Maintaining a Clean System

Memory Management

1. Compile a custom kernel for your system with only the drivers you require

2. Remove virtual consoles your not using.
   Comment these lines out of your /etc/inittab file:

   # Run gettys in standard runlevels
   1:1234:respawn:/sbin/getty tty1 VC linux
   2:234:respawn:/sbin/getty tty2 VC linux
   #3:234:respawn:/sbin/getty tty3 VC linux
   #4:234:respawn:/sbin/getty tty4 VC linux
   #5:234:respawn:/sbin/getty tty5 VC linux
   #6:234:respawn:/sbin/getty tty6 VC linux
   

   Send init the signal to reread the inittab file:

   [root@bluenote /dev]# kill -HUP 1
   

3. Remove daemons and other programs not needed from startup scripts. These programs live in /etc/rc.d on some systems and /etc/rc.d/rc?.d (where ? represents a run level 0,1,2,3,4,5,6).
   top output from my development machine:

   7:52pm  up 6 min,  1 user,  load average: 0.00, 0.08, 0.05
   23 processes: 22 sleeping, 1 running, 0 zombie, 0 stopped
   CPU states:  3.7% user,  2.8% system,  6.5% nice, 93.5% idle
   Mem:  31284K av,  8080K used, 23204K free,  7264K shrd,  3588K buf
   Swap: 32124K av,     0K used, 32124K free
   
     PID USER     PRI  NI SIZE  RES SHRD STAT %CPU %MEM  TIME COMMAND
     214 root      19  15  960  512  332 R     6.5  1.6  0:00 top
       1 root      29  15  888  364  252 S     0.0  1.1  0:16 init [3]
     185 root      24  15 1236  752  548 S     0.0  2.4  0:00 -bash
     186 root      28  15  920  384  264 S     0.0  1.2  0:00 /sbin/getty tty2 VC 
      50 root      30  15  924  444  292 S     0.0  1.4  0:00 syslogd
      59 root      30  15  992  492  268 S     0.0  1.5  0:00 klogd
      70 root      30  15  908  436  296 S     0.0  1.3  0:00 crond
      82 bin       30  15  912  392  272 S     0.0  1.2  0:00 rpc.portmap
      91 root      30  15  916  408  260 S     0.0  1.3  0:00 inetd
     102 root      30  15  944  456  312 S     0.0  1.4  0:00 rpc.mountd
     111 root      30  15  972  464  316 S     0.0  1.4  0:00 rpc.nfsd
     127 root      30  15 1288  704  484 S     0.0  2.2  0:00 sendmail: accepting 
     139 root      30  15 1112  572  504 S     0.0  1.8  0:00 httpd
     151 root      30  15  908  372  260 S     0.0  1.1  0:00 lpd
     163 root      29  15 1152  576  360 S     0.0  1.8  0:00 smbd -D
     149 nobody    30  15 1112  548  488 S     0.0  1.7  0:00 httpd
     172 root      29  15 1004  528  352 S     0.0  1.6  0:00 nmbd -D
     187 root      28  15  920  384  264 S     0.0  1.2  0:00 /sbin/getty tty3 VC 
   

   ps -alx output from the same host:

    F    UID   PID  PPID PRI NI SIZE  RSS WCHAN      STAT TTY   TIME COMMAND
     0     0     1     0  30 15  892  368 12c89c     S     ?    0:17 init [3]      
     0     0    50     1  30 15  924  444 12c89c     S     ?    0:00 syslogd
     0     0    59     1  30 15  992  492 110be8     S     ?    0:00 klogd
     0     0    70     1  30 15  908  436 109d84     S     ?    0:00 crond
     0     1    82     1  30 15  912  392 12c89c     S     ?    0:00 rpc.portmap
     0     0    91     1  30 15  916  408 12c89c     S     ?    0:00 inetd
     0     0   102     1  30 15  944  452 12c89c     S     ?    0:00 rpc.mountd
     0     0   111     1  30 15  972  460 12c89c     S     ?    0:00 rpc.nfsd
     0     0   127     1  29 15 1288  704 110be8     S     ?    0:00 sendmail: acce
     0     0   139     1  30 15 1112  572 115b06     S     ?    0:00 httpd
     0     0   151     1  30 15  908  372 12c89c     S     ?    0:00 lpd
     0     0   163     1  30 15 1152  576 110be8     S     ?    0:00 smbd -D
     0     0   172     1  30 15 1004  528 12c89c     S     ?    0:00 nmbd -D
     0     0   185     1  30 15 1248  764 115b06     S    v01   0:00 -bash
     0     0   187     1  30 15  920  384 1866db     S    v03   0:00 /sbin/getty tt
     0     0   188     1  30 15  920  384 1866db     S    v04   0:00 /sbin/getty tt
     0     0   189     1  30 15  920  372 1866db     S    v05   0:00 /sbin/getty tt
     0     0   190     1  30 15  920  372 1866db     S    v06   0:00 /sbin/getty tt
     0     0   191     1  30 15  860  292 110be8     S     ?    0:00 bdflush (daemo
     0     0   192     1  30 15  860  296 109d84     S     ?    0:00 update (bdflus
     0     0   408     1  30 15  920  384 1866db     S    v02   0:00 /sbin/getty tt
     0    99   149   139  30 15 1112  548 110be8     S     ?    0:00 httpd
     0     0   581   185  18 15  892  332 0          R    v01   0:00 ps -alx
   

   free output from a machine after pruning unecessary daemons:

                total       used       free     shared    buffers
   Mem:          6868       3848       3020       3052       2000
   -/+ buffers:             1848       5020
   Swap:        22172          0      22172
   

4. Use memory conscious programs with sane settings.

   Program	Memory Size
   rxvt	1696
   rxvt -sl 4096	3292
   xterm	1884
   xterm -sb -sl 4096	2548
   nxterm	5916
   nxterm -sb -sl 4096	7196

Disk Management

1. Prevent/Control utilities from creating files.
   Stop man from creating preformatted man pages (man will create preformatted man pages in /var/catman if it exists):

   [root@bluenote /root]# mv /var/catman /var/Catman
   

   Clean up font files that xdvi leaves behind:

   [root@bluenote /root]# rm -f /var/lib/texmf/fonts/pk/ljfour/*
   

2. Archive/Remove the log files created in /var/log.

3. Remove regular files 5 days old from /tmp and regular files 30 days old from /var/tmp (some versions of Linux have shell commands to remove all files from /tmp at boot time, but that method doesn't prevent files from accumulating in /tmp during a prolonged uptime and could cause important files to be removed after a system crash).

   [root@bluenote /root]# find /tmp -type f -mtime +5 -exec rm -f {} \;
   [root@bluenote /root]# find /var/tmp -type f -mtime +30 -exec rm -f {} \;
   

4. Use du to select the best candidate for cleaning house on a full disk partitions.

   [root@bluenote /root]# du -sk /usr/local/* | sort -rn  
   93682   /usr/local/backups
   83092   /usr/local/gp
   54894   /usr/local/src
   36696   /usr/local/postgres95
   14295   /usr/local/sounds
   10262   /usr/local/develop
   9316    /usr/local/web
   5096    /usr/local/solaris
   4776    /usr/local/pics
   3174    /usr/local/lib
   1598    /usr/local/bin
   1029    /usr/local/man
   791     /usr/local/archive
   12      /usr/local/lost+found
   1       /usr/local/sbin
   1       /usr/local/info
   1       /usr/local/games
   1       /usr/local/etc
   1       /usr/local/doc
   

5. strip large binaries.

   [root@bluenote postgres95]# du -sk bin/
   11122   bin
   [root@bluenote postgres95]# strip bin/*
   strip: cleardbdir: File format not recognized
   strip: createdb: File format not recognized
   strip: createuser: File format not recognized
   strip: destroydb: File format not recognized
   strip: destroyuser: File format not recognized
   strip: initdb: File format not recognized
   [root@bluenote postgres95]# du -sk bin/
   1120    bin
   

6. Use gzip with the highest level of compression: gzip -9.

User Management

1. Just don't allow any.

2. limit and ulimit
   limit is a csh builtin and ulimit is a bourne/ksh/bash shell builtin. Both limits allow hard limits to be set that cannot be overridden. These limits should be set in system profile or login files so that users cannot change them.
   limit example:

   83 22:31/home/code> limit
   cputime         unlimited
   filesize        unlimited
   datasize        unlimited
   stacksize       8192 kbytes
   coredumpsize    1000000 kbytes
   memoryuse       unlimited
   descriptors     256 
   maxproc         256 
   84 22:31/home/code> limit coredumpsize 0
   85 22:31/home/code> limit
   cputime         unlimited
   filesize        unlimited
   datasize        unlimited
   stacksize       8192 kbytes
   coredumpsize    0 kbytes
   memoryuse       unlimited
   descriptors     256 
   maxproc         256 
   

   ulimit example:

   22:28:34[postgres]~> ulimit -a
   core file size (blocks)  1000000
   data seg size (kbytes)   unlimited
   file size (blocks)       unlimited
   max memory size (kbytes) unlimited
   stack size (kbytes)      8192
   cpu time (seconds)       unlimited
   max user processes       256
   pipe size (512 bytes)    8
   open files               256
   virtual memory (kbytes)  2105343
   22:35:06[postgres]~> ulimit -c 0
   22:35:14[postgres]~> ulimit -a
   core file size (blocks)  0
   data seg size (kbytes)   unlimited
   file size (blocks)       unlimited
   max memory size (kbytes) unlimited
   stack size (kbytes)      8192
   cpu time (seconds)       unlimited
   max user processes       256
   pipe size (512 bytes)    8
   open files               256
   virtual memory (kbytes)  2105343
   

Last Modified: 17 April 1996