It was fun setting up your very own server. I remembered the time when I received the root password to my very first virtual server back in March 2006 ($22/month for a merely 192MB of memory), it took me hours setting it up to exactly the way I wanted. At the end of the day when it started to pump out my websites on TCP port 80 — joy!
Well. It’s still fun the second time around when I moved hosting, but it wasn’t the same. 3rd time? Hmm. By now I probably have set up 30+ virtual servers due to expansion or migration, and it feels a lot like work than fun. In the effort to possess the 3 great virtues of a programmer according to Larry Wall, laziness, impatience, and hubris, I decided to write some simple scripts to quickly get my low end virtual servers up running and configured in no time!
Here is one that I want to share today.
- Download lowend-debian.sh
Usage:
- Buy a new low end VPS from any provider
- Build a standard Debian 5 minimum install
- Got the root password
sshinto your new low end box, and$ ssh root@my-new-box Linux lowendbox 2.6.18-blah #1 SMP Wed Aug 26 15:47:17 MSD 2009 i686 ... Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. # wget -q https://lowendbox.com/scripts/lowend-debian.sh # bash ./lowend-debian.sh ...
What it does is:
- Remove
rsyslogd(memory hog on OpenVZ system) andportmap(mostly useless). - Run
apt-get update && apt-get upgradeto get the server up to date. - Install and configure
dashas/bin/sh. - Install and configure
inetutils-syslogas default system logger. - Install and configure
dropbearas OpenSSH replacement.
Once done, it should bring the memory usage to around 4-5MB on a 32bit Debian (where 2.8MB is from bash and dropbear that handles the SSH connection). It should also work on Ubuntu-based distributions (tested on a 64MB Ubuntu 9.04 VPS). Feel free to check the code to make sure I am not doing anything malicious like hijacking the server and install a ssh key or something :)
- 5 Reasons Why You Want a Low End Box - May 26, 2021
- Dead Pool January 2012 - February 2, 2012
- exit(0); - January 19, 2012
Nice, but there is no security setup by default. What do you do?
I have a basic iptables script at https://github.com/vrillusions/bash-scripts/tree/master/iptables. Idea is copy both of those to /root (click on each file and then click on raw to get the code) and make them executable. Edit iptables-init.sh to your liking and run it. If you lock yourself out then from your providers control panel run /root/iptables-reset.sh to get access again.
Just a quick note I’ve moved the iptables stuff to it’s own project since it’s become popular (allows you to watch just updates to iptables and not when I update whatever). New address is https://github.com/vrillusions/iptables-init
Download link is broken.
…/scirpts/lowend-debian.sh
should be
…/scripts/lowend-debian.sh
:)
Arg. Link fixed.
As of security — that really depends on your need (setting up sudoer, creating users, setting up firewalls). I have my scripts for those but I prefer not to show them :)
You install inetutils-syslog as default syslogger, how do you think about limiting rsyslogd by using ulimit -s 128? Is it safe to do that?
Instead of “rm -rf /bin/sh”, I’d recommend “dpkg-divert –rename /bin/sh”.
@Moi — the main issue I found with rsyslogd is its VSZ which is a lot greater than RSS. Although it might not use that much memory, it is still bad on an OpenVZ system where privvmpages counts the pages that are allocated.
@dne — thanks for the suggestion.
it will better to start some tutorial series, like:
1) vps start configuration
2) lighttpd and php install
3) mysql and bind install
4) postfix install and full configuration for virtual domains
6) (whatever else you think)
5) security tricks/tips
let me know what you think.
btw something you forgot on the script..
Thanks for this :)
Btw you spelled virtues wrong :p (virues)
Thanks. Fixed. Last time I checked spelling was not in the list of virtues of programmers :)
hey lowenbox. release more scripts!
Thanks for the script!
Thanks for the great script!
I tried dropbear but it doesn’t play nice with git and none of the fixes I’ve seen work for me so I’ve abandoned it for just now.
Seemingly the ulimit -s limit isn’t honoured by default ssh configurations, a bit of googling found me:
UsePrivilegeSeparation = no
Which will have ssh respecting your limits. Dropped ~3MB VSZ with that, google for the connotations.
Towards the end of the article, it is mentioned that once the softwares are installed by the scripts, the memory usage would drop to 4-5MB on a Debian 32 bit system . I bought an MICRO VPS plan (80 MB running Debian 5.0 32 Bit) from Quickweb , but even after i ran the script the top utility reports that i have used around 40000k memory, thats 40 MB . Should i be looking at any other utility to find out the right memory usage , or am i missing something here ?
Thanks heaps, works great
looks like bash and syslogd are still running after a reboot. is this correct?
top – 21:28:47 up 16 min, 1 user, load average: 0.00, 0.00, 0.00
Tasks: 12 total, 1 running, 11 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 131072k total, 30168k used, 100904k free, 0k buffers
Swap: 131072k total, 0k used, 131072k free, 9288k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 2036 708 612 S 0.0 0.5 0:00.02 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd/30754
3 root 20 0 0 0 0 S 0.0 0.0 0:00.00 khelper/30754
350 root 20 0 1956 700 580 S 0.0 0.5 0:00.00 syslogd
375 root 20 0 2092 484 380 S 0.0 0.4 0:00.00 dropbear
383 daemon 20 0 2164 416 288 S 0.0 0.3 0:00.00 atd
397 bind 20 0 51768 11m 2548 S 0.0 9.3 0:00.09 named
419 root 20 0 46520 6944 2308 S 0.0 5.3 0:00.02 lwresd
462 root 20 0 3792 768 600 S 0.0 0.6 0:00.00 cron
491 root 20 0 2408 1124 860 S 0.0 0.9 0:00.23 dropbear
492 root 20 0 4132 2832 1340 S 0.0 2.2 0:00.21 bash
506 root 20 0 2336 1092 900 R 0.0 0.8 0:00.02 top
Thanks for this
After doing this on the latest Debian package available,
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.5 2028 704 ? Ss 07:01 0:00 init [2]
root 2 0.0 0.0 0 0 ? S 07:01 0:00 [kthreadd/384]
root 3 0.0 0.0 0 0 ? S 07:01 0:00 [khelper/384]
root 459 0.0 0.4 1736 612 ? Ss 07:01 0:00 /sbin/syslogd
root 492 0.0 0.6 8668 792 ? Ss 07:01 0:00 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 2
root 495 0.0 0.2 8668 388 ? S 07:01 0:00 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 2
root 501 0.0 0.7 5488 972 ? Ss 07:01 0:00 /usr/sbin/sshd
root 536 0.0 0.6 2392 848 ? Ss 07:01 0:00 /usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
root 550 0.0 1.1 9988 1532 ? Ss 07:01 0:00 sendmail: MTA: accepting connections
root 552 0.3 2.3 8544 3020 ? Ss 07:01 0:00 sshd: root@pts/0
root 591 0.0 0.6 2288 864 ? Ss 07:01 0:00 /usr/sbin/cron
root 617 0.0 1.2 2960 1604 pts/0 Ss 07:01 0:00 -bash
root 627 0.0 0.7 2348 920 pts/0 R+ 07:02 0:00 ps aux
I think I’m having the same issue as the guy above me, however, it did free up more then 40MB of my 128MB VPS, and now running at just over 95MB FREE with lighttpd and all the perks
So I think it worked?
Trying to port this to CentOS, but i cant figure out for the ssh part.
im not sure how to remove old ssh to dropbear, and im afraid to get locke out of ssh :P
got any idea?
Script is not found
try this Link.