Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/assafmo/couchdb-linux-performance
errors=remount-ro,noatime,nouser_xattr,barrier=0
(Replace sdXY
with your partition name)
sudo tune2fs -l /dev/sdXY | fgrep has_journal
Unmount filesystem (If root filesystem then mount read-only) and then:
tune2fs -O ^has_journal /dev/sdXY
noatime,nodiratime,logbufs=8,logbsize=256k,nobarrier
(Replace sdX
with your device name)
####
## IO Scheduler
####
# First, set an appropriate IO scheduler for file servers.
# deadline - For spinning disks
# noop - For VMs and SSDs
echo noop > /sys/block/sdX/queue/scheduler
# Now give the IO scheduler more flexibility by increasing the number of schedulable requests:
echo 4096 > /sys/block/sdX/queue/nr_requests
# To improve throughput for sequential reads, increase the maximum amount of read-ahead data.
# The actual amount of read-ahead is adaptive,
# so using a high value here won't harm performance for small random access.
echo 4096 > /sys/block/sdX/queue/read_ahead_kb
####
## Virtual memory settings
####
# To avoid long IO stalls (latencies) for write cache flushing
# in a production environment with very different workloads,
# you will typically want to limit the kernel dirty (write) cache size:
echo 5 > /proc/sys/vm/dirty_background_ratio
echo 10 > /proc/sys/vm/dirty_ratio
# Assigning slightly higher priority to inode caching helps
# to avoid disk seeks for inode loading:
echo 50 > /proc/sys/vm/vfs_cache_pressure
# Decrease swappiness to prevent swapping as much as possible
echo 1 > /proc/sys/vm/swappiness
# Buffering of file system data requires frequent memory allocation.
# Raising the amount of reserved kernel memory will enable faster and more reliable
# memory allocation in critical situations.
# Raise the corresponding value to 64MB if you have less than 8GB of memory,
# otherwise raise it to at least 256MB:
echo 262144 > /proc/sys/vm/min_free_kbytes
# It is recommended to have transparent huge pages disabled:
echo madvise > /sys/kernel/mm/transparent_hugepage/enabled
####
## Process scheduler
####
# There's a kernel parameter that determines how long a migrated process has to be running
# before the kernel will consider migrating it again to another core.
# The sysctl name is sched_migration_cost_ns, default value 50000 (that's ns so 0.5 ms).
# Forking servers, like PostgreSQL or Apache, scale to much higher levels of concurrent
# connections if this is made larger, by at least an order of magnitude:
echo 5000000 > /proc/sys/kernel/sched_migration_cost_ns
# Another parameter that can dramatically impact forking servers is sched_autogroup_enabled.
# This setting groups tasks by TTY, to improve perceived responsiveness on an interactive system.
# On a server with a long running forking daemon, this will tend to keep child processes from
# migrating away as soon as they should.
# It can be disabled like so:
echo 0 > /proc/sys/kernel/sched_autogroup_enabled
####
## CPU
####
# Set the scaling governor to performance. This keeps the CPU at maximum frequency
echo performance | sudo tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
sudo /etc/rc.local
or reboot
:warning: Using ionice
is effective if and only if IO scheduler uses an algorithm that takes
priorities into account. If you have followed this guide so far, using ionice
will have no effect
since you have set IO Scheduler to deadline
or noop
which doesn't use priorities.
Look for cfq
for a scheduler that works with priorities.
Giving CouchDB IO priority with ionice
: sudo ionice -p $(pidof beam.smp) -c 1 -n 0
.
This can also be done in a systemd
unit:
IOSchedulingClass=1
IOSchedulingPriority=0
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.