[LBo] Removing unneeded processes (Re: QnA Digest, Vol 11, Issue 7)
Randy Kramer
rhkramer at gmail.com
Wed Jul 11 17:29:14 CEST 2007
On Tuesday 10 July 2007 09:56 am, netsecurity at sound-by-design.com wrote:
> Per request the output of ps -Al with nothing running but a terminal:
>
> F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
> 4 S 0 1 0 0 76 0 - 391 - ? 00:00:00 init
> 1 S 0 2 1 0 94 19 - 0 ksofti ? 00:00:00
ksoftirqd/0
> 5 S 0 3 1 0 -40 - - 0 - ? 00:00:00 watchdog/0
> 1 S 0 4 1 0 70 -5 - 0 worker ? 00:00:00 events/0
> 1 S 0 5 1 0 70 -5 - 0 worker ? 00:00:00 khelper
> 1 S 0 6 1 0 71 -5 - 0 worker ? 00:00:00 kthread
> 1 S 0 8 6 0 70 -5 - 0 worker ? 00:00:00 kblockd/0
> 1 S 0 25 6 0 70 -5 - 0 hub_th ? 00:00:00 khubd
> 1 S 0 91 6 0 80 0 - 0 pdflus ? 00:00:00 pdflush
> 1 S 0 92 6 0 75 0 - 0 pdflus ? 00:00:00 pdflush
> 1 S 0 94 6 0 77 -5 - 0 worker ? 00:00:00 aio/0
> 1 S 0 93 1 0 85 0 - 0 kswapd ? 00:00:00 kswapd0
> 1 S 0 95 1 0 85 0 - 0 jfsIOW ? 00:00:00 jfsIO
> 1 S 0 96 1 0 85 0 - 0 jfs_la ? 00:00:00 jfsCommit
> 1 S 0 97 1 0 85 0 - 0 jfs_sy ? 00:00:00 jfsSync
> 1 S 0 687 6 0 70 -5 - 0 serio_ ? 00:00:00 kseriod
> 1 S 0 809 6 0 71 -5 - 0 worker ? 00:00:00 ata/0
> 1 S 0 810 6 0 71 -5 - 0 worker ? 00:00:00
> ata_hotplug/0
> 1 S 0 828 1 0 76 0 - 0 - ? 00:00:00 khpsbpkt
> 1 S 0 838 1 0 75 0 - 0 kjourn ? 00:00:00 kjournald
> 5 S 0 1374 1 0 76 -4 - 615 - ? 00:00:01 udevd
> 1 S 0 2202 1 0 80 0 - 0 - ? 00:00:00
> shpchpd_event
> 1 S 0 2258 6 0 71 -5 - 0 gamepo ? 00:00:00 kgameportd
> 1 S 116 2686 1 0 73 -2 - 582 - ? 00:00:00 dhclient3
> 1 S 0 3105 6 0 71 -5 - 0 worker ? 00:00:00 wrap_wq
> 1 S 0 3106 6 0 72 -5 - 0 worker ? 00:00:00 ndis_wq
> 1 S 0 3215 1 0 79 0 - 0 kjourn ? 00:00:00 kjournald
> 5 S 109 3372 1 0 76 0 - 441 - tty5 00:00:00 syslogd
> 4 S 0 3399 1 0 76 0 - 416 syslog ? 00:00:00 dd
> 1 S 103 3401 1 0 80 0 - 613 pipe_w ? 00:00:00 klogd
> 5 S 104 3429 1 0 78 0 - 547 - ? 00:00:00
dbus-daemon
> 5 S 108 3461 1 0 75 0 - 1695 - ? 00:00:05 hald
> 0 S 0 3462 3461 0 76 0 - 678 - ? 00:00:00
hald-runner
> 4 S 108 3532 3462 0 75 0 - 499 evdev_ ? 00:00:00
> hald-addon-key
> 4 S 108 3553 3462 0 77 0 - 500 - ? 00:00:00
> hald-addon-sto
> 4 S 108 3554 3462 0 77 0 - 501 - ? 00:00:00
> hald-addon-sto
> 1 S 0 3570 1 0 75 0 - 481 - ? 00:00:00 dhcdbd
> 5 S 0 3590 1 0 75 0 - 980 - ? 00:00:00
> NetworkManager
> 1 S 0 3597 1 0 81 0 - 700 - ? 00:00:00
> NetworkManager
> 5 S 0 3641 1 0 78 0 - 1494 - ? 00:00:00 hpiod
> 1 S 105 3678 1 0 76 0 - 2316 - ? 00:00:00 python
> 5 S 7 3724 1 0 76 0 - 1049 - ? 00:00:00 cupsd
> 5 S 0 3755 1 0 83 0 - 399 - ? 00:00:00 inetd
> 5 S 0 3786 1 0 76 0 - 1442 - ? 00:00:00 nmbd
> 5 S 0 3800 1 0 78 0 - 2139 - ? 00:00:00 smbd
> 1 S 0 3813 3800 0 78 0 - 2139 pause ? 00:00:00 smbd
> 1 S 0 3836 1 0 76 0 - 406 - ? 00:00:00 mdadm
> 5 S 0 3854 1 0 75 0 - 1073 - ? 00:00:00 powersaved
> 1 S 0 3886 1 0 76 0 - 528 - ? 00:00:00 cron
> 5 S 0 3906 1 0 76 0 - 683 - ? 00:00:00 kdm
> 4 S 0 3910 3906 6 65 -10 - 8809 - tty7 00:00:39 Xorg
> 5 S 0 3922 3906 0 76 0 - 916 wait ? 00:00:00 kdm
> 0 S 0 4013 1 0 76 0 - 390 - tty1 00:00:00 getty
> 0 S 0 4014 1 0 77 0 - 390 - tty2 00:00:00 getty
> 0 S 0 4015 1 0 76 0 - 390 - tty3 00:00:00 getty
> 0 S 0 4016 1 0 76 0 - 389 - tty4 00:00:00 getty
> 4 S 0 4017 1 0 76 0 - 389 - ? 00:00:00 getty
> 0 S 0 4026 1 0 76 0 - 390 - tty6 00:00:00 getty
> 4 S 0 4035 3922 0 80 0 - 694 wait ? 00:00:00 startkde
> 1 S 0 4132 4035 0 76 0 - 1082 - ? 00:00:00 ssh-agent
> 1 S 0 4133 4035 0 76 0 - 1083 - ? 00:00:00 ssh-agent
> 1 S 0 4136 1 0 76 0 - 676 - ? 00:00:00
dbus-launch
> 1 S 0 4137 1 0 84 0 - 518 - ? 00:00:00
dbus-daemon
> 1 S 0 4165 1 0 76 0 - 5935 - ? 00:00:00 kdeinit
> 1 S 0 4168 1 0 76 0 - 5894 - ? 00:00:00 dcopserver
> 1 S 0 4170 4165 0 76 0 - 6162 - ? 00:00:00 klauncher
> 1 S 0 4172 1 8 75 0 - 7900 - ? 00:00:35 kded
> 0 S 0 4174 1 0 75 0 - 683 - ? 00:00:00 gam_server
> 0 S 0 4179 4035 0 76 0 - 386 - ? 00:00:00 kwrapper
> 1 S 0 4181 1 0 75 0 - 6130 - ? 00:00:00 ksmserver
> 1 S 0 4182 4165 0 75 0 - 6798 - ? 00:00:03 kwin
> 1 S 0 4184 1 5 75 0 - 8245 - ? 00:00:24 kdesktop
> 1 S 0 4186 1 3 75 0 - 7757 - ? 00:00:13 kicker
> 1 S 0 4187 4165 0 76 0 - 6001 - ? 00:00:00 kio_file
> 4 S 0 4196 4165 1 9 - - 3347 - ? 00:00:04 artsd
> 1 S 0 4198 1 0 75 0 - 6152 - ? 00:00:00 kaccess
> 1 S 0 4207 1 0 76 0 - 7087 - ? 00:00:01 kmix
> 0 S 0 4209 4165 0 76 0 - 6508 - ? 00:00:02 kwikdisk
> 1 S 0 4212 4165 2 76 0 - 9826 - ? 00:00:10 konqueror
> 1 S 0 4221 1 0 76 0 - 6366 - ? 00:00:00 klipper
> 1 S 0 4243 1 0 75 0 - 7806 - ? 00:00:01 knotify
> 1 S 0 4259 4165 0 76 0 - 10563 - ? 00:00:00 kio_http
> 1 S 0 4319 4165 0 76 0 - 10563 - ? 00:00:00 kio_http
> 1 S 0 4328 4165 0 76 0 - 10563 - ? 00:00:00 kio_http
> 1 S 0 4339 4165 0 76 0 - 10563 - ? 00:00:00 kio_http
> 5 S 0 5445 4165 8 76 0 - 7259 - ? 00:00:01 konsole
> 4 S 0 5461 5445 10 76 0 - 1342 wait pts/1 00:00:01 bash
> 0 R 0 5533 5461 0 78 0 - 542 - pts/1 00:00:00 ps
>
>
> The goal is to remove processes so that the K6 - 2+/500 uses its power to
> run only those things that middle school kids might need for school work
> and some games, etc. However, since the machinews will one day be hooked
> to a DSL line, leave those that are needed for that such as DHCP, the
> firewall, ClamAV, etc.
Since I made the request, I guess I should make an attempt at suggesting some
things that could be removed. (There are many things listed that I really
don't know what they are for (haldaemon and all things hal, for example), so
I'm hoping others can chime in as well.
Before I go any further, I would echo the suggestion of Sam Morgan--if you can
get more RAM it is a much easier way to go. Still, I find processes running
on my machine that are just plain annoying that they run--things that I'll
never use, or have memory leaks or other problems.
Aside: On one system I was running for a while, I disabled 4 of the 6 gettys
(i.e., virtual consoles or whatever they are called--the things you get to
when you press <ctrl><alt><F1> for example.) Iirc, I saved about 1 MB of RAM
(i.e., about 1/4 MB for each). On that system, I considered that a
significant saving.
I would consider disabling the following (most of these will be phrased
something like, for example, "if you don't have printers attached to the
machines (or on the network)"
Speaking about the network--another thing you might consider is using one
machine as a gateway to the network, and let the other machines interface to
the DSL line through that single machine (with a hub, switch, or coax
ethernet) so all can get access. In addition, set it up so the gateway uses
NAT. (I use a dos based gateway software package, and by default it uses NAT
(I don't think there is any option).)
NAT provides pretty good to excellent protection similar to a firewall (but
slightly different--incoming traffic is only allowed in response to outgoing
requests from one of the machines on the network). I still run my systems
(my home network) this way, and have had very few problems. (Of course, on
the Microsoft system my wife uses, I do run firewalls, virus checkers, etc.)
If you do this, you can put a firewall on the gateway, only, instead of each
machine. (The dos based gateway I use doesn't allow me to include a
firewall--on a LInux based gateway that should be no problem.)
Also, you can get away without the DHCP software if you're willing to make a
one time assignment of local TCP/IP addresses to each (client) machine.
E.g., on both the small school network I setup and ran, and my home network,
I use "hard wired" addresses in the range 192.168.0.nnn--I happened to use
192.168.0.10 for the gateway in both cases (for the local side of the
gateway), but, iirc, it is more conventional to uses some other address,
maybe 192.168.0.0?
cupsd: if you won't be printing from the machines
ndisq: I usually think of ndis being needed for some wireless networking
cards, but I guess it might also be needed for some Ethernet cards which
don't have a native Linux driver--if neither applies to you, try running
without this (sorry, I guess a lot of my suggestions will be couched in terms
of "try running without this"--I don't know enough in many cases to be sure
you won't need something)
jfs: I have no idea what the jfs tasks are for--maybe for the (IBM) JFS
filesystem? If you're not using it, try getting rid of those tasks.
Network Manager: and two processes? Not sure why you'd need this, and I found
that net_monitor (on Mandriva2006, maybe not the same program) is a real
resource hog with a memory leak--I've set up a cron job to kill and restart
the task every night. (If you restart the machines every day, this shouldn't
be a problem.)
ata_hotplug: I'm assuming you need this only if you're going to be plugging in
something like an external hard drive or similar.
python: I guess something might be running that depends on python, but I'm
pretty surprised
nmbd, smbd: Will you be using Microsoft networking between the machines--if
not, get rid of these. Furthermore, I find NFS much better for my
purposes--iirc, if I lose Microsoft networking (for example, the other
machine is shut down intentionally) while I have an application open using
Microsoft networking, to reestablish the connection I have to restart the
application. In contrast, if I use NFS, the machine I'm talking to can come
and go as it pleases, as long as the machine is up when my application talks
to it. (And, iirc, if that other machine is not up, I get an error message,
and I can turn on that other machine and then repeat the talk when that
machine is up.
cron: If you're not running the machine 24 hours a day, I'd get rid of this.
If you want some tasks run at regular intervals, there are some alternate
processes that can do that (when run as daemons) but which work on different
bases--for example, running a task when the machine comes up if it missed a
scheduled run.
gam_server: iirc, this is the task that detects when files have been changed
on disk. I find it useful since I quite often have the same file open in
more than one applicatin, and I think this is the thing that lets each
application know that some other application changed the file. You may not
need gam_server.
kwikdisk: I have no idea what this task is (like a lot of others on your
list), and, again (like a lot of others on your list), I don't see it running
on my system.
kio_http: Hmm, I always associated these with running instances of
konqueror--sometimes when I find my system bogging down--ahh, I should
digress and discuss that:
My (current) main system has 512 MB of RAM (motherboard limitation). Fairly
often, I find my system slowing down with the hard drive doing its "sewing
machine routine".
I keep an instance of top running in a root konsole. I know that when my swap
usage approaches the amount of RAM that I have (512 MB) (I'm not 100% sure
that's the triggering event--at one time I thought it was 1/2 the available
swap, but I upped my swap from 1 GB to 2 GB, and the sewing machine still
triggers around 512 MB).
When I notice a problem, I go through and kill applications (or daemons) that
are using a lot of memory and then (if I need them) restart the same task.
If the task is subject to memory leaks (which I know, with the versions I'm
using (Mandriva2006), they are, including: konqueror, mozilla-firefox, opera,
kmail, kate, and net-monitor) killing them and restarting them will free up
the leaked memory. (Rebooting the machine has the same effect, so whichever
is more convenient for you--I have so many things open in an attempt to work
on them that a reboot is a major disruption for me.)
Anyway, back to kio_http processes. I usually associate these (and
nspluginviewer) tasks as being associated with konqueror (or other browser
processes). I didn't mention it above, but these are the first processes I
kill (if any are running) when I start to get the sewing machine. Quite
often they seem to get hung (they hang around even though no page is
currently loading--or a page being loaded is hung and making no progress).
If I kill these, and then attempt to load a page, they are restarted
(automatically) as necessary, so I have no compunction about killing these as
my first attempt to get my machine moving again.
ssh: Hmm, I'll get shot for suggesting this, but, if you have no need for ssh,
get rid of it. Going further, if you need to use telnet between machines
(the insecure forerunner of ssh), I have no concerns about using telnet
behind a NAT gateway.
(I didn't know telnet or ssh when I first started switching to Linux. I found
it much easier to learn to use telnet first, and now I can see and understand
the extra things that ssh requires, but I had a hard time learning ssh until
I first learned to use telnet.)
Sorry for rambling on so long.
Hope some of this is helpful--some of it might be useful (as it is for me)
even if you get more RAM.
Randy Kramer
More information about the QnA
mailing list