Maintaining a Clean System

Memory Management

  1. Compile a custom kernel for your system with only the drivers you require

  2. Remove virtual consoles your not using.

    Comment these lines out of your /etc/inittab file:
    # Run gettys in standard runlevels
    1:1234:respawn:/sbin/getty tty1 VC linux
    2:234:respawn:/sbin/getty tty2 VC linux
    #3:234:respawn:/sbin/getty tty3 VC linux
    #4:234:respawn:/sbin/getty tty4 VC linux
    #5:234:respawn:/sbin/getty tty5 VC linux
    #6:234:respawn:/sbin/getty tty6 VC linux
    
    Send init the signal to reread the inittab file:
    [root@bluenote /dev]# kill -HUP 1
    

  3. Remove daemons and other programs not needed from startup scripts. These programs live in /etc/rc.d on some systems and /etc/rc.d/rc?.d (where ? represents a run level 0,1,2,3,4,5,6).

    top output from my development machine:
    7:52pm  up 6 min,  1 user,  load average: 0.00, 0.08, 0.05
    23 processes: 22 sleeping, 1 running, 0 zombie, 0 stopped
    CPU states:  3.7% user,  2.8% system,  6.5% nice, 93.5% idle
    Mem:  31284K av,  8080K used, 23204K free,  7264K shrd,  3588K buf
    Swap: 32124K av,     0K used, 32124K free
    
      PID USER     PRI  NI SIZE  RES SHRD STAT %CPU %MEM  TIME COMMAND
      214 root      19  15  960  512  332 R     6.5  1.6  0:00 top
        1 root      29  15  888  364  252 S     0.0  1.1  0:16 init [3]
      185 root      24  15 1236  752  548 S     0.0  2.4  0:00 -bash
      186 root      28  15  920  384  264 S     0.0  1.2  0:00 /sbin/getty tty2 VC 
       50 root      30  15  924  444  292 S     0.0  1.4  0:00 syslogd
       59 root      30  15  992  492  268 S     0.0  1.5  0:00 klogd
       70 root      30  15  908  436  296 S     0.0  1.3  0:00 crond
       82 bin       30  15  912  392  272 S     0.0  1.2  0:00 rpc.portmap
       91 root      30  15  916  408  260 S     0.0  1.3  0:00 inetd
      102 root      30  15  944  456  312 S     0.0  1.4  0:00 rpc.mountd
      111 root      30  15  972  464  316 S     0.0  1.4  0:00 rpc.nfsd
      127 root      30  15 1288  704  484 S     0.0  2.2  0:00 sendmail: accepting 
      139 root      30  15 1112  572  504 S     0.0  1.8  0:00 httpd
      151 root      30  15  908  372  260 S     0.0  1.1  0:00 lpd
      163 root      29  15 1152  576  360 S     0.0  1.8  0:00 smbd -D
      149 nobody    30  15 1112  548  488 S     0.0  1.7  0:00 httpd
      172 root      29  15 1004  528  352 S     0.0  1.6  0:00 nmbd -D
      187 root      28  15  920  384  264 S     0.0  1.2  0:00 /sbin/getty tty3 VC 
    
    ps -alx output from the same host:
     F    UID   PID  PPID PRI NI SIZE  RSS WCHAN      STAT TTY   TIME COMMAND
      0     0     1     0  30 15  892  368 12c89c     S     ?    0:17 init [3]      
      0     0    50     1  30 15  924  444 12c89c     S     ?    0:00 syslogd
      0     0    59     1  30 15  992  492 110be8     S     ?    0:00 klogd
      0     0    70     1  30 15  908  436 109d84     S     ?    0:00 crond
      0     1    82     1  30 15  912  392 12c89c     S     ?    0:00 rpc.portmap
      0     0    91     1  30 15  916  408 12c89c     S     ?    0:00 inetd
      0     0   102     1  30 15  944  452 12c89c     S     ?    0:00 rpc.mountd
      0     0   111     1  30 15  972  460 12c89c     S     ?    0:00 rpc.nfsd
      0     0   127     1  29 15 1288  704 110be8     S     ?    0:00 sendmail: acce
      0     0   139     1  30 15 1112  572 115b06     S     ?    0:00 httpd
      0     0   151     1  30 15  908  372 12c89c     S     ?    0:00 lpd
      0     0   163     1  30 15 1152  576 110be8     S     ?    0:00 smbd -D
      0     0   172     1  30 15 1004  528 12c89c     S     ?    0:00 nmbd -D
      0     0   185     1  30 15 1248  764 115b06     S    v01   0:00 -bash
      0     0   187     1  30 15  920  384 1866db     S    v03   0:00 /sbin/getty tt
      0     0   188     1  30 15  920  384 1866db     S    v04   0:00 /sbin/getty tt
      0     0   189     1  30 15  920  372 1866db     S    v05   0:00 /sbin/getty tt
      0     0   190     1  30 15  920  372 1866db     S    v06   0:00 /sbin/getty tt
      0     0   191     1  30 15  860  292 110be8     S     ?    0:00 bdflush (daemo
      0     0   192     1  30 15  860  296 109d84     S     ?    0:00 update (bdflus
      0     0   408     1  30 15  920  384 1866db     S    v02   0:00 /sbin/getty tt
      0    99   149   139  30 15 1112  548 110be8     S     ?    0:00 httpd
      0     0   581   185  18 15  892  332 0          R    v01   0:00 ps -alx
    
    free output from a machine after pruning unecessary daemons:
                 total       used       free     shared    buffers
    Mem:          6868       3848       3020       3052       2000
    -/+ buffers:             1848       5020
    Swap:        22172          0      22172
    

  4. Use memory conscious programs with sane settings.

    ProgramMemory Size
    rxvt1696
    rxvt -sl 40963292
    xterm1884
    xterm -sb -sl 40962548
    nxterm5916
    nxterm -sb -sl 40967196


Disk Management

  1. Prevent/Control utilities from creating files.

    Stop man from creating preformatted man pages (man will create preformatted man pages in /var/catman if it exists):
    [root@bluenote /root]# mv /var/catman /var/Catman
    
    Clean up font files that xdvi leaves behind:
    [root@bluenote /root]# rm -f /var/lib/texmf/fonts/pk/ljfour/*
    

  2. Archive/Remove the log files created in /var/log.

  3. Remove regular files 5 days old from /tmp and regular files 30 days old from /var/tmp (some versions of Linux have shell commands to remove all files from /tmp at boot time, but that method doesn't prevent files from accumulating in /tmp during a prolonged uptime and could cause important files to be removed after a system crash).

    [root@bluenote /root]# find /tmp -type f -mtime +5 -exec rm -f {} \;
    [root@bluenote /root]# find /var/tmp -type f -mtime +30 -exec rm -f {} \;
    

  4. Use du to select the best candidate for cleaning house on a full disk partitions.

    [root@bluenote /root]# du -sk /usr/local/* | sort -rn  
    93682   /usr/local/backups
    83092   /usr/local/gp
    54894   /usr/local/src
    36696   /usr/local/postgres95
    14295   /usr/local/sounds
    10262   /usr/local/develop
    9316    /usr/local/web
    5096    /usr/local/solaris
    4776    /usr/local/pics
    3174    /usr/local/lib
    1598    /usr/local/bin
    1029    /usr/local/man
    791     /usr/local/archive
    12      /usr/local/lost+found
    1       /usr/local/sbin
    1       /usr/local/info
    1       /usr/local/games
    1       /usr/local/etc
    1       /usr/local/doc
    

  5. strip large binaries.
    [root@bluenote postgres95]# du -sk bin/
    11122   bin
    [root@bluenote postgres95]# strip bin/*
    strip: cleardbdir: File format not recognized
    strip: createdb: File format not recognized
    strip: createuser: File format not recognized
    strip: destroydb: File format not recognized
    strip: destroyuser: File format not recognized
    strip: initdb: File format not recognized
    [root@bluenote postgres95]# du -sk bin/
    1120    bin
    

  6. Use gzip with the highest level of compression: gzip -9.


User Management

  1. Just don't allow any.

  2. limit and ulimit

    limit is a csh builtin and ulimit is a bourne/ksh/bash shell builtin. Both limits allow hard limits to be set that cannot be overridden. These limits should be set in system profile or login files so that users cannot change them.

    limit example:
    83 22:31/home/code> limit
    cputime         unlimited
    filesize        unlimited
    datasize        unlimited
    stacksize       8192 kbytes
    coredumpsize    1000000 kbytes
    memoryuse       unlimited
    descriptors     256 
    maxproc         256 
    84 22:31/home/code> limit coredumpsize 0
    85 22:31/home/code> limit
    cputime         unlimited
    filesize        unlimited
    datasize        unlimited
    stacksize       8192 kbytes
    coredumpsize    0 kbytes
    memoryuse       unlimited
    descriptors     256 
    maxproc         256 
    
    ulimit example:
    22:28:34[postgres]~> ulimit -a
    core file size (blocks)  1000000
    data seg size (kbytes)   unlimited
    file size (blocks)       unlimited
    max memory size (kbytes) unlimited
    stack size (kbytes)      8192
    cpu time (seconds)       unlimited
    max user processes       256
    pipe size (512 bytes)    8
    open files               256
    virtual memory (kbytes)  2105343
    22:35:06[postgres]~> ulimit -c 0
    22:35:14[postgres]~> ulimit -a
    core file size (blocks)  0
    data seg size (kbytes)   unlimited
    file size (blocks)       unlimited
    max memory size (kbytes) unlimited
    stack size (kbytes)      8192
    cpu time (seconds)       unlimited
    max user processes       256
    pipe size (512 bytes)    8
    open files               256
    virtual memory (kbytes)  2105343
    


Last Modified: 17 April 1996

St. Louis Unix Users Group - Linux SIG