Recently we have had a few support requests come through from people who are new to Linux, and are unsure how to maintain a server at all.
Package Management
If your Linux distro is RedHat based (ie Centos, , then you will be using yum and RPM. RPM is for doing individual package manipulation (installing, removing etc), and yum is for installing a few packages, all their dependencies and general upgrades of multiple packages.
If you have an .rpm file on your computer you will want to install it with a command like this
rpm -Uvih filename.rpm
If you have mutltiple .rpm files you can run something like this
rpm -Uvih *.rpm
the options used above mean the following things
- -U upgrade – you want to have this in case you have an older version of the package
- -v Verbose – this shows you what its doing in case things go wrong
- -i install – you want to install a package
- -h hash tag – it displays a nice ### character progress bar (handy for larger files)
To find whats installed you can use
rpm -qa
To install multiple packages and their dependancies we use yum like this
yum install php5-gd2
Debian based package management used on Ubuntu and similar is pretty much the same only using dpkg and apt-get
dpkg -i package.deb
This will install it nicely. Or to install all dependancies
apt-get install packagename
Firewalling & Security
If an application does not open a port then that port is closed by default. For the most part you shouldn’t need to be too paranoid about firewalling. The only time its more required is if you want to block say the SSH port off to everyone except a few static IP addresses, or block external access to say MYSQL or similar (however often you may want to check the application for an option to bind it to localhost in this case).
SSH is often automatically challenged by various other exploited servers and applications. It is generally a good idea to move it to another port by editing /etc/ssh/sshd_config and then restarting the SSH daemon. If for some reason you need to leave it on port 22 then try installing something like denyhosts which blocks an IP after 3 concecutive wrong password attempts .
Make sure your packages are up to date every week at least. This is where package management comes in handy. Red hat/Centos based users can do
yum update
yum upgrade
Debian/Ubuntu can do
apt-get update
apt-get upgrade
It pays to keep an eye out for security exploits in web based software that you use, in particular any CMS or Forum software.