LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 11-13-2004, 11:42 AM   #1
hamish
Member
 
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720

Rep: Reputation: 30
System Using a lot of memory


Hey

I have been SSHing into my home server over broadband (28kb upload) and I have noticed a few things that I wanted to ask oyu guys.

The server is P3 800mhz with 256mb RAM. It currently runs an SSH, Apache, FTP and Samba server on it.

Firstly, every now and then the server is very laggy. This could just be connection problems, I guess.

However, I looked at top and found somethings I wanted to ask.

here is the top output

Code:
top - 17:31:29 up 72 days, 23:24,  1 user,  load average: 0.00, 0.00, 0.00
Tasks:  60 total,   1 running,  59 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.0% us,  0.3% sy,  0.0% ni, 99.7% id,  0.0% wa,  0.0% hi,  0.0% si
Mem:    255476k total,   252012k used,     3464k free,    84000k buffers
Swap:   498004k total,       20k used,   497984k free,    25056k cached
As you can see, the Mem usage is HUGE. I can't understand why it is so high when I'm not really doing that much with it.

Can anyone comment on why this is? I can print the programmes running if you wish. Also, can anyone comment on other things there. I know that the load average is very low! I need to use it more!!

The other thing concerning me is the number of attacks on my PC. Firstly, there are a LOAD of "access denied " in /var/log/messages. I seem to get an access denied about 30 or 40 times an hour.

My router (a Linksys thing) runs a firewall. But is it normal that I should get so many people/robots trying to gain access?

Here is an example of /var/log/messages from the last 10 mins:
Code:
Nov 13 17:34:47 pi smbd[14951]: [2004/11/13 17:34:47, 0] lib/access.c:check_access(333)
Nov 13 17:34:47 pi smbd[14951]:   Denied connection from  (81.152.66.12)
Nov 13 17:34:51 pi smbd[14952]: [2004/11/13 17:34:51, 0] lib/access.c:check_access(333)
Nov 13 17:34:51 pi smbd[14952]:   Denied connection from  (81.152.66.12)
Nov 13 17:35:19 pi smbd[14953]: [2004/11/13 17:35:19, 0] lib/access.c:check_access(333)
Nov 13 17:35:19 pi smbd[14953]:   Denied connection from  (81.152.66.12)
Nov 13 17:35:21 pi smbd[14954]: [2004/11/13 17:35:21, 0] lib/access.c:check_access(333)
Nov 13 17:35:21 pi smbd[14954]:   Denied connection from  (81.152.66.12)
Nov 13 17:35:25 pi smbd[14955]: [2004/11/13 17:35:25, 0] lib/access.c:check_access(333)
Nov 13 17:35:25 pi smbd[14955]:   Denied connection from  (81.152.66.12)
Nov 13 17:35:47 pi smbd[14956]: [2004/11/13 17:35:47, 0] lib/access.c:check_access(333)
Nov 13 17:35:47 pi smbd[14956]:   Denied connection from  (81.152.66.12)
Nov 13 17:35:49 pi smbd[14957]: [2004/11/13 17:35:49, 0] lib/access.c:check_access(333)
Nov 13 17:35:49 pi smbd[14957]:   Denied connection from  (81.152.66.12)
Nov 13 17:35:52 pi smbd[14958]: [2004/11/13 17:35:52, 0] lib/access.c:check_access(333)
Nov 13 17:35:52 pi smbd[14958]:   Denied connection from  (81.152.66.12)
Nov 13 17:36:19 pi smbd[14959]: [2004/11/13 17:36:19, 0] lib/access.c:check_access(333)
Nov 13 17:36:19 pi smbd[14959]:   Denied connection from  (81.152.66.12)
Nov 13 17:36:21 pi smbd[14960]: [2004/11/13 17:36:21, 0] lib/access.c:check_access(333)
Nov 13 17:36:21 pi smbd[14960]:   Denied connection from  (81.152.66.12)
Nov 13 17:36:25 pi smbd[14961]: [2004/11/13 17:36:25, 0] lib/access.c:check_access(333)
Nov 13 17:36:25 pi smbd[14961]:   Denied connection from  (81.152.66.12)
Nov 13 17:36:30 pi su(pam_unix)[14881]: session closed for user db
Nov 13 17:36:34 pi su(pam_unix)[14962]: session opened for user root by hamish(uid=1000)
Nov 13 17:38:28 pi smbd[14968]: [2004/11/13 17:38:28, 0] lib/access.c:check_access(333)
Nov 13 17:38:28 pi smbd[14968]:   Denied connection from  (81.152.66.12)
Nov 13 17:38:30 pi smbd[14969]: [2004/11/13 17:38:30, 0] lib/access.c:check_access(333)
Nov 13 17:38:30 pi smbd[14969]:   Denied connection from  (81.152.66.12)
Nov 13 17:38:33 pi smbd[14970]: [2004/11/13 17:38:33, 0] lib/access.c:check_access(333)
Nov 13 17:38:33 pi smbd[14970]:   Denied connection from  (81.152.66.12)
Nov 13 17:38:49 pi smbd[14971]: [2004/11/13 17:38:49, 0] lib/access.c:check_access(333)
Nov 13 17:38:49 pi smbd[14971]:   Denied connection from  (81.152.66.12)
Nov 13 17:38:54 pi smbd[14972]: [2004/11/13 17:38:54, 0] lib/access.c:check_access(333)
Nov 13 17:38:54 pi smbd[14972]:   Denied connection from  (81.152.66.12)
Nov 13 17:39:01 pi smbd[14973]: [2004/11/13 17:39:01, 0] lib/access.c:check_access(333)
Nov 13 17:39:01 pi smbd[14973]:   Denied connection from  (81.152.66.12)
Nov 13 17:39:16 pi smbd[14974]: [2004/11/13 17:39:16, 0] lib/access.c:check_access(333)
Nov 13 17:39:16 pi smbd[14974]:   Denied connection from  (81.152.66.12)
Nov 13 17:39:18 pi smbd[14975]: [2004/11/13 17:39:18, 0] lib/access.c:check_access(333)
Nov 13 17:39:18 pi smbd[14975]:   Denied connection from  (81.152.66.12)
Nov 13 17:39:22 pi smbd[14976]: [2004/11/13 17:39:22, 0] lib/access.c:check_access(333)
Nov 13 17:39:22 pi smbd[14976]:   Denied connection from  (81.152.66.12)
Nov 13 17:39:35 pi sshd[14977]: Accepted password for hamish from 82.41.11.139 port 1620 ssh2
Nov 13 17:39:38 pi su(pam_unix)[14986]: session opened for user root by hamish(uid=1000)
Thanks for all suggestions you might have for me.

Hamish
 
Old 11-13-2004, 12:33 PM   #2
canyon289
Member
 
Registered: Sep 2004
Posts: 125

Rep: Reputation: 15
linux works like that
it always uses up most of the ram because the kernel works something like this
this isnt an expert explanation but the kernel kills the oldest process not in use when you open up a new process
something in the complications of this explains why linux is so efficient
 
Old 11-13-2004, 12:54 PM   #3
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
The memory consumption is pretty normal for a linux box. If you run top and press M you can see if any one proccess is eating large ammounts of memory but it is unlikely.

As for the smb connections it is most likey the result of an infected machine on the internet looking for open shares and assuming you are a windows box. Personally I wouldn't run a service like smb over the internet. The only 2 I sould usually consider are ssh and http. Obviously smtp if you need to run an incomming mail server but it is often a target for awsting bandwidth if somebody tries to use you as a relay (even if they don't succede your bandwidth is used).
 
Old 11-13-2004, 01:50 PM   #4
exvor
Senior Member
 
Registered: Jul 2004
Location: Phoenix, Arizona
Distribution: LFS-Version SVN-20091202, Arch 2009.08
Posts: 1,484

Rep: Reputation: 66
memory

Humm well i dunno about linux using most of the ram but probably having 60 processes has something to do with it. Even if a process is sleeping it still uses ram. On my laptop here running slack10 i have 21 total processes with 45492k of avail memrory and only 24616k is used.

Im no memory expert ither tho but would be interested in learning more about linux memory management.



Also is there a way of top showing how much memory each process is actually using or does it only show % ?
 
Old 11-14-2004, 04:20 AM   #5
hamish
Member
 
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720

Original Poster
Rep: Reputation: 30
Hey

Thanks for all the help. The SMB connection doesn't run over the internet. Because my box is a DMZ the INternet can see it (as far as I understand), but only computers with my local IPs can access the SMB server.

Thanks
hamish
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
debian sarge server uses a lot of memory cccc Debian 2 08-08-2005 04:56 PM
Firefox using a lot of system resources Mr. New Linux - Newbie 1 01-15-2005 09:45 PM
suse has a lot of memory leaks!!! pradeepmenon777 Suse/Novell 5 11-15-2004 02:15 AM
Does kde use a lot of memory? codec Linux - General 5 10-28-2003 07:16 AM
RH consumpted a lot of memory..... yenonn Linux - General 10 08-07-2003 09:40 PM


All times are GMT -5. The time now is 11:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration