safe to get rid of /old?

linux centos

I have a CentOS webserver that I'm trying to prune down. The entire server is 15GB, with 11.5GB being the /old directory. It appears to be some kind of backup, like an entire copy of the filesystem. I'd rather it not take up that much space, so I'm wondering:

  1. exactly what /old is and what it does
  2. if it is safe to get rid of it

I've tried doing some searches on google, but google ignores the "/" character, so I can't get anything relevant. I'd love any tips you might be able to give me. Thanks!


Solution 1:

The /old is not something mentioned by the FHS. This directory was almost certainly created by you or some person with root access.

One quick way to test if it is safe to remove it would be to simply rename it from /old to /really-old-to-be-deleted-soon. Restart the system, or at least the critical services. If nothing breaks, then delete it, if something does break rename it back to /old, and figure out what broke.

I strongly suspect it is safe to remove it. But a quick test should help you be sure. If you are really worried you could always archive it and transfer it to another machine.

Solution 2:

Using lsof as suggested is a good way to know if something is accessing it at that moment, and is a good solution but you can go with something more sophisticated that will allow you to monitor what's happening during the time.

Auditd is a service included in CentOS that monitors different kinds of actions, so you could add a rule to monitor all access to /old

 auditctl -w /old -p war -k old-access # old-access is an user defined string

Then when you want to see if something has accessed the directory you can use ausearch to look into all the events using the define key "old-access"

 ausearch -k old-access

If you want to make this change permanent across reboots add "-w /old -p war -k old-access" to /etc/audit.rules (and remember to apply the change with "service auditd restart".

If you want to test it just run "ls /old" and after that "ausearch -k old-access" will show you all the events.

You may have some processes (mlocate or some integrity check like aide) checking the filesystem that may be accessing those files, so you will have to look at the results, but at least you will know if that directory has been used after 1 day, 1 week or whatever you would like to wait to make sure that the content isn't important.

Related

Does everyone have to start with a fresh user profile if we create a new AD Domain?
Server and network setup for a small private school
Proof that hibernating the server over the weekend is not a good practice
multiple internet connection at office
How to allow some (non-admin) users to edit address/phone properties for all AD users?
What's faster for copying files from one drive to another? [closed]
How can I run command and select core to be used
LPR command won't recognize CUPS printer
Local and remote servers with different Linux distros?
MySQL Error: Too many connections
Do i need swap memory on my CentOS vps?
Ubuntu, How do I see a log of logins made?