is 760.25 MB used memory normal?

I have two VH up one is empty site, one line of text.The other is a static one page php.

I disabled all the email services. Here are the output of ram processes listed by usage.

peterwebadmin@n1:~$ ps aux | awk ‘{print $2, $4, $11}’ | sort -k2rn | head -n 20396 27.9 /usr/sbin/clamd

370 1.6 /usr/bin/python3
574 1.4 /usr/sbin/named
575 1.3 php-fpm:
757 1.3 /usr/bin/php-cgi7.0
758 1.3 /usr/bin/php-cgi7.0
320 1.2 /usr/bin/freshclam
1053 1.1 /usr/bin/perl
437 1.0 postgrey
939 0.8 /usr/bin/python3
1049 0.4 proftpd:
1 0.3 /sbin/init
1037 0.3 /usr/lib/policykit-1/polkitd
2217 0.3 sshd:
2221 0.3 /lib/systemd/systemd
660 0.3 /lib/systemd/systemd
725 0.3 php-fpm:
726 0.3 php-fpm:
173 0.2 /lib/systemd/systemd-journald

Yes. If you want to lower that memory consumption you will need to turn off quite few services, AV, Spamassassin, mail, MySQL (if you can)… and so on. Still OS and Virtualmin will always use some amount so even if you turn almost everything off count at least to 100-200MB used by the system (no traffic included).

All the things you listed is off except av

What output do you receive when running “ps auxw” on your server?

Note that another thing is to disable Mailman, if that’s enabled. I noticed in our output above that “python3” is running, which I suspect is for Mailman.

-Eric

i need to double check but i think python3 is failed to ban. i couldn’t find mail men on my system.

From my understanding failed to ban is in addition to firewall

Yeah you may be right, Fail2ban does indeed use Python as well.

Fail2ban is optional – which services you run all come down to what your needs are.

Fail2ban monitors your logs, and performs actions based on what it sees.

By default, I believe it watches for failed SSH login attempts, and bans offending IP’s after 10 or so failed attempts.

-Eric

do people usually run it? with ssh if i diable pw login and use a private key logon instead this should be enough right and i think ftp has their own timeout lock?

It all comes down to how much you need to reduce memory usage. It’s certainly an option to use key-based logins as you’re describing… that’s an excellent security measure.

Some folks also put SSH on a port other than 22 to make it harder for the bots to find it.

Depending on your needs, some folks also disable FTP, and purely use SSH/SFTP and Webmin/Virtualmin for connecting to the server.

Note that users can upload files using the File manager within Webmin/Virtualmin.

-Eric

You must have fail2ban*** or your server will get hammered by bots and brute force attacks 24/7. More popular are the domains on that server more attacks you will get and this never stops just goes up. You could move some services to non-default ports but you cant do that with all ports as some services are communicating on predefined ports and cannot be changed.

You can remove psw for (s)FTP/SSH and use keys still your other ports will be open for such attacks. For example aggressive bots who dont honor robots.txt usually like to hammer your website(s). Not once i saw a IP belonging to a bot banned by fail2ban because that bot made 30-50+ connections per second. In other words this bots are capable to scan entire website in matter of few seconds and they never stop so you get this crap 24/7 and in the process of scanning they actually DDoS your server.

Last year i got one client who previously had someone else who managed their server and website. This client came to me because was not happy with the service he had until then. Long story short i jumped in and then i saw the reason for his website to be slow, unresponsive, etc. There was between 2000-3000+ bruteforce attacks per hour(!) on WP login page and more than 3000 attacks on xmlrpc.php file. I manage to bring that numbers down but it was a mess. Other ports were affected too but honestly i forgot the numbers. Obviously his domain got into several “bot list” and that was a nightmare.

*** Or some alternative to fail2ban, like CSF.