One of an administrator's goals is to make sure that a system is running at peak efficiency. If you're new to Linux, you may not know where to begin. In this article, Brien Posey shows you how to secure RedHat Enterprise Linux.
If you are a seasoned Windows administrator, then you know that although you can run Windows Server 2003 using an out of the box configuration, it doesn't necessarily mean that you should. Most administrators take the time to optimize their Windows servers to make them run more efficiently. These same principles also apply to Linux Servers. In this article, I will discuss some techniques that you can use to optimize the performance of your Linux Server.
Before I begin
It's no big secret that Linux is a complex operating system consisting of dozens of components. There is no way that I can possibly give you a full-blown discussion of Linux optimization techniques within the constraints of a single article. In fact, entire books have been written on the subject of Linux server optimization. That being the case, I will focus my discussion on how you can understand what components are running on your server, what the impact of those components is, and how to disable unnecessary components. After all, it's impossible to truly optimize a server without having a good understanding of what processes are running on that server.
Reduce the clutter
Although Linux does a convincing job of providing the illusion that applications are running simultaneously, they really aren't. It's physically impossible for a single processor, single-core machine to truly run multiple applications simultaneously. Instead, each of the tasks (threads) that are running on the system is given one or more time slices. This allows the operating system to insure that each thread receives some processor time.
For example, the operating system might allocate 100 milliseconds or so of processor time to each active thread in a round robin fashion. In doing so, processor time is divided among the running threads in a way that gives the illusion that the various processes are running simultaneously.
Being that the operating system must juggle any active threads in a way that insures that each receives enough processor time to keep the machine responsive, it only stands to reason that the fewer threads that are running on the server, the more responsive the system will be. This is because each of the remaining threads will be receiving more processor time because they are no longer competing with the threads that have been terminated.
Stopping unnecessary threads from running will help the operating system to make the best possible use of your server's processor resources, but it is also a good idea from a security stand point. There is a law of computing stating that the larger the code base, the greater the chance that it will contain a security hole. To put it simply, as you decrease the number of threads that are running on a server, you also decrease the potential attack surface.
Now that I have explained how your server can benefit from you turning off any unnecessary threads, you might be wondering how you can figure out which threads are actually running on your server. The process of figuring out what is running on the server is actually fairly simple.
The System Monitor
To do so, you will need to use the System Monitor utility. You can access the System Monitor from the Applications | System Tools menu. If the System Tools option is not present on the System Tools menu, the utility may not be installed. If necessary, you can install the System Monitor by selecting the Add / Remove Applications option from the Applications | System Settings menu. When you do, you will see the Package Management dialog box appear. Scroll through the dialog box until you locate the System section. Select the System Tools check box and click the Update button.
Once the System Monitor has been installed, open it and then select the Process Listing tab. As the name implies, the Process Listing tab lists the various processes that are running on your server.
If you are used to Administering Windows Servers, you are probably familiar with using the Windows Task Manager to display a similar list of processes. The System Monitor's Process Listing tab works similarly to the Windows Task Manager, but you can configure it to provide you with a lot more information than you typically get from Task Manager,
The first thing that you really need to pay attention to is the View drop down list (not to be confused with the View menu). The View drop down list allows you to control which processes the System Monitor displays. Your choices are All Processes, My Processes, and Active Processes. As the name implies, the All Processes tab displays all of the processes that are running on the server at the moment. The Active Processes option display the processes which are actively consuming CPU cycles at the moment.
The My Processes option displays processes related to the operating system, components running on the operating system, and applications that you are running while logged into the server. To put it simply, the My Processes option shows you all of the processes that are running on the server, except for the processes that are being run by other users.
Now that I have talked about the process view, I want to talk about the information that you are given related to each individual process. By default, the process listing tab displays six columns of information related to each individual process; Process Name, User, Memory, X Server Memory, Nice, and ID.
The Process Name field is just that – the name of the process. The unique thing that's really worth mentioning about the Process Name column is that some operating system related processes do not have a name.
As you might expect, the User column displays the name of the user who owns the process. The owner of a process is the user who spawned the process.
The information displayed in the Memory column needs a bit of explaining, so I want to come back to the Memory and X Server Memory columns in a moment. For now, let's move onto the Nice column. The Nice column displays a processes' priority.
Earlier in this article, I mentioned that the operating system assigns slices of processor time to individual threads. A process is simply a collection of one or more threads. The amount of processor time that the threads within a process actually receive depends on the processes' priority. When you assign a priority to a process in Windows, you use values such as Normal, Low, High, and Real Time.
In Linux, priorities are set using a numerical value. The lower a processes' Nice value, the higher the priority that is assigned to the process. A normal Nice value is zero. Therefore, Nice values consisting of negative numbers represent high priority processes, while processes with Nice values consisting of positive numbers have a lower priority. If you are interested in changing a process's priority, you can do so by right clicking on the process and selecting the Change Priority command from the resulting shortcut menu.
The last column displayed by default is the ID column. This column displays the process ID (sometimes called the PID). The PID is a number that uniquely identifies each individual process. The reason why the System Monitor displays the PID for each process is because many of the command line utilities that can be used to interact with individual processes require you to specify the process by PID number. Displaying the PID through the System Monitor just gives you a simple way to look up the PID should you need it.
Now that I have discussed the simpler Process Listing columns, I want to go back and talk about the Memory column that I avoided talking about earlier. The reason why I didn't want to talk about the Memory column earlier is because I think that this column is deceptive. The official description of what the Memory column displays is "The amount of memory that is currently being used by the process". OK, that's great, but as you probably know, there are multiple types of memory at use within the system at a given time. Therefore, a prudent administrator would have to wonder if the Memory column is displaying the process's use of physical memory, virtual memory, a combination of both, something else?
The good news is that it is possible to use the System Monitor to get more detailed information on exactly what type of memory each individual process is using. To do so, select the Preferences command from the System Monitor's Edit menu. When you do, you will see the Preferences properties sheet. If you select the properties sheet's Process Listing tab, you will see that it contains a section called Process Fields. This section displays a list of fields that can be displayed in relation to each process. Most of the available options are not included in the default process listing information.
So let's get back to talking about memory. If you go through the list of Process Fields, you will see that there are quite a few memory related options. The key to understanding how your server's memory is really being utilized is to know the difference between the various memory related fields. The memory related fields that are available to you are: Memory, VM Size, Resident Memory, Shared Memory, RSS Memory, and X Server Memory.
I have already talked about the Memory field, and I briefly mentioned the X Server Memory field earlier. As you have probably already guessed, the X Server Memory field simply displays the amount of X Server memory that the process is using. The other memory related fields are a little more interesting though. Incidentally, the Memory field seems to convey the cumulative total of the VM Size value (which I will talk about in a moment) and the X Server memory. I haven't been able to locate any documentation to confirm this, but the numbers check out on my test server.
The most basic memory related fields are the VM Size field and the Resident Memory field. The VM Size field displays the amount of virtual memory that has been allocated to the process, while the Resident Memory field displays the amount of physical memory that is allocated to the process. The RSS Memory field displays the amount of physical memory that is being used by the process, excluding pages that have been swapped out to virtual memory. The last memory related field that you need to be aware of is the Shared Memory field. Shared memory refers to memory that is allocated to the selected process, but that can also be accessed by another process.
As you can see, there is quite a bit of memory related information that you can get through the System Monitor. If you still want to learn more about the way that a process is using the server's memory, you can right click on the process in question and select the Memory maps command from the resulting shortcut menu.
However, there are also some other useful fields that I have yet to discuss. Two fields of particular importance are the Status and % CPU fields. The Status field shows whether the process is currently running or sleeping. The % CPU field displays the percentage of your server's total available CPU resources that the process is currently using. You can use these two fields in conjunction with each other to help gauge a process's impact on the server.
Removing unwanted processes
At the beginning of this article, I explained that if you really wanted to help your system to run with optimum efficiency, then it is important for you to shut down any unnecessary processes. If you are a Linux expert, then you can probably look at the list of processes within the System Monitor and tell exactly which ones are necessary and which ones aren't. If you are a Windows administrator that is only beginning to delve into the world of Linux though, you may not be able to determine a process's purpose just by looking at its name.
Fortunately, there are some tools available that can help you to figure out what a process is and where it is coming from. The first thing that can help you to figure out a process's purpose is the structured way in which the System Monitor displays the processes. If you are used to working with Windows systems, you might be familiar with the concept of dependencies. In a Windows environment, there are a number of system services that are dependant upon other services. These services cannot start or run unless their dependency service is also running.
Dependencies also exist in Linux, but they are displayed in a completely different manner than that used by Windows. If you look at the System Monitor's View menu, you will notice that there is an option named Process Dependencies that is enabled (by default). What this means is that the System Monitor is displaying processes in a hierarchical manner that reflects dependency processes. As you scroll through the list of processes, you might notice that the listing for some processes is indented. If the listing for a process is indented, then it means that the process is dependent on the process listed above it. If you know what some, but not all of the processes listed do, you can use the way that dependencies are listed to help to figure out which processes are important and can not be shut down.
If you still need help figuring out what a process does, then I recommend going back to the Preferences properties sheet and enabling the Arguments field. The Arguments field displays the command that launched the process. This is helpful because the Argument field usually includes the path to the process's underlying executable file. You can then use the path to figure out what the process is related to. Of course if you are still clueless in regard's to a process's purpose, you can always look it up on the Internet.
Once you are confident that a process can be shut down, I recommend right clicking on the process and selecting the End Process command from the resulting shortcut menu. This will terminate the process, but it gives you a bit of a safety margin in case you make a mistake. You have only stopped the process, you have not taken it out of your system's configuration. Therefore if you should discover that the process was something important, you can restart it by simply rebooting the server or by selecting the Run Application command from the operating system's Actions menu and entering the command listed in the Process's Arguments field.
You might have noticed the Kill Process command on the shortcut menu. The End Process option is the preferred method of stopping a process, but you can tell Linux to kill the process if it becomes stuck and does not want to terminate gracefully.