I’ve always used Fedora, basically since it was RedHat 7.0 … However, from that time until now, it has changed a lot.
WARNING/DISCLAIMER: THIS GUIDE WILL CORRUPT AND DAMAGE YOUR LINUX FEDORA INSTALLATION. IF YOU ARE NOT FAMILIAR WITH LINUX, AND KNOW EXACTLY WHAT YOU ARE DOING, PLEASE LEAVE NOW.
IF YOU STAY, YOU AGREE THAT I’M NOT RESPONSIBLE OF ANY DAMAGE OR DERIVED DAMAGE CAUSED BY THIS GUIDE.
One of the reasons why I like fedora, is because it is one of the few distros that works natively with SELinux.
However, fedora has started to be a little more invasive since systemd abrtd, and networkmanager were introduced. Unfortunately it is difficult to get out of systemd.
Getting rid of NetworkManager:
!!! WARNING !!!: NetworkManager makes it easy for you to start the network seamlessly from your desktop or laptop … disabling it, and not having the patience to configure the network-scripts, will make you to loose your internet conectivity. I am not responsible for it !.
In order to get rid of NM, you just need to execute this (as root):
systemctl stop NetworkManager.service systemctl disable NetworkManager.service systemctl enable network.service systemctl start network.service
In this way, we will enable the old network service and we will disable the NetworkManager.
Now you can configure your network scripts located on: /etc/sysconfig/network-scripts/
** If your computer is a laptop, you might want to keep NetworkManager … **
Getting rid of AVAHI:
Avahi is a daemon for interconnecting small networks. It provides a distributed multicast DNS service and a Service Discovery Service. It’s useful to discover shared services across the local network.
I personally don’t like or need this service, Everything in my network is pre-configured. And I don’t have many plug and play devices that I usually connect to my network.
To disable AVAHI, run this as root:
systemctl disable avahi-daemon systemctl stop avahi-daemon.socket systemctl stop avahi-daemon.service
Getting rid of ABRTD:
Abrtd is the daemon that collects system information when a program falls into an error condition. This will allow developers to understand why your program fell into that condition.
And remember: The problem with the cloud is not about trust or not to trust someone specific (eg MEGA, Google, Fedora, TeamViewer, etc.) … It is that any mechanism that may be exploitable, will be exploited sooner or later, whether by individuals, by the owners or third parties who have (or will have) the technology to compromise it.
To get rid of ABRTD (root console):
systemctl stop abrt-ccpp.service systemctl stop abrt-oops.service systemctl stop abrt-vmcore.service systemctl stop abrt-xorg.service systemctl stop abrtd.service systemctl disable abrt-ccpp.service systemctl disable abrt-oops.service systemctl disable abrt-vmcore.service systemctl disable abrt-xorg.service systemctl disable abrtd.service
Getting rid of PackageKit:
PackageKit is a service to keep your operating system up to date, however, this service is invasive … Maybe we want to use a better option like yum-cron, and let the updates to be installed at night without user interaction …
To do this, we can disable the service PackageKit (root console):
systemctl disable packagekit.service systemctl stop packagekit.service
** Stopping packagekit might take several minutes.
yum -y install yum-cron
And now edit /etc/yum/yum-cron.conf
Replacing the following line:
apply_updates = no
apply_updates = yes
Getting rid of FirewallD:
FirewallD is another attempt to separate the final user from the system internals. If we are familiar with iptables, maybe we want to control the firewall rules ourselves, and not through a “dumb” interface.
systemctl disable firewalld systemctl stop firewalld
yum install iptables-services
With this, we can enjoy and configure the firewall using /etc/sysconfig/iptables. (BEWARE: it’s very important to configure your iptables!).
I describe IPv6 as a backdoor in your operating system. Nothing operates today with IPv6 (or almost nothing), maybe in the future it will be interesting to operate with IPv6, when our ISP provide us with a valid IPv6 address. But in the meantime, be IPv6 ready slow down the operating system and can create security breaches if we do not take care of it (eg. To configure firewall rules in ipv6) …
If you want to disable it, you just need to edit this file: /etc/sysconfig/grub:
and add to GRUB_CMDLINE_LINUX=, the value: ipv6.disable=1
GRUB_CMDLINE_LINUX="rd.lvm.lv=vg0/root rd.luks.uuid=xyz rd.lvm.lv=vg0/swap rhgb quiet"
GRUB_CMDLINE_LINUX="rd.lvm.lv=vg0/root rd.luks.uuid=xyz rd.lvm.lv=vg0/swap rhgb quiet ipv6.disable=1"
Then, to apply changes, you have to run grub2-mkconfig (as root):
grub2-mkconfig -o /boot/grub2/grub.cfg
and then, reboot…
Unfortunately, I don’t have any solution here … maybe, you need to take a look on SystemV based distributions (like devuan)