Today, on of the servers was swapping a crazy amount of RAM to disk that caused the load factor to rise from the usual ~0.4 to over 25. The machine in question should have been running exactly three services. All of them in-house product and optimised to run on the specific size of theses VMs.
To my surprise there was a
cups-browsed running inside a snap package.
Why was it installed on a LTS server?
Sadly, the snap history that
snap changes returns contains just the last 24h.
So the only other hint was in
journalctl where the entries from
storehelpers.go report errors while looking for updates.
Let's get on with the fix:
snap remove cups
Why is this a problem?
On a tiny VM with 1024MB of RAM 137MB is roughly 13% of the available memory.
And the disk space is at-least 56MB according to
du -hc /var/lib/snapd/snaps/*
If the cloud provider had added it to the base image, then they just waste disk space and RAM for their clients the question is do they try to up-sell you?
If it is part of the Ubuntu server default image this must have slipped trough the cracks and should be fixed.
The attack surface
Any piece of software that is not needed is a potential security problem.
cups-browsed is listening to broadcast mDNS requests (and maybe sending them out as well?) in the data center, so not great for a quiet operation.