[cod] Disapointed
MayDay
MayDay at Players-Inc.dk
Tue Nov 25 19:56:28 EST 2003
This REALLY helped alot Dave:D
I had no idea samba was that big og a security risc.
Neither did i know that i could cause lag.
I has both samba shares AND smbfs mounts.
Ill remove the crap and use ftp in the future.
server_linux is Teamspeak2, donno why it spawned so many threads, maybe its
like apache, thinking it's super important and going to get 1000 connection
in the next few min :D
named:
Think it was me messing around, i have problems resolving hostnames -> ip's
even ping fails unless i add it to /etc/hosts. i recall that it worked fine
in the past, maybe its the dhcp server out her thats wierd, but my windows
machine works fine.
Anyways i recall something about named when i was trying to fix it.
Now that you mention it i did enabled reverse hostname lookup on something,
just can't remeber what it was, if it was the samba service it would try
every time somebody on the network tried to connect, and we are about 2000
people on the campus net, and my box can resolve hostnames->ip's so that
sould explain it.
I donno what package this is in, i could just stop it from starting up ofc,
but would rather remove it alltogether.
gateway:
yeah VPN network, hell to get working under linux, but seems to run great,
pings return 1-2ms to danish servers.
rpc.statd:
have no idea what it is and im almost posetive i dident install it, is it
default in debian maybe?
portmapper:
path of the rpc package i think, removign this also removed the rpc.statd if
im not mistaken.
lpd:
removed, linux printer deamon i reckon, don't need it :D
pptp:
used this to get my VPN running, i saw there was a new vpn module in the 2.6
kernel, but it's experimental.
it is my 100MB line running on this, so all internet trafficcomes through
here, windows handled it perfectly. i was surprised to se how poor the
support in linux was for VPN.
Well it's 02:00 here and i cant get it tested until tomorrow but i think it
could be the samba thing.
Thanks alot again for all the help, not only for this problem but for
explaining linux services in general :D
//MD
----- Original Message -----
From: "Dave Whitla" <dave.whitla at ocean.net.au>
To: <cod at icculus.org>
Sent: Wednesday, November 26, 2003 1:00 AM
Subject: Re: [cod] Disapointed
> MayDay,
>
> I'm not even running the server yet - too damn busy to play games lately
> (despite hanging out for it). However, I note a few things about your
> process list that could be improved.
>
> I don't believe this is a resource issue, in the obvious sense (ie memory,
> cpu, disk, swap) or bandwidth of your connection - more likely in the way
> your machine is accessing that bandwidth.
>
>
> On Wed, 26 Nov 2003 05:10 am, MayDay wrote:
> > TOP: Sorted after Memory.
> >
> > All the extra services i started like udpb, codbot, uglygs, apache i
tried
> > to shut down aswell as server logging, still lags.
> > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
> > 857 clan 15 0 214m 109m 3084 S 0.0 21.7 2:43.96 cod_lnxded
> > 346 www-data 16 0 72060 3404 69m S 0.0 0.7 0:00.00 apache
> > 694 www-data 15 0 72068 3404 69m S 0.0 0.7 0:00.00 apache
> turn this off - you certainly dont need it and (from the rest of this it
looks
> like this might be your first linux install - not having a shot here just
> noting) your default apache settings might specify non-existent files that
> the server keeps looking for for example.
>
> > 864 clan 15 0 5216 3380 3896 S 0.0 0.7 0:00.14 python
> > 315 root 16 0 71932 3124 69m S 0.0 0.6 0:00.03 apache
> > 1018 root 16 0 7152 2472 5692 S 0.0 0.5 0:00.00 smbd
> > 134 root 17 0 5280 2232 3636 S 0.0 0.4 0:00.00 mount.smbfs
> > 1016 root 15 0 5264 2184 3856 S 0.0 0.4 0:00.13 nmbd
> what the? - never run samba on a net connected box unless you really know
what
> you are doing security wise. do you have a win2k/xp machine on the same
> subnet. i notice really bad lag accessing smb shares on win2k/xp from my
> debian machine in the office - have you mounted an smb share here?
> Either way ditch samba-server - you can keep the client and common
packages
> for manual use to connect to a wintendo machine as required.
> apt-get purge samba-server
>
> > 264 root 34 19 19804 2076 2600 S 0.0 0.4 0:01.86
server_linux
> > 265 root 16 0 19804 2076 2600 S 0.0 0.4 0:00.00
server_linux
> > 266 root 15 0 19804 2076 2600 S 0.0 0.4 0:02.01
server_linux
> > 267 root 15 0 19804 2076 2600 S 0.5 0.4 0:19.16
server_linux
> > 268 root 15 0 19804 2076 2600 S 0.5 0.4 0:09.23
server_linux
> > 270 root 16 0 19804 2076 2600 S 0.0 0.4 0:00.00
server_linux
> > 271 root 15 0 19804 2076 2600 S 0.0 0.4 0:00.05
server_linux
> > 272 root 15 0 19804 2076 2600 S 0.0 0.4 0:00.03
server_linux
> > 273 root 15 0 19804 2076 2600 S 0.0 0.4 0:01.02
server_linux
> what is this? - it's running as root by the way
>
> > 244 root 15 0 3024 1964 1820 S 0.0 0.4 0:00.00 named
> You dont need this - and it may be doing domain reverse-lookups depending
on
> your inetd config below. Unless you really need a DNS server use a DNS
> caching client instead. Incidentally, if this isnt Bind9 you are asking
for
> a root-kit.
>
> > 1054 clan 17 0 6164 1892 5592 R 0.0 0.4 0:00.01 sshd
> > 1052 root 17 0 6008 1780 5592 S 0.0 0.3 0:00.01 sshd
> > 854 clan 22 0 3400 1628 2524 S 0.0 0.3 0:00.01 perl
> > 300 root 16 0 3096 1400 2896 S 0.0 0.3 0:00.00 sshd
> > 1055 clan 16 0 2576 1380 2400 S 0.0 0.3 0:00.00 bash
> > 849 clan 16 0 2692 1368 2180 S 0.0 0.3 0:00.01 screen
> > 863 clan 16 0 2692 1368 2180 S 0.0 0.3 0:00.00 screen
> > 230 root 16 0 2232 1240 1360 S 0.0 0.2 0:00.09 klogd
> > 853 clan 16 0 2684 1176 2180 S 0.0 0.2 0:00.00 screen
> > 1056 clan 16 0 2076 1032 1868 R 0.0 0.2 0:00.04 top
> > 236 root 16 0 2376 1028 2000 S 0.0 0.2 0:00.29 pppd
> Looks like the server is also your DSL gateway
>
> > 123 root 16 0 2088 1016 1752 S 0.0 0.2 0:00.00 dhclient
> Necessary if you have a dynamically assigned Internet IP from your DSL
> provider - check the polling interval - unlikely to have anything to do
with
> this though.
>
> > 858 clan 15 0 1820 1004 592 S 0.0 0.2 0:00.93 codbot
> > 850 clan 22 0 2296 984 2212 S 0.0 0.2 0:00.00 sh
> > 303 root 18 0 1692 740 1524 S 0.0 0.1 0:00.00 rpc.statd
> Remove this NOW.
>
> > 311 root 16 0 1780 736 1600 S 0.0 0.1 0:00.00 cron
> > 227 root 16 0 1576 628 1408 S 0.0 0.1 0:00.30 syslogd
> > 308 daemon 16 0 1708 628 1544 S 0.0 0.1 0:00.00 atd
> > 237 root 15 0 1584 608 1396 S 0.0 0.1 0:45.37 pptp
> > 127 daemon 15 0 1740 600 1572 S 0.0 0.1 0:00.00 portmap
> Remove this - it is a well known security exploit and is totally
unnecessary.
>
> > 286 root 18 0 1612 588 1432 S 0.0 0.1 0:00.00 lpd
> Don't need this - potential security hole also - historically there have
been
> lots of LPD exploits.
>
> > 239 root 16 0 1568 576 1396 S 0.0 0.1 0:00.00 pptp
> > 282 root 21 0 1556 536 1400 S 0.0 0.1 0:00.00 inetd
> > 1 root 16 0 1516 512 1364 S 0.0 0.1 0:03.80 init
> > 340 root 17 0 1516 468 1352 S 0.0 0.1 0:00.00 getty
> > 341 root 17 0 1516 468 1352 S 0.0 0.1 0:00.00 getty
> > 342 root 17 0 1516 468 1352 S 0.0 0.1 0:00.00 getty
> > 343 root 16 0 1516 468 1352 S 0.0 0.1 0:00.00 getty
> > 344 root 16 0 1516 468 1352 S 0.0 0.1 0:00.00 getty
> > 345 root 16 0 1516 468 1352 S 0.0 0.1 0:00.00 getty
> > 860 clan 22 0 1532 456 1364 S 0.0 0.1 0:00.00 rm
> > 2 root 34 19 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0
> > 3 root 5 -10 0 0 0 S 0.0 0.0 0:00.00 events/0
> > 4 root 5 -10 0 0 0 S 0.0 0.0 0:00.00 kblockd/0
> > 5 root 25 0 0 0 0 S 0.0 0.0 0:00.00 pdflush
> > 6 root 15 0 0 0 0 S 0.0 0.0 0:00.00 pdflush
>
> Also PPTP could be having an impact - I don't use it myself so I can't say
> with any certainty - I have a separate box acting as router/firewall/IPSEC
> gateway because tunnelling is no good to me without encryption. That
said,
> PPTP is in the kernel (is it still marked as experimental? I'm not sure)
but
> still has a performance overhead as it encapsulates and unencapsulates
> packets - and here it is tracking several virtual links - do all your clan
> connect over PPTP to this box - it will certainly reduce your player
limit.
>
> Before you waste too much time trying to trace the cause it would be best
to
> remove all these unnecessary services.
>
> Also, the linux distro isnt so important as the glibc you are using.
> What debian release are you using (stable/testing/unstable) and are you
using
> packages from more than 1 release?
>
> If, after you have narrowed the field of potential causes by removing
stuff,
> you still have a problem search every file in /var/log for evidence that
> something exceptional is occuring - like errors/warnings that something
can't
> be found etc.
>
> You may not get much useful help from guys with big or commercial setups
> because they most likely arent trying to do so many divergent tasks with
the
> one box.
>
> I'm sure you'll post if this is all crap - so I'll keep an eye out. I
want to
> run this server on one of my Debian servers anyway so if it's specific to
the
> distro I'll be keen to help you track it down.
>
> Dave
>
More information about the Cod
mailing list