#linux quick refresher from anyone who maintains Linux systems #document http://bit.ly/2ftqnfK
- RCS is your friend, use it religiously on every system file you modify.
- My 20¢, https://plus.google.com/u/0/111725158664981767583
- once u've settled up
- setup a rsyslog server.
- Monitoring server (zabix, cacti, et al).
- Backup and update really often (specially if ur servers are internet-facing).
- Don't install apache and mysql on the same server.
- Only use https.
- Use containers (lxc, docker) when possible.
- Avoid using any .tar or .gz to install software, always use repositories or git.
- Never, never, never disable iptables or selinux (rh/centos).
- Always use fail2ban and mod_secure (if using a webserver).
- Cheers!
- assuming you maintain the hardware, tools to monitor hardware state. power supplies and hard drives are the most common issues in my environments that need watching. @ my last job, network team would introduce problems, so I also needed to check the status of my network bonds.
- Hardware or virtual, firewall and audit logs are mandatory for examining. Keep up on vendor updates (CERT vulnerability lists are also good).
- Log files. Depending on what services you are running, you’ll need to setup a log rotation right quick or you can run your /var partition out of space.
- nothing. what you need is monitoring setup and logwatch installed. read those emails, look at the monitoring system, login every once in a while, check who is logged in, running processes, network connections, free disk and memory, top.
- I really like having a CAS & PDU set up for remote control of everything without using ipmi.
- That all said, I have a set of cronjobs I run nightly or weekly to keep me informed. On various critical stuff I run nagios on assorted services.
- A bit old school but it works for me.
- I also have assorted scripts, for example an ansible script that goes through and updates/patches security in all of my servers (some 300 odd).
- Largely just SSH with private keys, and ensuring that updates are regularly installed.
- You can always write a simple program to get whatever stats are most important to you from the machines. Usually never amounts to more than just getting a history of memory, CPU, disk and network activity.
No comments:
Post a Comment