[cod] Disapointed
James Kreuziger
jkreuzig at cyberonic.com
Wed Nov 26 03:56:45 EST 2003
>I had no idea samba was that big og a security risc.
>Neither did i know that i could cause lag.
>I has both samba shares AND smbfs mounts.
>Ill remove the crap and use ftp in the future.
I'd suggest that you ditch the ftp also, and make sure you
are running an ssh daemon instead. There are ssh clients for
all different OS's you can think of, and most include an sftp client.
Standard ftp is notoriously insecure, as insecure as telnet. It's
worth the minor hit in resources to go with ssh.
That's my 2 cents.
-Jim(whatever)
----- Original Message -----
From: "Dave Whitla" <dave.whitla at ocean.net.au>
To: <cod at icculus.org>
Sent: Wednesday, November 26, 2003 1:00 AM
Subject: Re: [cod] Disapointed
> MayDay,
>
> I'm not even running the server yet - too damn busy to play games
lately
> (despite hanging out for it). However, I note a few things about your
> process list that could be improved.
>
> I don't believe this is a resource issue, in the obvious sense (ie
memory,
> cpu, disk, swap) or bandwidth of your connection - more likely in the
way
> your machine is accessing that bandwidth.
>
>
> On Wed, 26 Nov 2003 05:10 am, MayDay wrote:
> > TOP: Sorted after Memory.
> >
> > All the extra services i started like udpb, codbot, uglygs, apache i
tried
> > to shut down aswell as server logging, still lags.
> > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
> > 857 clan 15 0 214m 109m 3084 S 0.0 21.7 2:43.96
cod_lnxded
> > 346 www-data 16 0 72060 3404 69m S 0.0 0.7 0:00.00 apache
> > 694 www-data 15 0 72068 3404 69m S 0.0 0.7 0:00.00 apache
> turn this off - you certainly dont need it and (from the rest of this
it
looks
> like this might be your first linux install - not having a shot here
just
> noting) your default apache settings might specify non-existent files
that
> the server keeps looking for for example.
>
> > 864 clan 15 0 5216 3380 3896 S 0.0 0.7 0:00.14 python
> > 315 root 16 0 71932 3124 69m S 0.0 0.6 0:00.03 apache
> > 1018 root 16 0 7152 2472 5692 S 0.0 0.5 0:00.00 smbd
> > 134 root 17 0 5280 2232 3636 S 0.0 0.4 0:00.00
mount.smbfs
> > 1016 root 15 0 5264 2184 3856 S 0.0 0.4 0:00.13 nmbd
> what the? - never run samba on a net connected box unless you really
know
what
> you are doing security wise. do you have a win2k/xp machine on the
same
> subnet. i notice really bad lag accessing smb shares on win2k/xp from
my
> debian machine in the office - have you mounted an smb share here?
> Either way ditch samba-server - you can keep the client and common
packages
> for manual use to connect to a wintendo machine as required.
> apt-get purge samba-server
>
> > 264 root 34 19 19804 2076 2600 S 0.0 0.4 0:01.86
server_linux
> > 265 root 16 0 19804 2076 2600 S 0.0 0.4 0:00.00
server_linux
> > 266 root 15 0 19804 2076 2600 S 0.0 0.4 0:02.01
server_linux
> > 267 root 15 0 19804 2076 2600 S 0.5 0.4 0:19.16
server_linux
> > 268 root 15 0 19804 2076 2600 S 0.5 0.4 0:09.23
server_linux
> > 270 root 16 0 19804 2076 2600 S 0.0 0.4 0:00.00
server_linux
> > 271 root 15 0 19804 2076 2600 S 0.0 0.4 0:00.05
server_linux
> > 272 root 15 0 19804 2076 2600 S 0.0 0.4 0:00.03
server_linux
> > 273 root 15 0 19804 2076 2600 S 0.0 0.4 0:01.02
server_linux
> what is this? - it's running as root by the way
>
> > 244 root 15 0 3024 1964 1820 S 0.0 0.4 0:00.00 named
> You dont need this - and it may be doing domain reverse-lookups
depending
on
> your inetd config below. Unless you really need a DNS server use a
DNS
> caching client instead. Incidentally, if this isnt Bind9 you are
asking
for
> a root-kit.
>
> > 1054 clan 17 0 6164 1892 5592 R 0.0 0.4 0:00.01 sshd
> > 1052 root 17 0 6008 1780 5592 S 0.0 0.3 0:00.01 sshd
> > 854 clan 22 0 3400 1628 2524 S 0.0 0.3 0:00.01 perl
> > 300 root 16 0 3096 1400 2896 S 0.0 0.3 0:00.00 sshd
> > 1055 clan 16 0 2576 1380 2400 S 0.0 0.3 0:00.00 bash
> > 849 clan 16 0 2692 1368 2180 S 0.0 0.3 0:00.01 screen
> > 863 clan 16 0 2692 1368 2180 S 0.0 0.3 0:00.00 screen
> > 230 root 16 0 2232 1240 1360 S 0.0 0.2 0:00.09 klogd
> > 853 clan 16 0 2684 1176 2180 S 0.0 0.2 0:00.00 screen
> > 1056 clan 16 0 2076 1032 1868 R 0.0 0.2 0:00.04 top
> > 236 root 16 0 2376 1028 2000 S 0.0 0.2 0:00.29 pppd
> Looks like the server is also your DSL gateway
>
> > 123 root 16 0 2088 1016 1752 S 0.0 0.2 0:00.00
dhclient
> Necessary if you have a dynamically assigned Internet IP from your DSL
> provider - check the polling interval - unlikely to have anything to
do
with
> this though.
>
> > 858 clan 15 0 1820 1004 592 S 0.0 0.2 0:00.93 codbot
> > 850 clan 22 0 2296 984 2212 S 0.0 0.2 0:00.00 sh
> > 303 root 18 0 1692 740 1524 S 0.0 0.1 0:00.00
rpc.statd
> Remove this NOW.
>
> > 311 root 16 0 1780 736 1600 S 0.0 0.1 0:00.00 cron
> > 227 root 16 0 1576 628 1408 S 0.0 0.1 0:00.30 syslogd
> > 308 daemon 16 0 1708 628 1544 S 0.0 0.1 0:00.00 atd
> > 237 root 15 0 1584 608 1396 S 0.0 0.1 0:45.37 pptp
> > 127 daemon 15 0 1740 600 1572 S 0.0 0.1 0:00.00 portmap
> Remove this - it is a well known security exploit and is totally
unnecessary.
>
> > 286 root 18 0 1612 588 1432 S 0.0 0.1 0:00.00 lpd
> Don't need this - potential security hole also - historically there
have
been
> lots of LPD exploits.
>
> > 239 root 16 0 1568 576 1396 S 0.0 0.1 0:00.00 pptp
> > 282 root 21 0 1556 536 1400 S 0.0 0.1 0:00.00 inetd
> > 1 root 16 0 1516 512 1364 S 0.0 0.1 0:03.80 init
> > 340 root 17 0 1516 468 1352 S 0.0 0.1 0:00.00 getty
> > 341 root 17 0 1516 468 1352 S 0.0 0.1 0:00.00 getty
> > 342 root 17 0 1516 468 1352 S 0.0 0.1 0:00.00 getty
> > 343 root 16 0 1516 468 1352 S 0.0 0.1 0:00.00 getty
> > 344 root 16 0 1516 468 1352 S 0.0 0.1 0:00.00 getty
> > 345 root 16 0 1516 468 1352 S 0.0 0.1 0:00.00 getty
> > 860 clan 22 0 1532 456 1364 S 0.0 0.1 0:00.00 rm
> > 2 root 34 19 0 0 0 S 0.0 0.0 0:00.00
ksoftirqd/0
> > 3 root 5 -10 0 0 0 S 0.0 0.0 0:00.00
events/0
> > 4 root 5 -10 0 0 0 S 0.0 0.0 0:00.00
kblockd/0
> > 5 root 25 0 0 0 0 S 0.0 0.0 0:00.00 pdflush
> > 6 root 15 0 0 0 0 S 0.0 0.0 0:00.00 pdflush
>
> Also PPTP could be having an impact - I don't use it myself so I can't
say
> with any certainty - I have a separate box acting as
router/firewall/IPSEC
> gateway because tunnelling is no good to me without encryption. That
said,
> PPTP is in the kernel (is it still marked as experimental? I'm not
sure)
but
> still has a performance overhead as it encapsulates and unencapsulates
> packets - and here it is tracking several virtual links - do all your
clan
> connect over PPTP to this box - it will certainly reduce your player
limit.
>
> Before you waste too much time trying to trace the cause it would be
best
to
> remove all these unnecessary services.
>
> Also, the linux distro isnt so important as the glibc you are using.
> What debian release are you using (stable/testing/unstable) and are
you
using
> packages from more than 1 release?
>
> If, after you have narrowed the field of potential causes by removing
stuff,
> you still have a problem search every file in /var/log for evidence
that
> something exceptional is occuring - like errors/warnings that
something
can't
> be found etc.
>
> You may not get much useful help from guys with big or commercial
setups
> because they most likely arent trying to do so many divergent tasks
with
the
> one box.
>
> I'm sure you'll post if this is all crap - so I'll keep an eye out. I
want to
> run this server on one of my Debian servers anyway so if it's specific
to
the
> distro I'll be keen to help you track it down.
>
> Dave
>
More information about the Cod
mailing list