Huge memory leaks?

kenjiow · May 1, 2018, 11:57pm

I am having trouble with memory leaks for both my Centos 7 servers.
Here is a screenshot of the memory of my 4gb ram VPS
https://i.imgur.com/w6GWpzr.png
These all seem crazy high
here is a screenshot of my other server
https://i.imgur.com/FDrAwR5.png

Are these normal? What are the steps to debug if not

More info, I have the latest version of Virtualmin with all packages updated;
https://i.imgur.com/dzE3zC2.png

Diabolico · May 2, 2018, 11:45am

Connect with SSH, run “top”, then press L_Shift+F, use arrow keys (up / down) to navigate to the line that it say “* %MEM = Memory Usage (RES)”, press “s” and then “q”.

Now you have sorted everything by memory usage and post it here. Additionally you can run “free -m” and post that results here.

scotwnw · May 3, 2018, 2:47pm

The 2 gig for mysql is normal, especially if you took the default settings when setting up the mysql settings for virtualmin. Default is 2 gig mem use.
Seems I remember fail2ban using a lot as well. Although I have not used it in quite a while. Opendkim, not sure whats normal.

Diabolico · May 3, 2018, 5:32pm

@scotwnw:

MySQL will use as much memory as you set to use. Of course more memory (to some extent) dedicated to MySQL is better.
It is not normal that Fail2ban uses so much memory and same goes to opendkim.

It could be that both servers are abused in some way and this is a result of such hammering. I would suggest to op to restart the server and then do what i said in my previous post + checking the log files. In this way he could see what exactly is happening.

Joe · May 4, 2018, 3:45am

Both fail2ban and opendkim exhibit quite high VSS/VIRT memory usage, and it’s nothing to be alarmed about. RES is usually much smaller. I don’t know why these services in particular show such high VSS, but they do on some systems in some configurations. It’s harmless, as far as I can tell.

fail2ban in particular can grow huge (multiple GB VSS), while RES size stays at a few tens of MB. Again, I dunno why. I’ve seen it on some of our systems, but not others (mostly it remains at about 300-400MB VSS and 40-50 RES) and again I don’t know why. Never dug in to figure it out. It’s written in Python, though, so I would suspect that whatever memory mapping technique they’re using to map data on disk into memory isn’t very efficient. The differences may be related to Python version or related to how heavily trafficked the server is and how much attack traffic it gets.

There’s a site that explains some aspects of Linux memory usage, and why it can look weird: https://www.linuxatemyram.com/

kenjiow · May 6, 2018, 4:26am

How safe is it to disable fail2ban?
My SSH port is not default and my passwords are complex

@Diabolico
[root@hosting ~]# free -m
total used free shared buff/cache available
Mem: 3790 774 294 210 2721 2482
Swap: 2047 0 2047
[root@hosting ~]#

Diabolico · May 7, 2018, 8:04pm

@kenjiow: What i can see you are ok with the memory and no need to worry. Actually if you need you could dedicate another 1GB for MySQL and still have a lot of free memory for some other functions.

For Fail2Ban i would advise against his removal if you do not intend to replace with something else (like CSF). It really does his work great and to have it on your server could save you from some bigger problems. In case of CMS (e.g. Wordpress, Joomla, etc…) you can use F2B to ban IP(s) failing to comply with your website rules, like hammering the login page. As opposed to any CMS addon with same/similar functions to ban IP(s) Fail2Ban will not cause additional load on the server.

There are really many reasons why someone should have F2B installed on the server, or any other software doing same job like CSF or Imunify360.