Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
tutorials:vps_debian [2012/01/28 20:39] memnontutorials:vps_debian [2012/02/01 13:39] (current) – Import latest addition from sdf memnon
Line 9: Line 9:
   * [[#Package Management]]   * [[#Package Management]]
   * [[#Firewall Setup]]   * [[#Firewall Setup]]
 +  * [[#Software and Distribution Updating]]
 +  * [[#Reducing Memory Usage]]
  
 ===== Basics ===== ===== Basics =====
Line 138: Line 140:
  
   # chmod 755 /etc/network/if-pre-up.d/firewall   # chmod 755 /etc/network/if-pre-up.d/firewall
 +  
 +===== Software and Distribution Updating =====
 +
 +To update your system, run the following commands:
 +  apt-get update
 +  apt-get dist-upgrade -y 
 +  
 +===== Reducing Memory Usage=====
 +
 +If you are using a 128MB slice, it's a good idea to reduce the memory usage of some processes or even disable them.
 +
 +=== cron and at ===
 +You might not need one or both of those, so you can deactivate them with
 +
 +  # update-rc.d -f atd remove
 +  # update-rc.d -f cron remove
 +
 +This frees up ca. 7MB (if both are deactivated).
 +
 +=== getty / virtual terminals ===
 +This being a virtual system, you won't need getty on tty1-6. In order to eliminate them, edit /etc/inittab and modify the corresponding lines like this:
 +
 +  co:2345:respawn:/sbin/getty hvc0 9600 linux
 +
 +  #1:2345:respawn:/sbin/getty 38400 tty1
 +  #2:23:respawn:/sbin/getty 38400 tty2
 +  #3:23:respawn:/sbin/getty 38400 tty3
 +  #4:23:respawn:/sbin/getty 38400 tty4
 +  #5:23:respawn:/sbin/getty 38400 tty5
 +  #6:23:respawn:/sbin/getty 38400 tty6
 +
 +You need to keep the line with hvc0 so you can attach a serial console from vps.sdf.org to your vps. This frees up ca. 10MB. 
 +
 +=== rsyslogd ===
 +rsyslogd eats a lot of memory by default (26MB on my vps) which can be reduced by the usage of ulimit. Edit /etc/init.d/rsyslog and include the following line just before the command where rsyslogd will be started:
 +
 +  ulimit -s 256
 +
 +Example:
 +
 +<code>
 +case "$1" in
 +  start)
 +        ulimit -s 256
 +        log_daemon_msg "Starting $DESC" "$RSYSLOGD"
 +        create_xconsole
 +        do_start
 +        case "$?" in
 +                0) sendsigs_omit
 +                   log_end_msg 0 ;;
 +                1) log_progress_msg "already started"
 +                   log_end_msg 0 ;;
 +                *) log_end_msg 1 ;;
 +        esac
 +
 +        ;;
 +</code>
 +This frees up about 23MB. 
 +
 +=== portmap ===
 +I don't need portmap, so i removed it completely:
 +
 +  apt-get remove --purge portmap
 +
 +=== openssh vs. dropbear ===
 +If you dont need all the extra features openssh has compared to dropbear, you can reduce memory consumption from 23MB to 5MB while being connected with 1 non-root user to the system by replacing openssh with dropbear.
 +
 +  apt-get install dropbear
 +
 +Edit /etc/defaults/dropbear and set NO_START to 0 and add the extra args "-w -s -g" to disallow root and password logins (You'll be only able to login with a non root user and ssh keys):
 +<code>
 +# disabled because OpenSSH is installed
 +# change to NO_START=0 to enable Dropbear
 +NO_START=0
 +
 +# the TCP port that Dropbear listens on
 +DROPBEAR_PORT=22
 +
 +# any additional arguments for Dropbear
 +DROPBEAR_EXTRA_ARGS="-w -s -g"
 +
 +# specify an optional banner file containing a message to be
 +# sent to clients before they connect, such as "/etc/issue.net"
 +DROPBEAR_BANNER=""
 +
 +# RSA hostkey file (default: /etc/dropbear/dropbear_rsa_host_key)
 +#DROPBEAR_RSAKEY="/etc/dropbear/dropbear_rsa_host_key"
 +
 +# DSS hostkey file (default: /etc/dropbear/dropbear_dss_host_key)
 +#DROPBEAR_DSSKEY="/etc/dropbear/dropbear_dss_host_key"
 +
 +# Receive window size - this is a tradeoff between memory and
 +# network performance
 +DROPBEAR_RECEIVE_WINDOW=65536
 +</code>
 +
 +Afterwards, you can deactivate openssh with
 +
 +  update-rc.d ssh remove
 +
 +or uninstall it: 
 +
 +  apt-get remove openssh-server