Thursday, June 11, 2009

Linux System Maintenance and Setup

There are a few things I like to do on all my Linux servers when the box is set up and from time to time to verify all is well.  Here is a short list of some of these items:

  • Remove rights for root to login via ssh.
    In /etc/ssh/ssh_config change "PermitRootLogin yes" to "PermitRootLogin no".  Then restart ssh
  • Boot into command line mode instead of the Gui (runlevel 3 instead of 5)
    In /etc/inittab change the line
    "id:5:initdefault:" to "id:3:initdefault:"
  • Setup logwatch to email you daily logs of what's happening each day
    In /usr/share/logwatch/default.conf/logwatch.conf change
    "MailTo = root" to
    "MailTo = yourname@youremail.com"
  • Better yet...send all mail for root to your email email account.
    Edit /etc/mail/aliases and change
    "#root:   marc" to "root: yourname@youremail.com".  Now you need to run /usr/bin/newaliases to recreate the aliases.db file.
  • Update your box nightly at midnight...but skip kernel updates as they may break stuff
    Edit your cron jobs file (crontab -e) and add the line:
    0 0 * * * yum --exclude=kernel* -y update
  • Reboot your machine weekly (Reboot every Sunday at 1am)
    Edit your cron jobs files (crontab -e) and add the line:
    0 1 * * 0 /sbin/shutdown -r now
  • Adjust the time for forced disk checks to once a quarter because it can take a long time to boot with large drives.
    Run something like
    "tune2fs -c 12 -C 0 /dev/VolGroup00/LogVol00"
    Assuming you reboot once a week this will force a check once a quarter.
  • Get a good look at the processes and what started them on your system
    Run "ps auxwww"
  • Get a good baseline of your hard drives performance and age before you go live. Note that this wont' work on a VM and you will need check /dev/hda1 to machine your machines config.
    Run "smartctl --all /dev/hda1"
  • Determine what ports are open and listening
    Run "netstat -anp --tcp --udp | grep LISTEN"

What things to do you do?

I’m working on authoring a system maintenance document outlining things that should be done for maintenance on a daily, weekly, monthly, quarterly and annual schedule.  Let me know what you are doing and I’ll email you a copy of my document when it’s done.

Posted by at

1 comment:

Lance N. Rea said...

I'll take a copy of that document when you're done with it.

Thanks,

Lance

11:00 AM

Post a Comment

Subscribe to: Post Comments (Atom)