lowest_entropy
OS: Linux
This alert presents the minimum amount of entropy in the kernel entropy pool in the last 5 minutes.
Low entropy can lead to a reduction in the quality of random numbers produced by /dev/random
and /dev/urandom
.
The Netdata Agent checks for the minimum entropy value in the last 5 minutes. The alert gets raised into warning if the value < 100, and cleared if the value > 200.
For further information on how our alerts are calculated, please have a look at our Documentation.
What is entropy and why do we need it?
Entropy is similar to “randomness”. A Linux system gathers “real” random numbers by keeping an eye on different events: network activity, hard drive rotation speeds, hardware random number
generator (if available), key-clicks, and so on. It feeds those to the kernel entropy pool, which is
used by /dev/random
.1
Encryption and cryptography applications require random numbers to operate. A function or an
algorithm that produces numbers -that seem to be random- is very predictable, if you know what function is used.
In real life, we use our surroundings and our thoughts to produce truly random numbers. A computer can’t really do this by itself, so it gathers numbers from a lot of sources. For example, it can get the CO2 levels in a room from a sensor on the system and use that as a random number.
This way all the values are random and there is no pattern to be found among them.
For further information, please have a look at the References and Sources section.
References and Sources
Troubleshooting Section
The best tool to troubleshoot the lowest entropy alert is with rng-tools
. If rng-tools
are not
available for your platform, or you run into trouble, you can use the tool haveged
as an alternative.
Install and setup rng-tools
rng-tools
is a random number generator daemon.
It monitors a set of entropy sources, and supplies entropy from them to the system kernel’s /dev/random machinery.2
Installation
Debian-based platforms
root@netdata~ # sudo apt-get update
root@netdata~ # sudo apt-get install rng-tools
RHEL/Fedora/CentOS machines
- Change to the root account;
root@netdata~ # su
- And then install;
root@netdata~ # yum install rng-tools
After the Installation
You can run the service using the following command;
root@netdata~ # service rngd start
And also you can check the daemon status using the following command;
root@netdata~ # service rngd status
Install Haveged
Ideally, a system with high entropy demands should have a hardware device to generate random
numbers. For example, a TPM is such a device. However, there are also several software-only options you may install, like haveged
(read more).
Installation
Debian-based platforms
-
To install
haveged
, run:root@netdata~ # sudo apt-get install haveged
-
Set
haveged
up to start at boot with the commandsudo update-rc.d haveged defaults
.3
RHEL/Fedora/CentOS machines
-
Change to the root account:
root@netdata~ # su
-
Install
haveged
:root@netdata~ # yum install haveged
-
Set
haveged
to start at boot with the commandchkconfig haveged on
.3