Posts Tagged ‘remove’

Remove old unused kernels and cleanup orphaned packages on CentOS / RHEL/ Fedora and Debian Linux

Friday, October 23rd, 2020


If you administer CentOS 7 / CentOS  8 bunch of servers it is very likely after one of the scheduled Patch days every 6 months or so, you end up with a multiple Linux OS kernels installed on the system.
In normal situation on a freshly installed CentOS machine only one rpm package is installed on the system with the kernel release shipped with CentOS / RHEL / Fedora distro:
The reason to remove the old unused kernels is very simple, you don't want to have a messy installation and after some of the updates to boot up in a revert back old kernel or if you're pedantic to simply save few megas of space.
Some people choose to have more than one kernel just to make sure, if the new installed one doesn't boot, after a restart from ILO / IDRAC remote console interface you can select to boot the proper kernel. I agree having the old kernel before the system *kernel* upgrade as backup recovery is a good thing but this is a good thing to the point the system gets booted after reboot (you know we sysadmins usually after each major system package upgrade), we like to reboot the system warmly praying and hoping it will boot up next time 🙂

1. Remove CentOS last XX kernels from the OS

Of course removal of old kernels could be managed by a simple

yum remove kernel


One more than one kernel is present you can hence leave only lets say the last 2 installed kernel on the CentOS host (some people prefer to have only one) but just for the sake of having a backup kernel I like more to have last two kernels installed present, to do so run package-cleanup which is contained in yum-utils rpm package CentOS – this is CentOS / Redhat ( RHEL) specific command.

[root@centos ~ ]:# package-cleanup –oldkernels –count=2


–count=number argument – tells how many from the  latest version kernels to get removed.

Note if you don't have the package-cleanup command install yum-utils package:

[root@centos ~ :]#  yum install -y yum-utils


2. RemoveOld kernels from Fedora Linux – leave only the latest 3 installed

This is done with dnf by setting the –-latest-limit arg to negative value to how many last kernels want to keep

[root@fedora ~ ]:# dnf remove $(dnf repoquery –installonly –latest-limit=-3 -q)


3. Set how many kernels you want to be present on system all the time after package upgrades

It is possible to tell CentOS / RHEL / Fedora's on how many kernels show be kept installed on the system, the default configured on Operating system install time is to keep the last 5 installed kernel on the OS. This is controlled from installonly_limit=5 value that is usually as of year 2020 RPM based distributions found under /etc/yum.conf (on CentOS / RHEL) and in /etc/dnf/dnf.conf (in Fedora) configuration file and sets the desired number of kernels present on system after issuing commands yum upgrade / dnf upgrade –refresh etc.
The minimum number to give to  installonly_limit is 2.

4. Remove orphan rpm packages from server

The next thing to do is to check the installed orphan packages to see if we can safely remove them; by orphaned packages we mean all packages which no longer serve a purpose of package dependencies.
Orphan packages are packages who left over from some old dependencies that are no longer needed on the system but just take up space and impose a possible security risk as some of them might end up with time with a public well known and hacked CVE vulnearbility.

Let me try to explain this concept with a quick example: package A is depended on package B, thus, in order to install package A the package B must also be installed. Once the package A is removed the package B might still be installed, hence the package B is now orphaned package.
Here’s how we can safely see the orphan packages we do have on our system:

[root@centos ~ :]#  package-cleanup –quiet –leaves –exclude-bin

And here’s how we can delete them:

[root@centos ~ :]# package-cleanup –quiet –leaves –exclude-bin | xargs yum remove -y

The above commands should be launched multiple times, because the packages deleted with the first batch could create additional orphan packages, and so on: be sure to perform these tasks until no orphan packages appear anymore after the first package-cleanup command.


5. Delete Old Kernels and keep only last three ones on Debian / Ubuntu Linux

To do the same on a debian based distribution there is a command is provided by a deb package byobu, if you want to clean up old kernels on Debians :

$ sudo purge-old-kernels –keep 3

That's all folks enjoy ! 🙂


How to remove ‘active contents’ from PDF file on Linux / Strip Active Contents from PDF

Thursday, July 18th, 2019


I'm updating my Autiobography (CV) with my latest job eployeers, technology expertise and certifications and usually use the EuroPassCV standard web service to update already generated PDF files.The service as web based application service allows easy edit from the web as most web services which is quite handy and then allows Export to DOCX or PDF file format. So far so good but today I faced a really weird problem after, I've used successfully EuroPassCV service  and downloaded the PDF to my computer and tried to submit my Curriculum Vitae application to SAP's Successfactor newly created account for the purpose I faced a weird I error saying

"The system does not allow files with Active contents. Please …"


Of course if this error message was received on a Start-up application on Application upload that would be fine, but come on this is SAP's Successfactors, it cannot accept a standard generated PDF from EuroPass which nowadays is a standard for CV here in Europe and hosted on of official European Union website

To me this is a clear signal SAP needs an experienced ICT specialists and Quality Assurance testers like me to fix their mess and I will be willing to help them if they contact me until its too late for them, but let me go back to the topic of this article which was how to remove active contents from a PDF file 🙂

So first lets make clear what is Active content in a file ?

Active contents is content that includes programs like Internet polls, JavaScript applications, stock tickers, animated images, ActiveX applications, action items, streaming video and audio, weather maps, embedded objects, and much more. Active content contains programs that trigger automatic actions on a Web page without the user's knowledge or consent.
Active contents (Macros) could exist in many file formats that are used daily in most companies / organizations daily, active content can be contained in documents such as MS Excel,  Word, PDF, PowerPoint and so on.

So why does some applications disable document support for Active contents?

Well just for the reason of security, Active contents could often be some kind of malware or crapware and they can mess up with the web application (in case of bugs) or even mess up with server software if it is a complex warm like behavior exploiting some kind of vulnerability.
One thing to say about active contents removal on file upload by applications is that this practice could only be tolerated if the organization had already adapted a security through obscurity which most likely is the case with SAP's Successfactors and many other applications out there.

So next question is how to  Panicea (Resolution) Active Contents existing in a PDF file

Assuming you have a GNU / Linux Desktop or server with ghostscript package installed (which is the case by default with virtually any modern Linux distribution), removing Active Contents from PDF to make possible file to be submitted to the picky Security Conscious application with a single command:

gs -dNOPAUSE -sDEVICE=pdfwrite -sOUTPUTFILE=CV-Georgi_Dimitrov_Georgiev-Europass-20190718-EN-noact-content.pdf -dBATCH CV-Georgi_Dimitrov_Georgiev-Europass-20190718-EN.pdf

After that the stripped active contents PDF file would succeed in uploading to web app.



Debian Linux how to remove Xorg, Gnome / KDE, GDM and other graphical environment packages from a server

Wednesday, October 17th, 2012

Lets say by mistake you install a package and apt installs as a package dependency a whole bunch of Xorg, GDM GNOME 2 / 3 (desktop environment) along with whole other multitude of meta packages just like, lets say xinit , nautilus, totem, gedit,remmina etc.:
Mistakenly installing a graphical environment happens common (at least in my experience as admin happed many, many times). Often installing GUI by mistake is done on already well configured productive server, serving thousand of HTTP, SQL and Mails daily.
Having a started GDM login on the server takes some from the CPU time and also is extends possibilities for security breach to the server, so as always if something is not used it is better to wipe it off …

Here are some apt-get remove commands which will (COMPLETELY) remove Xserver ( Xorg ), Graphical Login Manager (GDM), GNOME desktop environment and their surrounding stuff:

# apt-get remove xorg
# apt-get remove nautilus-data nautilus-sendto libnautilus-extension1
# apt-get remove desktop-base
# apt-get remove python-gnomedesktop
# apt-get remove gdm3
# apt-get remove totem seahorse remmina gedit-common gconf2 epipha gedit-common gconf-defaults-service xauth
# apt-get remove epiphany-browser-data evolution-webcal gconf2
# apt-get remove nautilus-data nautilus-sendto libnautilus-extension1
# apt-get remove x11-common
# apt-get autoremove --purge gnome*

Here something worthy to mention is in Debian and (its deb based linux erivatives including Ubuntu), there are the so called metapackages. For those who don’t know what a meta-package is?; it is a package linked to a group of packages. Actually the meta package itself is a pre-selected Packages ready to install / remove with apt, aptitude or rest of “intelligent” package management utils available for Debian.
Once a meta-package is installed, all linked package dependencies; be it binaries or libraries as well as the proper configurations are downloaded and installed.

Very useful thing hence is listing all install-able metapackages; to list all available metapackages in Debian Linux use:

# apt-cache search metapackage


As of time of writing this post there are 276 apt installable metapackages existent on Debian Squeeze 6.0.5 Linux:

# apt-cache search metapackage|wc -l

Another more general way to see the basic types of metapackages, installable is via tasksel (tasksel is run and used during initial Debian Installer via install CD);
In tasksel, there are few meta-packages; Actually tasksel is very handy for sysadmins who install new servers :). Here is list of available meta-packs through it:

# tasksel --list-tasks
i web-server Web server
u print-server Print server
i dns-server DNS server
u file-server File server
u mail-server Mail server
u database-server SQL database
i ssh-server SSH server
u laptop Laptop
u manual manual package selection
u desktop Graphical desktop environment
i web-server Web server
u print-server Print server
i dns-server DNS server
u file-server File server
u mail-server Mail server
u database-server SQL database
i ssh-server SSH server
u laptop Laptop
u manual manual package selection

It is possible to also view sub-packages contained within, each of tasksel meta-packs, i.e..:

# tasksel --task-packages desktop

Actually using tasksel is much more “intelligent” way to remove GNOME, GDM and Xorg from a server. It will completely wipe out everything previously installed for running Desktop Environment on the host.
To remove desktop environment with tasksel:

# tasksel remove desktop

Ncurses progress bar will appear displaying all removed packages …
In my case, during trying to figure out what packages I need to remove ImageMagick as long as few other packages got removed as dependencies so I had to install them over with:

apt-get install --yes imagemagick libice6 php5-imagick libxvmc1 \
libzbar0 libxt6 libsm6 libxres1 libxtst6 libxvmc1 x-ttcidfont-conf libxxf86dga1

For people who need to remove KDE desktop environment from a host to be used as a server, check out KDE meta-packages:

apt-cache search metapackage|grep -i kde

You can remove all KDE related meta-packs within a bash loop, like so:

for i in $(apt-cache search metapackage|grep -i kde|awk '{ print $1 }'); do \
apt-get remove $i; done

It is also usually good idea, once all packages are removed the RC Remove Candidate deb packagse are removed too – if you don’t know what is RC I suggest you read my previous post here

Removing all rc‘s from system can be done with:

# for i in $(dpkg -l | grep -i '^rc' | awk '{ print $2 }'); do \
dpkg --purge $i; \

Though, I tested this if you follow my tutorial be careful, something might break and some essenail package or lib for (your custom) services might be removed. Be careful what is offered to uninstall only approve it if you’re 1000% sure; Please don’t count me responsible if apt- removes something which breaks your productive server 🙂

Remove icon from panel in GNOME3 (near applications Menu)

Thursday, September 27th, 2012

Remove icon from Panel in GNOME 3 Debian and Ubuntu Linux - pointing at icon near Application and Home gnome start menus

Mistakenly I added one icon near Places in (Ubuntu) ver. 12 GNOME 3 (upper) panel. To remove it following instructions given in Ubuntu Answers

Maybe the great criticism recently arisen concerning GNOME 3, new taken wrong path of development had a good standbase. Even a simple task as even for a simple operation as removing icon from the panel is now complicated….

In short to remove the icon I had to hold Win+Alt keys and then click with right (last) mouse button over the icon and choose Remove.
Cheers 😉