RimuHosting Blog

Introduction to the new Linux Sysadmin

Recently we have had a few support requests come through from people who are new to Linux, and are unsure how to maintain a server at all.

Package Management

If your Linux distro is RedHat based (ie Centos, , then you will be using yum and RPM.   RPM is for doing individual package manipulation (installing, removing etc), and yum is for installing a few packages,  all their dependencies and  general upgrades of multiple packages.

If you have an .rpm file on your computer you will want to install it with a command like this

rpm -Uvih filename.rpm

If you have mutltiple .rpm files you can run something like this

rpm -Uvih *.rpm

the options used above mean the following things

  • -U upgrade – you want to have this in case you have an older version of the package
  • -v Verbose – this shows you what its doing in case things go wrong
  • -i install – you want to install a package
  • -h hash tag – it displays a nice ### character progress bar (handy for larger files)

To find whats installed you can use

rpm -qa

To install multiple packages and their dependancies we use yum like this

yum install php5-gd2

Debian based package management used on Ubuntu and similar is pretty much the same only using dpkg and apt-get

dpkg -i package.deb

This will install it nicely. Or to install all dependancies

apt-get install packagename

Firewalling & Security

If an application does not open a port then that port is closed by default.  For the most part you shouldn’t need to be too paranoid about firewalling.  The only time its more required is if you want to block say the SSH port off to everyone except a few static IP addresses, or block external access to say MYSQL or similar (however often you may want to check the application for an option to bind it to localhost in this case).

SSH is often automatically challenged by various other exploited servers and applications. It is generally a good idea to move it to another port by editing /etc/ssh/sshd_config and then restarting the SSH daemon. If for some reason you need to leave it on port 22 then try installing something like denyhosts which blocks an IP after 3 concecutive wrong password attempts .

Make sure your packages are up to date every week at least. This is where package management comes in handy. Red hat/Centos  based users can do

yum update

yum upgrade

Debian/Ubuntu can do

apt-get update

apt-get upgrade

It pays to keep an eye out for security exploits in web based software  that you use, in particular any CMS or Forum software.

Liz Quilty

,
, , , , , ,