Annvix:Documentation/Compare Distros
|
This page contains content from the old Annvix.org wiki and has been moved here to preserve content. These pages have been retained for historical and nostalgic purposes only. |
How Does Annvix Compare to Other Distributions?
This is an interesting question because Annvix is so very different from almost every other distribution out there. Perhaps the closest Linux distribution to Annvix would be Openwall GNU/*/Linux due to the similar focus (security). Annvix is also similar to Mandriva in some respects, primarily that it was originally based on Mandriva, tracks current Mandriva and makes use of many of it's modifications, and also uses urpmi.
But that is where the similarities end.
While most Linux distributions continue to use SysVinit to handle the init process, Annvix uses runit. Most new distributions attempt to provide the latest-and-greatest software; Annvix is more conservative and tends to stick with what works (although newer software is often provided, so it's not at all out-dated). Many distributions are shipping with security enhancements such as SELinux or AppArmor. Annvix has always provided RSBAC, and future versions will provide both RSBAC and AppArmor. Nearly all Linux distributions provide the X window server; Annvix doesn't even give you the option.
The Annvix development team has made a concerted effort to make Annvix as "bloat-free" as possible. The results of this effort are immediately apparent. It also takes a more conservative approach to enabling services. While some distributions enable everything that's installed, and others enable most of what's installed, Annvix enables nothing of what is installed. Installed sshd? Every other distribution will start it for you. Not Annvix. You start {{prog|sshd} when you are good and ready to start it, not when the system decides you should.
What follows is some basic comparisons between a Fedora Core 4, Mandriva Linux 2006, Mandriva's Corporate Server3, and Annvix 1.2-RELEASE. The tests were conducted in VMWare Server 1.0. Each VM was configured the same:
- 512MB memory
- 6GB drive space
- x86_64 versions of each distribution
- single virtual SCSI hard drive
They were further configured the same in terms of filesystem layout:
- 100MB /boot partition (ext2)
- 512MB swap partition
- 5.5GB / partition (ext3)
- One single user (root)
- All comparisons made after first boot without touching any configurations
The intent was also to test Novell's OpenSUSE 10.1 but the installer is so completely brain-dead that after a half hour of fighting it was determined it wasn't worth it (suffice it to say that because OpenSUSE's 64bit distribution also installs a lot of 32bit libraries and programs the overall distribution size would be about 40% larger (at least) than a purely 64bit install).
These distributions were chosen primarily because they were a) available on-hand and b) they are fairly quick to install (unlike others such as Gentoo).
Finally, installation time was not something that was measured (frankly, installation time is over-rated; how often do you intend to reinstall your distribution?).
Contents |
Fedora Core 4 x86_64
The first install was Fedora Core 4. Fedora allows you to choose an installation class, so "Server" was selected. The default firewall is very restrictive, which is great, SELinux is enabled by default. The Server install doesn't install X by default, which is great. However, not so great:
# df -hT Filesystem Type Size Used Avail Use% Mounted on /dev/sda3 ext3 5.3G 948M 4.1G 19% / /dev/sda1 ext2 99M 5.8M 88M 7% /boot /dev/shm tmpfs 249M 0 249M 0% /dev/shm
FC4, without X, uses almost 1GB in the default install. For memory usage:
# free
total used free shared buffers cached
Mem: 509016 100240 408776 0 6292 47516
-/+ buffers/cache: 46432 462584
Swap: 522104 0 522104
What was running according to ps:
# ps axfvw
PID TTY STAT TIME MAJFL TRS DRS RSS %MEM COMMAND
1 ? S 0:00 95 33 4842 640 0.1 init [3]
2 ? SN 0:00 0 0 0 0 0.0 [ksoftirqd/0]
3 ? S 0:00 0 0 0 0 0.0 [watchdog/0]
4 ? S< 0:00 0 0 0 0 0.0 [events/0]
5 ? S< 0:00 0 0 0 0 0.0 [khelper]
6 ? S< 0:00 0 0 0 0 0.0 [kthread]
8 ? S< 0:00 0 0 0 0 0.0 \_ [kacpid]
63 ? S< 0:00 0 0 0 0 0.0 \_ [kblockd/0]
111 ? S 0:00 0 0 0 0 0.0 \_ [pdflush]
112 ? S 0:00 0 0 0 0 0.0 \_ [pdflush]
114 ? S< 0:00 0 0 0 0 0.0 \_ [aio/0]
1459 ? S< 0:00 0 0 0 0 0.0 \_ [kauditd]
66 ? S 0:00 0 0 0 0 0.0 [khubd]
113 ? S 0:00 0 0 0 0 0.0 [kswapd0]
192 ? S 0:00 0 0 0 0 0.0 [kseriod]
352 ? S 0:00 0 0 0 0 0.0 [scsi_eh_0]
365 ? S 0:00 0 0 0 0 0.0 [kjournald]
875 ? S<s 0:00 0 24 3723 596 0.1 udevd
901 ? S 0:00 0 0 0 0 0.0 [shpchpd_event]
1370 ? Ss 0:00 0 417 4114 1284 0.2 /sbin/dhclient -1 -q -lf /var/lib/dhcp/dhclient-eth0.leases \
-pf /var/run/dhclient-eth0.pid eth0
1409 ? Ss 0:00 0 32 3699 656 0.1 syslogd -m 0
1411 ? Ss 0:00 0 22 2621 516 0.1 klogd -x
1427 ? Ss 0:00 0 32 4815 660 0.1 portmap
1444 ? Ss 0:00 0 43 5864 816 0.1 rpc.statd
1456 ? S<sl 0:00 0 38 14001 692 0.1 auditd
1483 ? Ss 0:00 0 48 20959 1628 0.3 rpc.idmapd
1494 ? Ss 0:00 2 39 6252 860 0.1 hcid: processing events
1498 ? Ss 0:00 0 18 3705 612 0.1 sdpd
1517 ? S< 0:00 0 0 0 0 0.0 [krfcommd]
1631 ? Ss 0:00 0 40 10027 800 0.1 /usr/sbin/automount --timeout=60 /misc file /etc/auto.misc
1681 ? Ss 0:00 0 40 10015 788 0.1 /usr/sbin/automount --timeout=60 /net program /etc/auto.net
1692 ? Ss 0:00 0 42 4877 676 0.1 nifd -n
1719 ? Ssl 0:00 2 211 15464 1176 0.2 mDNSResponder
1727 ? Ss 0:00 0 17 2618 616 0.1 /usr/sbin/acpid
1735 ? Ss 0:00 8 239 72180 2836 0.5 cupsd
1824 ? Ss 0:00 0 321 22778 2116 0.4 /usr/sbin/sshd
1840 ? Ss 0:00 0 717 35462 3748 0.7 sendmail: accepting connections
1846 ? Ss 0:00 0 717 28214 3220 0.6 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
1854 ? Ss 0:00 0 84 4203 624 0.1 gpm -m /dev/input/mice -t imps2
1861 ? Ss 0:00 0 39 57116 1252 0.2 crond
1888 ? Ss 0:00 1 80 9803 1580 0.3 xfs -droppriv -daemon
1895 ? SNs 0:00 0 23 2616 696 0.1 anacron -s
1901 ? Ss 0:00 0 19 9048 836 0.1 /usr/sbin/atd
1908 ? Ssl 0:00 0 544 18451 1420 0.2 dbus-daemon --system
1918 ? Ss 0:00 2 15 9104 1308 0.2 cups-config-daemon
1926 ? Ss 0:00 0 169 13786 2844 0.5 hald --retain-privileges
1931 ? S 0:00 0 5 7282 784 0.1 \_ hald-addon-acpi
1947 ? S 0:00 0 7 7284 792 0.1 \_ hald-addon-storage
1953 ? Ss 0:00 2 19 25000 1320 0.2 login -- root
2114 tty1 Ss 0:00 0 669 53370 1592 0.3 \_ -bash
2230 tty1 R+ 0:00 0 75 51784 836 0.1 \_ ps axfvw
1954 tty2 Ss+ 0:00 0 10 2617 476 0.0 /sbin/mingetty tty2
1955 tty3 Ss+ 0:00 0 10 2621 480 0.0 /sbin/mingetty tty3
1956 tty4 Ss+ 0:00 0 10 2617 476 0.0 /sbin/mingetty tty4
1957 tty5 Ss+ 0:00 0 10 2617 476 0.0 /sbin/mingetty tty5
1958 tty6 Ss+ 0:00 0 10 2617 476 0.0 /sbin/mingetty tty6
# ps axfvw|wc -l
58
Services configured to start at boot, out of the box:
# chkconfig --list|grep "3:on" acpid 0:off 1:off 2:off 3:on 4:on 5:on 6:off anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off bluetooth 0:off 1:off 2:on 3:on 4:on 5:on 6:off cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off cups-config-daemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off isdn 0:off 1:off 2:on 3:on 4:on 5:on 6:off kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off mDNSResponder 0:off 1:off 2:off 3:on 4:on 5:on 6:off mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off nifd 0:off 1:off 2:off 3:on 4:on 5:on 6:off pcmcia 0:off 1:off 2:on 3:on 4:on 5:on 6:off portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off rhnsd 0:off 1:off 2:off 3:on 4:on 5:on 6:off rpcgssd 0:off 1:off 2:off 3:on 4:on 5:on 6:off rpcidmapd 0:off 1:off 2:off 3:on 4:on 5:on 6:off sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Finally, netstat output:
# netstat -l --tcp -p Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:32769 *:* LISTEN 1444/rpc.statd tcp 0 0 *:sunrpc *:* LISTEN 1427/portmap tcp 0 0 localhost.localdomain:ipp *:* LISTEN 1735/cupsd tcp 0 0 localhost.localdomain:5335 *:* LISTEN 1719/mDNSResponder tcp 0 0 localhost.localdomain:smtp *:* LISTEN 1840/sendmail: acce tcp 0 0 *:ssh *:* LISTEN 1824/sshd # netstat -l --udp -p Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 *:32768 *:* 1444/rpc.statd udp 0 0 *:772 *:* 1444/rpc.statd udp 0 0 *:bootpc *:* 1370/dhclient udp 0 0 *:5353 *:* 1719/mDNSResponder udp 0 0 *:sunrpc *:* 1427/portmap udp 0 0 *:ipp *:* 1735/cupsd
As you can see, out of the box, Fedora doesn't ease up on the things it's running, the memory it's using, and what's listening on network ports. The default firewall makes this a little easier to deal with.
Mandriva Linux 2006 x86_64
The next was Mandriva 2006/x86_64. Unlike Fedora, Mandriva offers no installation "classes" so essentially you need to de-select all the inapproproriate groups, like "office tools", "kde desktop", and so forth and then enable more appropriate groups like "web/ftp", "mail/news", "firewall/router", and "network computer". We did not do any individual package selection so these were the default packages in these server-related groups (all workstation/desktop/development-related groups were de-selected). The nice thing here is that X did not come with the install due to not selecting any window managers or desktops. While you can configure the firewall, the default was to not filter anything.
The same first-root-login statistics follow. Mandriva took up much less space than FC4:
# df -hT Filesystem Type Size Used Avail Use% Mounted on /dev/sda6 ext3 5.4G 566M 4.6G 11% / /dev/sda1 ext2 92M 3.3M 84M 4% /boot
The memory usage:
# free
total used free shared buffers cached
Mem: 509716 80360 429356 0 2816 38524
-/+ buffers/cache: 39020 470696
Swap: 522072 0 522072
The programs that were running at that first login:
# ps axfvw
PID TTY STAT TIME MAJFL TRS DRS RSS %MEM COMMAND
1 ? S 0:00 14 31 2604 568 0.1 init [3]
2 ? S 0:00 0 0 0 0 0.0 [migration/0]
3 ? SN 0:00 0 0 0 0 0.0 [ksoftirqd/0]
4 ? S< 0:00 0 0 0 0 0.0 [events/0]
5 ? S< 0:00 0 0 0 0 0.0 [khelper]
6 ? S< 0:00 0 0 0 0 0.0 [kthread]
9 ? S< 0:00 0 0 0 0 0.0 \_ [kacpid]
52 ? S< 0:00 0 0 0 0 0.0 \_ [kblockd/0]
84 ? S 0:00 0 0 0 0 0.0 \_ [pdflush]
85 ? S 0:00 0 0 0 0 0.0 \_ [pdflush]
87 ? S< 0:00 0 0 0 0 0.0 \_ [aio/0]
748 ? S< 0:00 0 0 0 0 0.0 \_ [ata/0]
4080 ? S< 0:00 0 0 0 0 0.0 \_ [rpciod/0]
86 ? S 0:00 0 0 0 0 0.0 [kswapd0]
677 ? S 0:00 0 0 0 0 0.0 [kseriod]
760 ? S 0:00 0 0 0 0 0.0 [scsi_eh_0]
776 ? S 0:00 0 0 0 0 0.0 [kjournald]
918 ? S<s 0:00 0 27 2608 540 0.1 udevd -d
2083 ? Ss 0:00 0 25 3658 560 0.1 /sbin/ifplugd -b -i eth0
2110 ? Ss 0:00 1 34 4793 652 0.1 portmap
2496 ? Ss 0:00 0 353 4098 1204 0.2 /sbin/dhclient -1 -q -lf /var/lib/dhcp/dhclient-eth0.leases \
-pf /var/run/dhclient-eth0.pid -cf /etc/dhclient-eth0.conf eth0
3611 ? Ss 0:00 0 27 3680 712 0.1 syslogd -m 0 -a /var/spool/postfix/dev/log
3623 ? Ss 0:00 0 22 3513 1600 0.3 klogd -2
3655 ? Ss 0:00 0 19 2604 644 0.1 /usr/sbin/acpid
3691 ? Ss 0:00 0 38 4793 800 0.1 rpc.statd
3775 ? Ss 0:00 2 80 11727 1660 0.3 xfs -port -1 -daemon -droppriv -user xfs
3790 ? Ss 0:00 0 276 9235 1184 0.2 dbus-daemon-1 --system
3832 ? Ss 0:00 0 26 4957 716 0.1 /usr/sbin/mandi -d
3928 ? Ss 0:00 0 14 5805 632 0.1 /usr/sbin/atd
3980 ? Ss 0:00 1 344 20143 2048 0.4 /usr/sbin/sshd
4068 ? S 0:00 0 0 0 0 0.0 [nfsd]
4069 ? S 0:00 0 0 0 0 0.0 [nfsd]
4070 ? S 0:00 0 0 0 0 0.0 [nfsd]
4071 ? S 0:00 0 0 0 0 0.0 [nfsd]
4072 ? S 0:00 0 0 0 0 0.0 [nfsd]
4073 ? S 0:00 0 0 0 0 0.0 [nfsd]
4074 ? S 0:00 0 0 0 0 0.0 [nfsd]
4075 ? S 0:00 0 0 0 0 0.0 [nfsd]
4079 ? S 0:00 0 0 0 0 0.0 [lockd]
4086 ? Ss 0:00 0 62 4817 752 0.1 rpc.mountd
4534 ? Ss 0:00 0 27 16352 1892 0.3 /usr/lib64/postfix/master
4535 ? S 0:00 0 8 18475 1924 0.3 \_ pickup -l -t fifo -u -c -o content_filter -o receive_override_options
4536 ? S 0:00 1 44 18475 1956 0.3 \_ qmgr -l -t fifo -u -c
4549 ? Ss 0:00 0 23 3680 692 0.1 crond
4565 ? Ss 0:00 3 3256 31347 3756 0.7 smbd -D
4575 ? S 0:00 0 3256 31347 3752 0.7 \_ smbd -D
4576 ? Ss 0:00 0 1090 24553 2456 0.4 nmbd -D
4727 ? Ss 0:00 17 291 81856 8548 1.6 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DAPACHE2 [...]
4734 ? S 0:00 0 15 96 32 0.0 \_ /usr/sbin/advxsplitlogfile-DIET
4735 ? S 0:00 0 291 82928 8648 1.6 \_ /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DAPACHE2 [...]
4736 ? S 0:00 0 291 82928 8644 1.6 \_ /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DAPACHE2 [...]
4737 ? S 0:00 0 291 82928 8644 1.6 \_ /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DAPACHE2 [...]
4738 ? S 0:00 0 291 82928 8644 1.6 \_ /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DAPACHE2 [...]
4739 ? S 0:00 0 291 82928 8644 1.6 \_ /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DAPACHE2 [...]
4740 ? S 0:00 0 291 82928 8644 1.6 \_ /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DAPACHE2 [...]
4741 ? S 0:00 0 291 82928 8644 1.6 \_ /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DAPACHE2 [...]
4742 ? S 0:00 0 291 82928 8644 1.6 \_ /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DAPACHE2 [...]
4790 ? Ss 0:00 5 19 23048 1300 0.2 login -- root
4860 tty1 Ss 0:00 1 703 7316 1780 0.3 \_ -bash
4914 tty1 R+ 0:00 0 77 4562 820 0.1 \_ ps axfvw
4793 tty2 Ss+ 0:00 0 10 2609 484 0.0 /sbin/mingetty tty2
4794 tty3 Ss+ 0:00 0 10 2609 484 0.0 /sbin/mingetty tty3
4809 tty4 Ss+ 0:00 0 10 2609 484 0.0 /sbin/mingetty tty4
4812 tty5 Ss+ 0:00 0 10 2609 484 0.0 /sbin/mingetty tty5
4815 tty6 Ss+ 0:00 0 10 2609 480 0.0 /sbin/mingetty tty6
# ps axfvw|wc -l
67
Services configured to start out of the box:
# chkconfig --list|grep "3:on" acpi 0:off 1:off 2:on 3:on 4:on 5:on 6:off acpid 0:off 1:off 2:off 3:on 4:on 5:on 6:off alsa 0:off 1:off 2:on 3:on 4:on 5:on 6:off atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off harddrake 0:off 1:off 2:off 3:on 4:on 5:on 6:off httpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off keytable 0:off 1:off 2:on 3:on 4:on 5:on 6:off kheader 0:off 1:off 2:on 3:on 4:off 5:on 6:off mailman 0:off 1:off 2:on 3:on 4:on 5:on 6:off mandi 0:off 1:off 2:on 3:on 4:on 5:on 6:off mdadm 0:off 1:off 2:on 3:on 4:on 5:on 6:off messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off nfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off numlock 0:off 1:off 2:off 3:on 4:on 5:on 6:off partmon 0:off 1:off 2:off 3:on 4:on 5:on 6:off portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off shorewall 0:off 1:off 2:on 3:on 4:on 5:on 6:off smb 0:off 1:off 2:off 3:on 4:off 5:on 6:off sound 0:off 1:off 2:on 3:on 4:on 5:on 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
And the listening ports according to netstat:
# netstat -l --tcp -p Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:32769 *:* LISTEN - tcp 0 0 *:nfs *:* LISTEN - tcp 0 0 *:rsync *:* LISTEN 4086/rpc.mountd tcp 0 0 *:905 *:* LISTEN 3691/rpc.statd tcp 0 0 localhost:10026 *:* LISTEN 4534/master tcp 0 0 *:netbios-ssn *:* LISTEN 4565/smbd tcp 0 0 *:sunrpc *:* LISTEN 2110/portmap tcp 0 0 *:http *:* LISTEN 4727/httpd tcp 0 0 localhost:smtp *:* LISTEN 4534/master tcp 0 0 *:https *:* LISTEN 4727/httpd tcp 0 0 *:microsoft-ds *:* LISTEN 4565/smbd tcp 0 0 *:ssh *:* LISTEN 3980/sshd # netstat -l --udp -p Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 *:32768 *:* - udp 0 0 *:nfs *:* - udp 0 0 *:899 *:* 3691/rpc.statd udp 0 0 *:902 *:* 3691/rpc.statd udp 0 0 10.0.5.223:netbios-ns *:* 4576/nmbd udp 0 0 *:netbios-ns *:* 4576/nmbd udp 0 0 10.0.5.223:netbios-dgm *:* 4576/nmbd udp 0 0 *:netbios-dgm *:* 4576/nmbd udp 0 0 *:bootpc *:* 2496/dhclient udp 0 0 *:870 *:* 4086/rpc.mountd udp 0 0 *:sunrpc *:* 2110/portmap
Mandriva Corporate Server 3 x86_64
With Corporate Server 3, you get to select different groups of packages. Out of the default selection, we removed "development", "mdksoft wizards", and "groupware" and added "file & print sharing", "mail/news", "firewall/router", "web server", "ssh server", "webmin", and "network utils". Everything else was left at the defaults.
The amount of space it took:
# df -hT
Filesystem Type Size Used Avail Use% Mounted on
/dev/scsi/host0/bus0/target0/lun0/part6
ext3 5.4G 891M 4.2G 18% /
/dev/scsi/host0/bus0/target0/lun0/part1
ext2 92M 5.9M 81M 7% /boot
Amazingly enough, there was no option to remove the KDE desktop and X with it, thus the very large size of the install.
The memory usage:
# free
total used free shared buffers cached
Mem: 509480 234000 275480 0 5060 69944
-/+ buffers/cache: 158996 350484
Swap: 522072 0 522072
The services configured to start at boot:
# chkconfig --list|grep "3:on" alsa 0:off 1:off 2:on 3:on 4:on 5:on 6:off kheader 0:off 1:off 2:on 3:on 4:off 5:on 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off partmon 0:off 1:off 2:off 3:on 4:on 5:on 6:off random 0:off 1:off 2:on 3:on 4:on 5:on 6:off rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off sound 0:off 1:off 2:on 3:on 4:on 5:on 6:off xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off keytable 0:off 1:off 2:on 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off httpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off ipmi 0:off 1:off 2:on 3:on 4:on 5:on 6:off harddrake 0:off 1:off 2:off 3:on 4:on 5:on 6:off atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off spamassassin 0:off 1:off 2:on 3:on 4:on 5:on 6:off amavisd 0:off 1:off 2:on 3:on 4:on 5:on 6:off lm_sensors 0:off 1:off 2:on 3:on 4:on 5:on 6:off clamd 0:off 1:off 2:on 3:on 4:on 5:on 6:off devfsd 0:off 1:off 2:on 3:on 4:on 5:on 6:off innd 0:off 1:off 2:off 3:on 4:on 5:on 6:off nfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off numlock 0:off 1:off 2:off 3:on 4:on 5:on 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off psacct 0:off 1:off 2:on 3:on 4:on 5:on 6:off smb 0:off 1:off 2:off 3:on 4:off 5:on 6:off webmin 0:off 1:off 2:on 3:on 4:on 5:on 6:off mailman 0:off 1:off 2:on 3:on 4:on 5:on 6:off acpi 0:off 1:off 2:on 3:on 4:on 5:on 6:off acpid 0:off 1:off 2:off 3:on 4:on 5:on 6:off
The processes running at the first login:
# ps axfvw
PID TTY STAT TIME MAJFL TRS DRS RSS %MEM COMMAND
1 ? S 0:01 17 29 2618 548 0.1 init [3]
2 ? SW 0:00 0 0 0 0 0.0 [migration/0]
3 ? SWN 0:00 0 0 0 0 0.0 [ksoftirqd/0]
4 ? SW< 0:00 0 0 0 0 0.0 [events/0]
5 ? SW< 0:00 0 0 0 0 0.0 [kblockd/0]
6 ? SW 0:00 0 0 0 0 0.0 [pdflush]
7 ? SW 0:00 0 0 0 0 0.0 [pdflush]
8 ? SW 0:00 0 0 0 0 0.0 [kswapd0]
9 ? SW< 0:00 0 0 0 0 0.0 [aio/0]
10 ? SW 0:00 0 0 0 0 0.0 [kseriod]
14 ? SW< 0:00 0 0 0 0 0.0 [ata/0]
18 ? SW 0:00 0 0 0 0 0.0 [scsi_eh_0]
22 ? SW 0:00 0 0 0 0 0.0 [kjournald]
120 ? S 0:00 0 38 9645 1604 0.3 devfsd /dev
478 ? S 0:00 9 57 26014 5136 1.0 /usr/lib64/gconfd-2 19
768 ? S 0:00 0 28 3731 592 0.1 /sbin/ifplugd -w -b -i eth0
832 ? S 0:00 0 349 4122 1204 0.2 /sbin/dhclient -1 -q -lf /var/lib/dhcp/dhclient-eth0.leases \
-pf /var/run/dhclient-eth0.pid -cf /etc/dhclient-eth0.conf eth0
881 ? S 0:00 0 33 6942 672 0.1 portmap
895 ? S 0:00 0 27 3704 688 0.1 syslogd -m 0 -a /var/spool/postfix/dev/log
903 ? S 0:00 0 23 4000 2004 0.3 klogd -2
942 ? S 0:00 0 36 4811 772 0.1 rpc.statd
1031 ? S 0:00 3 86 13693 3632 0.7 xfs -port -1 -daemon -droppriv -user xfs
1069 ? S 0:00 0 14 6937 668 0.1 /usr/sbin/atd
1084 ? S 0:00 0 18 2629 644 0.1 /usr/sbin/acpid
1121 ? S 0:00 0 325 13534 1740 0.3 /usr/sbin/sshd
1144 ? S 0:00 0 169 9554 992 0.1 xinetd -stayalive -reuse -pidfile /var/run/xinetd.pid
1173 ? S 0:00 0 78 4817 692 0.1 rpc.rquotad
1184 ? SW 0:00 0 0 0 0 0.0 [nfsd]
1185 ? SW 0:00 0 0 0 0 0.0 [nfsd]
1186 ? SW 0:00 0 0 0 0 0.0 [nfsd]
1187 ? SW 0:00 0 0 0 0 0.0 [nfsd]
1188 ? SW 0:00 0 0 0 0 0.0 [nfsd]
1189 ? SW 0:00 0 0 0 0 0.0 [nfsd]
1192 ? SW 0:00 0 0 0 0 0.0 [lockd]
1193 ? SW 0:00 0 0 0 0 0.0 [rpciod]
1190 ? SW 0:00 0 0 0 0 0.0 [nfsd]
1191 ? SW 0:00 0 0 0 0 0.0 [nfsd]
1204 ? S 0:00 0 61 4838 700 0.1 rpc.mountd
1275 ? S 0:00 0 11 90048 50100 9.8 amavisd (master)
1302 ? S 0:00 0 11 90048 50104 9.8 \_ amavisd (virgin child)
1303 ? S 0:00 0 11 90048 50104 9.8 \_ amavisd (virgin child)
1290 ? S 0:00 0 38 40665 21008 4.1 clamd -c /etc/clamd.conf
1699 ? S 0:00 0 26 13305 1308 0.2 /usr/lib64/postfix/master
1707 ? S 0:00 0 8 14367 1288 0.2 \_ pickup -l -t fifo -u -c -o content_filter -o receive_override_options
1708 ? S 0:00 0 45 14366 1312 0.2 \_ qmgr -l -t fifo -u -c
1709 ? S 0:00 0 9 18990 1868 0.3 \_ tlsmgr -l -t fifo -u -c
1721 ? S 0:00 0 11 73320 35696 7.0 /usr/bin/spamd -d -c -a -m5 -H
1761 ? S 0:00 0 23 6940 764 0.1 crond
1778 ? S 0:00 0 11 34260 8972 1.7 /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
1794 ? S 0:00 4 2764 28019 3644 0.7 smbd -D
1804 ? S 0:00 0 2764 28019 3628 0.7 \_ smbd -D
1805 ? S 0:00 0 936 22407 2436 0.4 nmbd -D
1963 ? S 0:00 22 368 93183 9516 1.8 httpd2 -f /etc/httpd/conf/httpd2.conf -DAPACHE2 [...]
1970 ? S 0:00 0 11 13996 2688 0.5 \_ /usr/bin/perl /usr/sbin/advxsplitlogfile
1971 ? S 0:00 0 368 93183 9544 1.8 \_ httpd2 -f /etc/httpd/conf/httpd2.conf -DAPACHE2 [...]
1972 ? S 0:00 0 368 93183 9540 1.8 \_ httpd2 -f /etc/httpd/conf/httpd2.conf -DAPACHE2 [...]
1973 ? S 0:00 0 368 93183 9540 1.8 \_ httpd2 -f /etc/httpd/conf/httpd2.conf -DAPACHE2 [...]-
1974 ? S 0:00 0 368 93183 9540 1.8 \_ httpd2 -f /etc/httpd/conf/httpd2.conf -DAPACHE2 [...]
1975 ? S 0:00 0 368 93183 9540 1.8 \_ httpd2 -f /etc/httpd/conf/httpd2.conf -DAPACHE2 [...]
2060 ? S 0:00 2 19 23048 1168 0.2 login -- root
2099 tty1 R 0:00 0 689 10722 1892 0.3 \_ -bash
2152 tty1 R 0:00 0 73 4402 748 0.1 \_ ps axfvw
2061 tty2 S 0:00 0 10 2617 476 0.0 /sbin/mingetty tty2
2062 tty3 S 0:00 0 10 2617 476 0.0 /sbin/mingetty tty3
2063 tty4 S 0:00 0 10 2617 476 0.0 /sbin/mingetty tty4
2064 tty5 S 0:00 0 10 2617 476 0.0 /sbin/mingetty tty5
2065 tty6 S 0:00 0 10 2617 476 0.0 /sbin/mingetty tty6
# ps axfvw|wc -l
69
And finally, what ports are being listened to on first boot:
# netstat -l --tcp -p Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:32768 *:* LISTEN 1144/xinetd tcp 0 0 *:32769 *:* LISTEN - tcp 0 0 *:nfs *:* LISTEN - tcp 0 0 *:929 *:* LISTEN 1173/rpc.rquotad tcp 0 0 localhost:10025 *:* LISTEN 1275/amavisd (maste tcp 0 0 localhost:10026 *:* LISTEN 1699/master tcp 0 0 *:netbios-ssn *:* LISTEN 1794/smbd tcp 0 0 *:pop3 *:* LISTEN 1144/xinetd tcp 0 0 localhost:783 *:* LISTEN 1721/spamd -d -c -a tcp 0 0 *:sunrpc *:* LISTEN 881/portmap tcp 0 0 *:10000 *:* LISTEN 1778/perl tcp 0 0 localhost:smtp *:* LISTEN 1699/master tcp 0 0 *:700 *:* LISTEN 942/rpc.statd tcp 0 0 *:microsoft-ds *:* LISTEN 1794/smbd tcp 0 0 *:959 *:* LISTEN 1204/rpc.mountd tcp 0 0 *:http *:* LISTEN 1963/httpd2 tcp 0 0 *:ssh *:* LISTEN 1121/sshd tcp 0 0 *:https *:* LISTEN 1963/httpd2 # netstat -l --udp -p Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 *:32768 *:* - udp 0 0 *:nfs *:* - udp 0 0 10.0.5.223:netbios-ns *:* 1805/nmbd udp 0 0 *:netbios-ns *:* 1805/nmbd udp 0 0 10.0.5.223:netbios-dgm *:* 1805/nmbd udp 0 0 *:netbios-dgm *:* 1805/nmbd udp 0 0 *:10000 *:* 1778/perl udp 0 0 *:926 *:* 1173/rpc.rquotad udp 0 0 *:ha-cluster *:* 942/rpc.statd udp 0 0 *:697 *:* 942/rpc.statd udp 0 0 *:956 *:* 1204/rpc.mountd udp 0 0 *:bootpc *:* 832/dhclient udp 0 0 *:sunrpc *:* 881/portmap
Annvix 1.2-RELEASE x86_64
Finally, the Annvix install. Because Annvix has a minimal install, and to be more fair to the other distributions, after installation but prior to rebooting, we installed Apache, PHP, and Samba in addition to the pre-installed packages (which would cover the MTA, firewall, etc.). We felt this made for an even comparison of a base install with the other distributions.
The size of the install:
# df -hT Filesystem Type Size Used Avail Use% Mounted on /dev/sda3 ext3 5.4G 509M 4.6G 10% / /dev/sda1 ext2 99M 2.9M 91M 4% /boot
The memory usage at first boot:
# free
total used free shared buffers cached
Mem: 508596 30388 478208 0 2612 13172
-/+ buffers/cache: 14604 493992
Swap: 506036 0 506036
The services configured to start at boot (note we had to look at the output of both chkconfig and srv to make an accurate comparison):
# chkconfig --list|grep "3:on" iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off keytable 0:off 1:off 2:on 3:on 4:on 5:on 6:off kheader 0:off 1:off 2:on 3:on 4:off 5:on 6:off kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off # srv --list|grep up crond up 14051 07/13/06 16:24:43 crond/log up 14050 07/13/06 16:24:43 mingetty-tty1 up 14052 07/13/06 16:24:43 mingetty-tty2 up 14041 07/13/06 16:24:43 mingetty-tty3 up 14042 07/13/06 16:24:43 mingetty-tty4 up 14043 07/13/06 16:24:43 mingetty-tty5 up 14044 07/13/06 16:24:43 mingetty-tty6 up 14045 07/13/06 16:24:43 socklog-klog up 14047 07/13/06 16:24:43 socklog-klog/log up 14046 07/13/06 16:24:43 socklog-unix up 14049 07/13/06 16:24:43 socklog-unix/log up 14048 07/13/06 16:24:43
The running processes at first boot:
# ps axfvw
PID TTY STAT TIME MAJFL TRS DRS RSS %MEM COMMAND
1 ? S 0:03 5 10 9 16 0.0 runit
2 ? S 0:00 0 0 0 0 0.0 [keventd]
3 ? SN 0:00 0 0 0 0 0.0 [ksoftirqd_CPU0]
4 ? S 0:00 0 0 0 0 0.0 [kswapd]
5 ? S 0:00 0 0 0 0 0.0 [bdflush]
6 ? S 0:00 0 0 0 0 0.0 [kupdated]
8 ? S< 0:00 0 0 0 0 0.0 [mdrecoveryd]
7 ? S 0:00 0 0 0 0 0.0 [khubd]
16 ? S 0:00 0 0 0 0 0.0 [kjournald]
17 ? S 0:00 0 464 219 212 0.0 /bin/nash /linuxrc
5893 ? Ss 0:00 0 37 2490 516 0.1 /sbin/dhcpcd -Y -N -D eth0
14031 ? Ss 0:00 21 20 35 32 0.0 /sbin/runsvdir -P /service log: ...... [...]
14032 ? Ss 0:00 6 14 9 24 0.0 \_ runsv mingetty-tty2
14041 tty2 Ss+ 0:00 19 29 18 44 0.0 | \_ /sbin/mingetty tty2
14033 ? Ss 0:00 6 14 9 24 0.0 \_ runsv mingetty-tty3
14042 tty3 Ss+ 0:00 19 29 18 44 0.0 | \_ /sbin/mingetty tty3
14034 ? Ss 0:00 6 14 9 24 0.0 \_ runsv mingetty-tty4
14043 tty4 Ss+ 0:00 19 29 18 44 0.0 | \_ /sbin/mingetty tty4
14035 ? Ss 0:00 6 14 9 24 0.0 \_ runsv mingetty-tty5
14044 tty5 Ss+ 0:00 19 29 18 44 0.0 | \_ /sbin/mingetty tty5
14036 ? Ss 0:00 6 14 9 24 0.0 \_ runsv mingetty-tty6
14045 tty6 Ss+ 0:00 19 29 18 44 0.0 | \_ /sbin/mingetty tty6
14037 ? Ss 0:00 6 14 9 24 0.0 \_ runsv socklog-klog
14046 ? S 0:00 33 34 17 48 0.0 | \_ /sbin/svlogd -tt /var/log/system/kmsg
14047 ? S 0:00 24 21 26 36 0.0 | \_ /bin/socklog ucspi
14038 ? Ss 0:00 6 14 9 24 0.0 \_ runsv socklog-unix
14048 ? S 0:00 25 34 57 80 0.0 | \_ /sbin/svlogd /var/log/system/all /var/log/system/auth \
/var/log/system/boot /var/log/system/cron /var/log/system/daemon /var/log/system/debug /var/log/system/ftp \
/var/log/system/kern /var/log/system/local /var/log/system/mail /var/log/system/messages /var/log/system/news \
/var/log/system/syslog /var/log/system/user
14049 ? S 0:00 24 21 26 36 0.0 | \_ /bin/socklog unix /dev/log
14039 ? Ss 0:00 6 14 9 24 0.0 \_ runsv crond
14050 ? S 0:00 33 34 17 48 0.0 | \_ /sbin/svlogd -tt /var/log/service/crond
14051 ? S 0:00 152 14 3557 584 0.1 | \_ /usr/sbin/crond -f
14040 ? Ss 0:00 6 14 9 24 0.0 \_ runsv mingetty-tty1
14052 ? Ss 0:00 315 18 23017 1216 0.2 \_ login -- root
14055 tty1 Ss 0:00 303 695 5888 1568 0.3 \_ -bash
15767 tty1 R+ 0:00 161 72 4275 740 0.1 \_ ps axfvw
# ps axfvw|wc -l
37
Keep in mind here that every service also has a supervise process running for it, so mingetty not only has itself running, but a runsv service monitoring it as well. It's not evident here, but sometimes a run script can also remain as a process as well (due to the bash interpretter). Also keep in mind that Annvix uses logging services so for many services, such as sshd, there is also a logging service to go with it; for many single services in Annvix there can be 3-4 processes "attached" to it, whereas with other distributions that simply background the primary process and do all logging via syslog, there are no auxillary processes.
And finally, the listening ports at first boot:
# netstat -l --tcp -p Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name # netstat -l --udp -p Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 *:bootpc *:* 5893/dhcpcd
The Comparison
The above outputs are certainly enlightening, but they make much more sense when compared side-by-side as shown below:
Disk Usage
| Mount Point | Fedora Core 4 | Mandriva 2006 | Corporate Server 3 | Annvix 1.2-RELEASE |
|---|---|---|---|---|
| /boot | 5.8M | 3.3M | 5.9M | 2.9M |
| / | 948M | 566M | 891M | 509M |
Memory Usage
| Fedora Core 4 | Mandriva 2006 | Corporate Server 3 | Annvix 1.2-RELEASE | |
|---|---|---|---|---|
| Used | 100240 | 80360 | 234000 | 30388 |
| Cached | 47516 | 38524 | 69944 | 13172 |
| Buffers | 6292 | 2816 | 5060 | 2612 |
| Active | 46432 | 39020 | 258996 | 14604 |
(The "active" number is taken via "[used] - ([cached] + [buffers])" to obtain the actual amount of memory being used on the system.)
Started Services
Keep in mind that not all of these services are long-term; some services such as kudzu, harddrake, or sound are one-shot deals. We are including these "configuration" or "hardware setup" services because a) Annvix has some too and b) they are part of the boot process:
| Fedora Core 4 | Mandriva 2006 | Corporate Server 3 | Annvix 1.2-RELEASE | |
|---|---|---|---|---|
| One-shot Services: | iptables, kudzu, network (3)* | acpi, alsa, harddrake, iptables, keytable, kheader, network, numlock, rawdevices, shorewall, sound (11) | alsa, kheader, network, random, rawdevices, sound, keytable, iptables, ipmi, harddrake, numlock, acpi (12) | iptables, keytable, kheader, kudzu, netfs, network, rawdevices (7) |
| Daemon Services: | apcid, anacron, atd, auditd, autofs, bluetooth, cpuspeed, crond, cups, cups-config-daemon, gpm, haldaemon, isdn, mDNSResponder, mdmonitor, messagebus, netfs, nfslock, nifd, pcmcia, portmap, rhnsd, rpcgssd, rpcidmapd, sendmail, sshd, syslog, xfs (28)* | acpid, atd, crond, httpd, mailman, mandi, mdadm, messagebus, netfs, nfs, nfslock, partmon, portmap, postfix, smb, sshd, syslog, xfs (18) | netfs, partmon, xinetd, portmap, syslog, crond, httpd, xfs, postfix, nfslock, atd, spamassassin, amavisd, lm_sensors, clamd, devfsd, innd, nfs, sshd, psacct, smb, webmin, mailman, acpid (24) | crond, crond/log, mingetty-tty1, mingetty-tty2, mingetty-tty3, mingetty-tty4, mingetty-tty5, mingetty-tty6, socklog-klog, socklog-klog/log, socklog-unix, socklog-unix/log (12)** |
| Total Services: | 31 services | 29 services | 36 services | 19 services** |
- (* I can't be 100% sure these are all the one-shot services, this is my first time looking at Fedora)
- (** to be fair, since no getties are listed as services in the other distributions (as they're spawned via init), and if you remove the logging services, Annvix has 3 daemon services, for a total of 10 total services)
Started Processes
The number of started services isn't entirely fair or accurate, to any distribution, as a single init script may start more than one process, or may result in no processes remaining. In the end, what matters is how many processes are running when the boot sequence is complete.
| Fedora Core 4 | Mandriva 2006 | Corporate Server 3 | Annvix 1.2-RELEASE | |
|---|---|---|---|---|
| Number of Processes: | 58 | 67 | 69 | 37 |
Again, this is the fairest comparison. Even though Annvix uses logging services, it still has considerably less services running than the others on a default install.
Listening Ports
The following lists the number of ports that are open and listening for connections:
| Fedora Core 4 | Mandriva 2006 | Corporate Server 3 | Annvix 1.2-RELEASE | |
|---|---|---|---|---|
| TCP: | 6 (3 localhost only, 3 exposed) | 12 (2 localhost only, 10 exposed) | 18 (5 localhost only, 13 exposed | 0 |
| UDP: | 6 (6 exposed) | 11 (9 exposed, 2 ip-bound) | 13 (11 exposed, 2 ip-bound) | 1 (1 exposed) |
Conclusion
This comparison isn't an effort to make Annvix look better than other Linux distributions... for most people it probably isn't, and for a lot of people, Annvix isn't what you want. Annvix is quite specialized, so we can do things that other distributions can't do, or won't do. We don't have huge amounts of users that are used to doing things a certain way so we can change direction mid-stream and innovate and improve on things that work for us that other larger distributions simply can't do.
The above is a simple illustration that we're meeting our goals... security and less bloat being the obvious two that can be seen from above. Of course, these "statistics" tell a very shallow tale and offer very little in terms of real-world use.
To be fair, these "statistics" show Annvix in a very favourable light, which is great. There are other metrics that can be used for a comparison that could be judged good or bad depending on your needs and requirements. For instance, Annvix has an extremely small "pre-package" count compared to most distributions. That is part of the "less bloat" mantra so could be considered beneficial. On the other end of the scale, less pre-packaged stuff means more things the end user may have to compile on their own. There is a definite trade-off when using one distribution over another.
Having said that, we feel that Annvix is meeting the goals and purposes it was set out to acheive, and the above "statistics" reflect that. Packaging everything under the sun, good or bad, was never a goal and as a result the choice offered to users is smaller... from a convenience factor. How acceptable this is really depends on your needs. In most cases, what Annvix provides pre-packaged is acceptable for what it was designed to do: provide a secure, stable, and lightweight server OS.
