0

I have installed maldet for malwere detection and it runs daily via a CRON task.

In my server usage I see every night a peek usage of CPU which goes up to nearly 100% CPU usage.

Is there a way to limit this process to only use max 50% for example. I don't care if it takes longer to run the scan, I just don`t want my server to be overloaded because of the scan.

I hope there is a simple solution for this either by configuring maldet or like a general linux solution to use on the maldet processes.

Thanks!

Marcel
  • 119
  • 4
  • `man nice` (and, possibly `man ionice`) is what you want. – David Schwartz Jun 03 '15 at 07:30
  • Really, you probably just shouldn't do anything. The OS already knows how to distinguish interactive (processes that respond to outside events) and non-interactive processes (processes that chug along until they've finished their work) and give priority to interactive processes. – David Schwartz Jun 03 '15 at 07:37
  • 2
    Why do you think keeping your server 50% loaded for twice as long is better? – David Schwartz Jun 03 '15 at 08:00
  • Hi @DavidSchwartz, I did not think of it that way. I figured, if this process on itself is using up to 95% cpu, what happens if I get a few concurrent visitors on my site and Apache needs 20%. But basically what you are saying is in that case the usage of maldet will probably scale down to give more space for apache? – Marcel Jun 03 '15 at 08:13
  • 1
    Yes, exactly. The people who wrote your OS understand these common use cases and the scheduler can easily tell the difference between interactive processes that wait for things to happen and then need to respond to them quickly and background processes that need a lot of resources but in exchange must yield to latency-sensitive things. (And how would having the server under load for twice as long help? Wasting 50% of the CPU most of the time doesn't help anybody!) – David Schwartz Jun 03 '15 at 10:39
  • You might be able to setup limits by putting this application into a different cgroup if your linux kernel is recent enough. – mdpc Jun 04 '15 at 23:13

1 Answers1

1

There's no reason to change anything because there's no painful tradeoff to make here. Everything on the system benefits from having this task completed as quickly as possible. And interactive tasks will automatically get priority over background tasks when there's something they need to respond to.

If you feel like you must tinker, use nice to reduce the CPU prority and/or ionice to reduce the I/O priority. But don't limit utilization -- that just makes the task take longer for no benefit. You can't save unused CPU or I/O bandwidth for later -- everyone benefits when work is completed as quickly as possible.

David Schwartz
  • 31,449
  • 2
  • 55
  • 84
  • Thanks David for the explanation. I agree there is no reason to limit the usage since I now know a little background on how the OS handles interactive vs background processes. – Marcel Jun 03 '15 at 14:17