[cod] Disapointed
MayDay
MayDay at Players-Inc.dk
Wed Nov 26 04:49:54 EST 2003
Yeah, i am running ssh, and was think more of ftp client not ftpd :D
----- Original Message -----
From: "James Kreuziger" <jkreuzig at cyberonic.com>
To: <cod at icculus.org>
Sent: Wednesday, November 26, 2003 9:56 AM
Subject: RE: [cod] Disapointed
>
> >I had no idea samba was that big og a security risc.
> >Neither did i know that i could cause lag.
> >I has both samba shares AND smbfs mounts.
> >Ill remove the crap and use ftp in the future.
>
> I'd suggest that you ditch the ftp also, and make sure you
> are running an ssh daemon instead. There are ssh clients for
> all different OS's you can think of, and most include an sftp client.
> Standard ftp is notoriously insecure, as insecure as telnet. It's
> worth the minor hit in resources to go with ssh.
>
> That's my 2 cents.
>
> -Jim(whatever)
>
> ----- Original Message -----
> From: "Dave Whitla" <dave.whitla at ocean.net.au>
> To: <cod at icculus.org>
> Sent: Wednesday, November 26, 2003 1:00 AM
> Subject: Re: [cod] Disapointed
>
>
> > MayDay,
> >
> > I'm not even running the server yet - too damn busy to play games
> lately
> > (despite hanging out for it). However, I note a few things about your
> > process list that could be improved.
> >
> > I don't believe this is a resource issue, in the obvious sense (ie
> memory,
> > cpu, disk, swap) or bandwidth of your connection - more likely in the
> way
> > your machine is accessing that bandwidth.
> >
> >
> > On Wed, 26 Nov 2003 05:10 am, MayDay wrote:
> > > TOP: Sorted after Memory.
> > >
> > > All the extra services i started like udpb, codbot, uglygs, apache i
> tried
> > > to shut down aswell as server logging, still lags.
> > > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
> > > 857 clan 15 0 214m 109m 3084 S 0.0 21.7 2:43.96
> cod_lnxded
> > > 346 www-data 16 0 72060 3404 69m S 0.0 0.7 0:00.00 apache
> > > 694 www-data 15 0 72068 3404 69m S 0.0 0.7 0:00.00 apache
> > turn this off - you certainly dont need it and (from the rest of this
> it
> looks
> > like this might be your first linux install - not having a shot here
> just
> > noting) your default apache settings might specify non-existent files
> that
> > the server keeps looking for for example.
> >
> > > 864 clan 15 0 5216 3380 3896 S 0.0 0.7 0:00.14 python
> > > 315 root 16 0 71932 3124 69m S 0.0 0.6 0:00.03 apache
> > > 1018 root 16 0 7152 2472 5692 S 0.0 0.5 0:00.00 smbd
> > > 134 root 17 0 5280 2232 3636 S 0.0 0.4 0:00.00
> mount.smbfs
> > > 1016 root 15 0 5264 2184 3856 S 0.0 0.4 0:00.13 nmbd
> > what the? - never run samba on a net connected box unless you really
> know
> what
> > you are doing security wise. do you have a win2k/xp machine on the
> same
> > subnet. i notice really bad lag accessing smb shares on win2k/xp from
> my
> > debian machine in the office - have you mounted an smb share here?
> > Either way ditch samba-server - you can keep the client and common
> packages
> > for manual use to connect to a wintendo machine as required.
> > apt-get purge samba-server
> >
> > > 264 root 34 19 19804 2076 2600 S 0.0 0.4 0:01.86
> server_linux
> > > 265 root 16 0 19804 2076 2600 S 0.0 0.4 0:00.00
> server_linux
> > > 266 root 15 0 19804 2076 2600 S 0.0 0.4 0:02.01
> server_linux
> > > 267 root 15 0 19804 2076 2600 S 0.5 0.4 0:19.16
> server_linux
> > > 268 root 15 0 19804 2076 2600 S 0.5 0.4 0:09.23
> server_linux
> > > 270 root 16 0 19804 2076 2600 S 0.0 0.4 0:00.00
> server_linux
> > > 271 root 15 0 19804 2076 2600 S 0.0 0.4 0:00.05
> server_linux
> > > 272 root 15 0 19804 2076 2600 S 0.0 0.4 0:00.03
> server_linux
> > > 273 root 15 0 19804 2076 2600 S 0.0 0.4 0:01.02
> server_linux
> > what is this? - it's running as root by the way
> >
> > > 244 root 15 0 3024 1964 1820 S 0.0 0.4 0:00.00 named
> > You dont need this - and it may be doing domain reverse-lookups
> depending
> on
> > your inetd config below. Unless you really need a DNS server use a
> DNS
> > caching client instead. Incidentally, if this isnt Bind9 you are
> asking
> for
> > a root-kit.
> >
> > > 1054 clan 17 0 6164 1892 5592 R 0.0 0.4 0:00.01 sshd
> > > 1052 root 17 0 6008 1780 5592 S 0.0 0.3 0:00.01 sshd
> > > 854 clan 22 0 3400 1628 2524 S 0.0 0.3 0:00.01 perl
> > > 300 root 16 0 3096 1400 2896 S 0.0 0.3 0:00.00 sshd
> > > 1055 clan 16 0 2576 1380 2400 S 0.0 0.3 0:00.00 bash
> > > 849 clan 16 0 2692 1368 2180 S 0.0 0.3 0:00.01 screen
> > > 863 clan 16 0 2692 1368 2180 S 0.0 0.3 0:00.00 screen
> > > 230 root 16 0 2232 1240 1360 S 0.0 0.2 0:00.09 klogd
> > > 853 clan 16 0 2684 1176 2180 S 0.0 0.2 0:00.00 screen
> > > 1056 clan 16 0 2076 1032 1868 R 0.0 0.2 0:00.04 top
> > > 236 root 16 0 2376 1028 2000 S 0.0 0.2 0:00.29 pppd
> > Looks like the server is also your DSL gateway
> >
> > > 123 root 16 0 2088 1016 1752 S 0.0 0.2 0:00.00
> dhclient
> > Necessary if you have a dynamically assigned Internet IP from your DSL
> > provider - check the polling interval - unlikely to have anything to
> do
> with
> > this though.
> >
> > > 858 clan 15 0 1820 1004 592 S 0.0 0.2 0:00.93 codbot
> > > 850 clan 22 0 2296 984 2212 S 0.0 0.2 0:00.00 sh
> > > 303 root 18 0 1692 740 1524 S 0.0 0.1 0:00.00
> rpc.statd
> > Remove this NOW.
> >
> > > 311 root 16 0 1780 736 1600 S 0.0 0.1 0:00.00 cron
> > > 227 root 16 0 1576 628 1408 S 0.0 0.1 0:00.30 syslogd
> > > 308 daemon 16 0 1708 628 1544 S 0.0 0.1 0:00.00 atd
> > > 237 root 15 0 1584 608 1396 S 0.0 0.1 0:45.37 pptp
> > > 127 daemon 15 0 1740 600 1572 S 0.0 0.1 0:00.00 portmap
> > Remove this - it is a well known security exploit and is totally
> unnecessary.
> >
> > > 286 root 18 0 1612 588 1432 S 0.0 0.1 0:00.00 lpd
> > Don't need this - potential security hole also - historically there
> have
> been
> > lots of LPD exploits.
> >
> > > 239 root 16 0 1568 576 1396 S 0.0 0.1 0:00.00 pptp
> > > 282 root 21 0 1556 536 1400 S 0.0 0.1 0:00.00 inetd
> > > 1 root 16 0 1516 512 1364 S 0.0 0.1 0:03.80 init
> > > 340 root 17 0 1516 468 1352 S 0.0 0.1 0:00.00 getty
> > > 341 root 17 0 1516 468 1352 S 0.0 0.1 0:00.00 getty
> > > 342 root 17 0 1516 468 1352 S 0.0 0.1 0:00.00 getty
> > > 343 root 16 0 1516 468 1352 S 0.0 0.1 0:00.00 getty
> > > 344 root 16 0 1516 468 1352 S 0.0 0.1 0:00.00 getty
> > > 345 root 16 0 1516 468 1352 S 0.0 0.1 0:00.00 getty
> > > 860 clan 22 0 1532 456 1364 S 0.0 0.1 0:00.00 rm
> > > 2 root 34 19 0 0 0 S 0.0 0.0 0:00.00
> ksoftirqd/0
> > > 3 root 5 -10 0 0 0 S 0.0 0.0 0:00.00
> events/0
> > > 4 root 5 -10 0 0 0 S 0.0 0.0 0:00.00
> kblockd/0
> > > 5 root 25 0 0 0 0 S 0.0 0.0 0:00.00 pdflush
> > > 6 root 15 0 0 0 0 S 0.0 0.0 0:00.00 pdflush
> >
> > Also PPTP could be having an impact - I don't use it myself so I can't
> say
> > with any certainty - I have a separate box acting as
> router/firewall/IPSEC
> > gateway because tunnelling is no good to me without encryption. That
> said,
> > PPTP is in the kernel (is it still marked as experimental? I'm not
> sure)
> but
> > still has a performance overhead as it encapsulates and unencapsulates
> > packets - and here it is tracking several virtual links - do all your
> clan
> > connect over PPTP to this box - it will certainly reduce your player
> limit.
> >
> > Before you waste too much time trying to trace the cause it would be
> best
> to
> > remove all these unnecessary services.
> >
> > Also, the linux distro isnt so important as the glibc you are using.
> > What debian release are you using (stable/testing/unstable) and are
> you
> using
> > packages from more than 1 release?
> >
> > If, after you have narrowed the field of potential causes by removing
> stuff,
> > you still have a problem search every file in /var/log for evidence
> that
> > something exceptional is occuring - like errors/warnings that
> something
> can't
> > be found etc.
> >
> > You may not get much useful help from guys with big or commercial
> setups
> > because they most likely arent trying to do so many divergent tasks
> with
> the
> > one box.
> >
> > I'm sure you'll post if this is all crap - so I'll keep an eye out. I
> want to
> > run this server on one of my Debian servers anyway so if it's specific
> to
> the
> > distro I'll be keen to help you track it down.
> >
> > Dave
> >
>
More information about the Cod
mailing list