1 /usr/bin/elvis-tiny
2 /usr/bin/vim
*+ 3 /usr/bin/nvi
Enter to keep the default[*], or type selection number: 2
Items in the Debian alternatives system are kept in
/etc/alternatives as symlinks.
To set your favorite X Window environment, apply
update-alternatives to /usr/bin/x-session-manager and
/usr/bin/x-window-manager. For details, see Custom X sessions, раздел 9.4.5.1.
/bin/sh is a direct symlink to /bin/bash or
/bin/dash. It's safer to use /bin/bash to be
compatible with old Bashism-contaminated scripts but better discipline to use
/bin/dash to enforce POSIX compliance. Upgrading to a 2.4 Linux
kernel tends to set this to /bin/dash.
init and runlevels
The default runlevel to boot into can be set in /etc/inittab.
Unlike other distributions, Debian makes the management of runlevel completely
the sysadmin's responsibility. Management of System-V style init
on Debian is intended to be performed through update-rc.d scripts.
Starting /etc/init.d/name in runlevel 1,2,3 and
stopping in 4,5 with sequencing priority number 20 (normal) can be done by:
# update-rc.d name start 20 1 2 3 . stop 20 4 5 .
Removing symbolic links while the script in init.d still exists
can be done by:
# update-rc.d -f name remove
For editing runlevels, I cheat. I edit entries manually using the
mv command at the shell prompt of mc while copying
link entries using Alt-Enter. For example:
# mv S99xdm K99xdm # disable xdm (X display manager)
I even disable a daemon by inserting exit 0 at the start of an
init.d script as a quick hack. These are conffiles
after all.
The Debian distribution takes system security seriously and expects the system administrator to be competent. Thus, sometimes ease of use appears to be a secondary concern and many daemon services come with the highest security level, with the fewest services (or none) available as their default install state.
Run ps aux or check the contents of /etc/init.d/* and
/etc/inetd.conf, if you have any doubts (about Exim, DHCP, ...).
Also check /etc/hosts.deny as in Restricting logins with PAM, раздел
9.2.1. The pidof command is also useful (see
pidof(8)).
X11 doesn't allow TCP/IP (remote) connections by default in recent versions of
Debian. See Using X over TCP/IP, раздел
9.4.6. X forwarding in SSH is also disabled. See Connecting to a remote X server –
ssh, раздел 9.4.8.
Справочник по Debian
CVS, Пон 3. Апр 2005, 22:59:13 UTCosamu@debian.orgdsewell@virginia.edu