User Tools

Site Tools


server_administration

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
server_administration [2016/05/26 21:25]
sgripon
server_administration [2016/12/28 12:06] (current)
sgripon [logwatch]
Line 115: Line 115:
       158 yyy.yyy.yyy.yyy       158 yyy.yyy.yyy.yyy
       ​       ​
-Usually when you have a high number of open connection, like here for yyy.yyy.yyy.yyy,​ it is probably that this ip tries to DDOS you. That's time to ban it using ufw. +Usually when you have a high number of open connections, like here for yyy.yyy.yyy.yyy,​ it is probably that this ip tries to DDOS you. That's time to ban it using ufw. 
-===== ddos-deflate ​=====+===== nmd =====
  
-This is a simple script that automatically ban ip when the number of connections exceed what is configured. See https://antiddos.eu/en/news/item/20.+No More DDOS (nmd) is a simple script that automatically ban ip when the number of connections exceed what is configured. See http://us.informatiweb-pro.net/system-admin/linux/17--debian-ubuntu-centos-block-ddos-attacks-with-no-more-ddos-formerly-ddos-deflate.html(By Lionel Eppe)
  
-**Note**: if you have an error "$CONF not found" when running ​the script, ​you mau change ​the first line of the script ​from:+I modified a little ​the script ​in order to use ufw to ban adresses. Alsothere is an issue with the installed cron script: 
 +  - The name of the cron script ​must not contain dot (modify CRON variable in ///​usr/​local/​nmd/​ndm.conf/​agent.conf//​. 
 +  - The second cron command in the file miss the user root
  
-  #!/bin/sh +The good cron script must look like this:
-   +
-to:+
  
-  #!/bin/bash +<file bash /etc/cron.d/nmd> 
-   +* * * * * root /​usr/​local/​nmd/​nmd-agent.sh >> /​var/​log/​nmd-agent.log 2>&1 
-Same thing in the cron job+0 0 */7 * 0 root echo  > /​var/​log/​nmd-agent.log 2>&1 
- +</​file>​
-There is also an issue with cron service nameRaplace in the file all occurrences of  +
-  ​service crond restart +
-   +
-with +
-  service cron restart+
  
 ==== Use IPTables to limit NEW traffic on port 80 and 443 ==== ==== Use IPTables to limit NEW traffic on port 80 and 443 ====
Line 187: Line 182:
 Logwatch can send you a formatted view of system logs every morning by email. It is usefull to check everyday the health of your server. Logwatch can send you a formatted view of system logs every morning by email. It is usefull to check everyday the health of your server.
  
-FIXME Add details here+First, copy default config file to change settings: 
 + 
 +  sudo cp /​usr/​share/​logwatch/​default.conf/​logwatch.conf /​etc/​logwatch/​conf/​ 
 + 
 +Then, to receive by email the report modify the cron job and add --mailto option : 
 + 
 +<file bash /​etc/​cron.daily/​00logwatch>​ 
 +#​!/​bin/​bash 
 + 
 +#Check if removed-but-not-purged 
 +test -x /​usr/​share/​logwatch/​scripts/​logwatch.pl || exit 0 
 + 
 +#execute 
 +/​usr/​sbin/​logwatch --output mail --mailto my.email@domain.tld 
 + 
 +</​file>​ 
 + 
 +===== Slow server diagnostic =====
  
 +See a very good flow chart to help in slow server cases : http://​blog.scoutapp.com/​articles/​2014/​07/​31/​slow_server_flow_chart
  
 **Share this page:** **Share this page:**
server_administration.1464290759.txt.gz · Last modified: 2016/05/26 21:25 by sgripon