Rob Sanders wrote: > When I compile the kernel, are there any steps I should take to insure > that its as trim as possible? I've done some searching, but mostly I've > found guides to writing code for the kernel and not so much I'm new and > stupid guides. Will gentoo walk me thru it? I'm not one to assume that > that and go blindly into the night. Is the reason I cant find a guide is > that its that simple? Curse Redhat for being so easy ;)
Essentially, when you are compiling a new kernel, a general rule of thumb would be to compile only those things that you absolutely need into the core kernel, and compile everything that you think you might need as a module that can be loaded/unloaded as needed. So go through the kernel configuration (If you want to do it all by hand, I recommend using the 'make menuconfig' option for configuring your kernel) and turn everything off that you don't need, paying attention to look at everything to make sure that the default isn't on. IIRC, some examples of this would be the SYMBIOS SCSI drivers, and the USB drivers. Unless you have a Symbios controller, you probably don't need that enabled, and if it's a server, you probably don't need the USB drivers either (infact, on my servers i even strip out all mouse support, but that's because I'm probably insane). > What services and programs will help me along the way? This machine > will only be serving multiple instances of hlds, nothing else. I expect > ssh, ftp, but what else has shown to be handy in a pinch? Possibly > installing something like iptraf so I can monitor bandwidth? Firewalls > an issue? I can't see into the future, so any personal recomendations > would be helpfull. I want to keep the entire install as trim and speed orientated > as possible. IMHO, ditch FTP unless you have users who need it. If you need to get files onto your machine, use SCP instead, it's more secure, and it's one daemon running instead of two. For firewalling, use IPTables, which also gives you the benefit of being able to setup IP accounting as part of it, removing the need for additional programs to track your bandwidth. For the trimmest possible machine, nothing should be running but the core system stuff, sshd, and hlds_l, and your kernel should be stripped down to the minimal possible configuration and compiled for your CPU architecture. For the best security, everything should be firewalled but your SSH TCP port, and your HLDS_L's UDP ports. One other recommendation I have that is oft overlooked. Use the nice command when running HLDS_L and adjust the servers priority for CPU attention up. I usually run my servers with a nice adjustment of -15, giving it priority for CPU attention over just about every other piece of software running except the kernel. Your milage may vary. :) Sincerely, TrIaX _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
