Keeping your MySQL server backup as current as possible is important. I’ve seen (and have done this myself) people backup using mysqldump once a day, week, or month without any backups in-between. There are a few problems with backing up your database this way. The first problem is that running mysqldump is very slow on large databases and could lockup your website for a significant portion of time. Secondly, you can lose all data that occurred since the previous backup.
There are times when you need to connect to your MySQL or MariaDB remotely but don’t want to enable remote connections on the server. The solution is to use SSH tunneling with OpenSSH. SSH tunneling works by forwarding requests from a client port to the SSH server. The SSH server will then forward the request to the destination which can be itself or any other host the SSH server can access.
SSH is the most valuable tool to manage your servers. As you already know, SSH allows you to remotely connect to your server and access a shell. With the power SSH possess, it’s important to protect SSH to ensure the only trusted people are able to connect. This post will go through the SSH configuration settings that need to be modified to help protect your server. Editing SSHD Configuration Files To prevent this tutorial from repeating itself too frequently, here is an overview of how to edit the /etc/ssh/sshd_config file.
Below you will learn how to configure Nginx to stop logging sensitive information and help protect the privacy of your users along with protect authorization keys and query strings from being logged. Each section below outlines how to stop logging a specific page or piece of information. Multiple sections below can be combined to fully customize how you log visitors to your website. Basics to Nginx Log Options Before actually modifying any configuration files, here is an overview of the Nginx log options we will be using.
When you need to run the same maintenance commands on multiple servers, one option is to use a tool called MultiSSH (sometimes referred to as mssh). MultiSSH is a basic tool that allows you to connect to multiple SSH servers and run the same commands simultaneously on all of the connected servers. MultiSSH also allows you to run commands on a single server, a group of connected servers, or all of the connected servers.
File integrity ensures that the files on your system have not been modified since the last time you generated a checksum of the file. Checksums are often times generated and displayed when downloading files off of the internet to ensure that the file you downloaded is both properly downloaded and that the file downloaded is identical to the one being offered. File integrity can also be used on your server to alert you whenever a file has been modified.
Keeping your server up-to-date with the latest patches is important, but if your VPS is only used for your hobby projects, it can become difficult to remember to always check for updates and keep the server up-to-date. Lucky for you, a program called “cron-apt” exists. Cron-apt by default runs daily and will check for what packages need to be updated by using APT (Advanced Package Tool). Further configuration of cron-apt allows for the results to be e-mailed directly to you.
In the sections below you will learn how to identify the amount of memory that is installed on your server, check how much of the RAM is being used, and see a list of the applications using the most memory. Other than physical memory that is installed on your server, servers may also have burst memory, VSwap, and Swap memory. Before the main tutorial, some basic knowledge about the types of memory may come in handy.
Setting up e-mail notifications and alerts when a user signs in through SSH requires a shell script and a small modification to PAM. Keep in mind that if you’re setting up this alert for security, then you probably want to look at locking down your system first and securing all of your services instead of just receiving alerts. This notification can be useful as an extra alert for logins, but don’t rely on it as a security feature because you won’t always be monitoring your e-mail, and once an attacker signs into your server, it’s too late.
After SSH authentication you may want to run a set of scripts for the current user or for the server. These scripts could include logging SSH user logins, mounting partitions or remote file systems, limiting how many users can be on the system at a time, or any other script that should trigger when a user signs onto the system. This tutorial will outline how to update PAM (Pluggable Authentication Module) to run a shell script after the user is successfully authenticated.