Re: syslog problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Lars Solberg wrote:

> It all started with that I noticed apache was starting and stopping
> very slow. I then started debugging it, first with -X for debug in
> apache bin but I didnt get any output from that so I tryed with the
> very usefull strace util. I noticed it got an hang when trying to read
> from /dev/random. Why apache whould read from this file when I shut it
> down I dont know.
> I then tried to cat /dev/random and found nothing! /dev/random was
> empty... I waited one minute and tried catting it again and found
> about 10 random chars..
> I then went off to google and found out that /dev/random can run empty
> if the kernel random entropy pool is empty, this is logic, I also
> found out that read access to /dev/random is locked as long as the
> entropy pool is empty, also logic.
> But the question is why is it soo slow? I have never had problem with
> this on any Linux/*nix servers before. And if I manage to empty
> /dev/random on another server it usually dont take more than a few
> seconds to fill it up again.

One thing which will make a big difference is if the system has a
dedicated RNG (/dev/hwrng, major 10, minor 183) such as that found in
the i810 or AMD 768.

In the absence of that, the system needs a reasonable source of
entropy. If the server is only lightly loaded, common sources of
entropy such as disk access won't produce data very quickly.

Also, older kernels overestimated the entropy of certain sources, so
will produce data faster.

> Do any of you have any tips to make this process to fill up
> /dev/random goo any faster? Is it "bad" to make a symlink to
> /dev/urandom insteed?

Making /dev/random a symlink to /dev/urandom is a bad idea of you need
to use generate secure keys. If possible, it's preferable to configure
individual applications to use /dev/urandom instead of /dev/random for
less significant keys. E.g. SSL session keys don't need to be as
secure as a long-lived GPG/SSL private key.

-- 
Glynn Clements <glynn@xxxxxxxxxxxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Newbie]     [Audio]     [Hams]     [Kernel Newbies]     [Util Linux NG]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Device Drivers]     [Samba]     [Video 4 Linux]     [Git]     [Fedora Users]

  Powered by Linux