Re: [opensuse-security] mandb is possibly compromised
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 El 2008-10-24 a las 17:49 -0700, Clint Moffatt escribió: Please, remember to reply to the list, not in private.
Hi Carlos,
Thanks for the prompt reply. I thought the mandb was causing the system freeze, as it was using 40% CPU and rising when it freezes. If I did not kill it last time, then it would have probably caused it to freeze again. Powering off is the only thing I can do to get it back once it has completely frozen. I hope this gives more information as to what is happening.
Well, you may have a problem, but not a security one, I think. That being so, you may get more replies in the standard mail list. There are a series of processes that run every day, about the same hour, and one of them is this mandb. Some of these processes are disk-intensive (like locatedb), and in some cases can slow your system dramatically. Not crash the system, but slow it down: specially if the disk is big and slow, and memory is scarce. The mandb process should not be problematic. Maybe you can help it by deleting some files, maybe /var/cache/man/, but of this I'm not sure. You can make a backup of that entire directory path, delete the files (not directories), and wait for changes. But first look at the logs for clues. - -- Saludos Carlos E.R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkkCdNAACgkQtTMYHG2NR9UCuACfcBKri8tpjeJTe9iKdFGD+CCv 8bwAn2BPeraAb7Cje4F+GPOzivNxVFIL =bg+o -----END PGP SIGNATURE-----
Carlos E. R. wrote:
El 2008-10-24 a las 17:49 -0700, Clint Moffatt escribió:
Please, remember to reply to the list, not in private.
Hi Carlos,
Thanks for the prompt reply. I thought the mandb was causing the system freeze, as it was using 40% CPU and rising when it freezes. If I did not kill it last time, then it would have probably caused it to freeze again. Powering off is the only thing I can do to get it back once it has completely frozen. I hope this gives more information as to what is happening.
Well, you may have a problem, but not a security one, I think. That being so, you may get more replies in the standard mail list.
There are a series of processes that run every day, about the same hour, and one of them is this mandb. Some of these processes are disk-intensive (like locatedb), and in some cases can slow your system dramatically. Not crash the system, but slow it down: specially if the disk is big and slow, and memory is scarce.
The mandb process should not be problematic. Maybe you can help it by deleting some files, maybe /var/cache/man/, but of this I'm not sure. You can make a backup of that entire directory path, delete the files (not directories), and wait for changes.
But first look at the logs for clues.
I have observed apparent "frozen state" on occasion, as well, most typically when Kerry Beagle runs in the background. Besides finding a way to set such processes (or the ones listed by the originator of the thread) to a lower priority, I have found some apparent partial relief (system appears slow, not frozen) by experimenting with the swappiness parameter. To do so for the current session, as root execute: # echo "N" > /proc/sys/vm/swappiness where N is an integer between 0 and 100. For persistence across reboot, edit the file /etc/sysctl.conf (again as root or with sudo). Change or add the line for swappiness: vm.swappiness = N again where N is an integer between 0 and 100.. I believe default is 60 in openSUSE 10.3, and higher values of N are a greater tendency to allow swapping. It is a subject that has been open to debate by members of the Linux community with more experience than I have in such matters. Some believe that the default is right, some believe all you can get is better, and some believe that the least amount necessary gives the best performance. Even some kernel developer types seem to not be in full agreement. I ended up just experimenting. Currently I have it set persistently to 0 and it seems to give better interactive performance. I did experiment with 100 and wasn't impressed with those results. YMMV. -- Dan Goodman Senior Systems Administrator Burlington Coat Factory Warehouse Dan dot Goodman @t coat dot. com (because I believe most address harvesters know how to sed " dot " -> "." and " at " ->"@") -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Monday 27 October 2008 09:59:41 am Dan Goodman wrote:
... I have observed apparent "frozen state" on occasion, as well, most typically when Kerry Beagle runs in the background.
Besides finding a way to set such processes (or the ones listed by the originator of the thread) to a lower priority, I have found some apparent partial relief (system appears slow, not frozen) by experimenting with the swappiness parameter. .... It is a subject that has been open to debate by members of the Linux community with more experience than I have in such matters. Some believe that the default is right, some believe all you can get is better, and some believe that the least amount necessary gives the best performance. Even some kernel developer types seem to not be in full agreement. ...
What is the optimal value will depend on hardware configuration. With single hard disk it is good to have some swap, just in case, but tendency to swap should be as low as possible. There is a single head that is serving swap and other areas of hard disk. Some other combination will be better with different values. -- Regards, Rajko -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2008-10-25 at 03:22 +0200, Carlos E. R. wrote:
Well, you may have a problem, but not a security one, I think. That being so, you may get more replies in the standard mail list.
There are a series of processes that run every day, about the same hour, and one of them is this mandb. Some of these processes are disk-intensive (like locatedb), and in some cases can slow your system dramatically. Not crash the system, but slow it down: specially if the disk is big and slow, and memory is scarce.
Yesterday I noticed when mandb was running, and I saw that its used memory was increasing slowly. At the end (several minutes), I think it was using 300 MB, which is quite a lot. I was not aware that is was so intensive. The OP surely has a point. The script that calls it is quite carefull (/etc/cron.daily/suse-do_mandb): renice +5 -p$$ > /dev/null || true ionice -c 3 -p$$ > /dev/null || true The first call makes it use less cpu, the second less disk resources. Clint, you can try to use a renice value of 15, see if that makes things easier. How much memory do you have? Make sure you have some swap, too. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkkF5SsACgkQtTMYHG2NR9XSygCeMSB90yEgeWZMy1YnSTPETRlP +fIAoIGP0R/H7Dvd2FReMM50zrcsWkRr =Imj+ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (3)
-
Carlos E. R.
-
Dan Goodman
-
Rajko M.