To anyone who bases his business on the Internet, either online stores or any other SaaS, server maintenance helps greatly to the service be active the mostof the time.
If we do not take the time to regularly review our server we may be engaged in a series of nasty problems such as:
- Attackers who obtain root privileges on the server or privileges that scale.
- Theft or deleting of data stored on the server (eg databases).
- Failures in hard drives with the consequent loss of information if you do not have a good backup policy.
- Sending spam scripts uploaded by vulnerable applications.
- Denial of service.
- The server becomes part of a botnet.
- etc. ..
The server management arises to avoid all these problems and can include the following:
24x7x365 server monitoring.
In server management is essential to have monitored the server and the critical services that depend on it, such as ping, the Web service (port 80), service mysql, etc.. So we realize immediately if any of them fail and we access the server to see what happens.
To monitor the server we can make use of specific software for it as Nagios, or use any supplier specializing in this subject.
Server performance statistics.
Although not required to determine if the server is online or not, is a great help to see the evolution of server resources (memory, load, disk space, traffic, etc). For example, we can see if at any time the server had a peak load or a drop in free memory may depend onexternal factors such as a large number of incoming connections, or may depend on the programming of the application that must be optimized.
One of the points in which more emphasis is made on server management is in security.
To protect our servers from unauthorized access that would allow the attacker to do anything on our server, it is customary to harden the security of services thar are active.
For example the SSH service, which is usually active in order to access the server remotely. The configuration of this service can be modified to not allow access to root user , or to change the default port, etc..
Disable unnecessary services.
In any Linux installation always there are services installed that are not necessary to run our applications. It is advisable to consider what services are removable, so it is not needed to configure them to enhance security, and thus save time.
Processes and sockets.
Another thing to consider in server management when adding security to the server, is to periodically review the processes that are running in it, to see if there is a process that should not be running or it be consuming too many resources.
In Linux with a simple “ps aux” we can see the processes, the corresponding user andtheCPU and memory it is consuming.
The same applies to opened ports. It is needed to check what ports are open and ensure that only those and nothing else is open. This way we can detect if there are any running application through which someone is accessing the server.
Remote port scanning.
This complements the previous section. We may use port scanning software such as nmap to check which ports are open on the server and close those that interest us, either stopping the service or using a firewall.
Obviously the scan must be done from another server and not locally.
Following security, in server management is essential to running a good firewall to control who and how you can access the active services on our server. In Linux, the most famous alternative is iptables although there are other frontends based on it.
To end the issue of security is very important check for critical service updates of our server and apply them, as kernel updates, web server, php, etc..Usually the services are installed by the package manager of the distribution that we are using, so the update is a very simple task that can eliminate vulnerabilities or security flaws in software programming mentioned above.For example, some recently discovered kernel vulnerabilities allow an attacker to escalate privileges or gain root privileges.
If you also have a control panel like Plesk or Cpanel to manage the server, it is also important tocheck for updates of it, to prevent unwanted access to the server.
As an example, the vulnerability discovered in February 2012 in Plesk Panel API, which allows an attacker to access the server using mysql code injection
If we have a MySQL server is necessary to modify the default settings to match the amount of RAM, number of cpus, etc. of the server. This will prevent that the data base server becomes a bottleneck in the operation of the applications that make use of it.
Hard drives status cheking.
Last but no less important is checking the health of hard drives of our server.
In Linux there are tools, like fsck, to check hard drives. The problem is that you can not use this tool on mounted hard drives, since it will produce data corruption.
Therefore to check the disk while it is mounted we can look at the logs (/var/log/dmesg) or if it is a RAID array we can look at /proc/mdstat
In conekia know that following these steps we will avoid many headaches, since clean a compromised server without reinstalling the operating system is quite complex and the service can be reduced during a long period of time. Even sometimes there is no choice but to reinstall the operating system and reinstall all the data from a backup if you have one.
Although there are hosting providers that give the server management as a service, the customer is usually who must perform the steps described above.
For anyone who can not perform all these maintenance tasks in conekia we have launched our server management product.