Server Security Dog Linux software installation instructions

Source: Internet
Author: User

Server Security Dog Linux (SafeDog for Linux Server) is a Server management software developed for Linux servers. It integrates system parameter settings and intuitively displays the system running status, real-time system status monitoring, quick installation and configuration of common services, devices, or software, helps administrators quickly and intuitively manage servers. The software also provides interface interaction interfaces and detailed operation instructions on the character-only interface, so that the administrator can better understand the server status and manage and configure the server.
Quick System Configuration

1. Network Interface Configuration

The interface displays the IP address, subnet mask, MAC address, IP setting method, and nic activation status of each Nic, as well as the system's DNS server (nameserver) settings.

The shortcut key allows you to modify the IP address acquisition method of the NIC. If you need to manually enter the IP address and mask information, you can enter the gateway and DNS information. You can also disable the NIC and enable the NIC.

If the displayed value is "??", This parameter cannot be detected by the software or does not exist.

[Note]

The dynamic or static displayed by the software is the current IP address acquisition method. It may not be correct for reference only.

2. System Status Configuration

The system machine name, system date, and time are displayed. The shortcut key supports modifying the system machine name, account and password, system date, and time. The status is automatically refreshed every two to three seconds in this menu.

Rapid System Optimization

1. Network Optimization

Icmp Echo Ignore All: enable or disable "Disable response to ping packet policy"

[Verification method]

Cat/proc/sys/net/ipv4/icmp_echo_ignore_all

If the result is 1, the parameter takes effect. If the value is 0, the parameter does not take effect.

[Test Method]

You can run commands on the local machine

Ping 127.0.0.1

View the effect before and after Configuration

Tcp SynCookies enable or disable "Anti-syn flood attack Policy"

[Verification method]

Execute Command

Cat/proc/sys/net/ipv4/tcp_syncookies

If the result is 1, the parameter takes effect. If the value is 0, the parameter does not take effect.

[Test Method]

None

TcpTimeWaitReuse enable or disable "TIME-WAIT port reuse"

[Verification method]

Execute Command

Cat/proc/sys/net/ipv4/tcp_tw_reuse

If the result is 1, the parameter takes effect. If the value is 0, the parameter does not take effect.

[Test Method]

None

2. Process Resource Optimization

Shmmax sets the maximum value of a single shared memory segment, in bytes

[Verification method]

Execute Command

Cat/proc/sys/kernel/shmmax

[Test Method]

Use the following command

Ipcmk

The size of all shmall shared memory, in the unit of page

[Verification method]

Execute Command

Cat/proc/sys/kernel/shmall

[Test Method]

Use the following command

Ipcmk

Maximum number of shared memory segments in the shmmni System

[Verification method]

Execute Command

Cat/proc/sys/kernel/shmmni

[Test Method]

Use the following command

Ipcmk

Maximum number of threads in the threadsmax System

[Verification method]

Execute Command

Cat/proc/sys/kernel/threads-max

[Test Method]

None

Maximum number of file descriptors allocated to processes by filemax

[Verification method]

Execute Command

Cat/proc/sys/kernel/file-max

[Test Method]

None

Real-Time System Monitoring

1. File monitoring

Monit Toggle File Monitor Switch

File List: List of monitored files

[Test Method]

After setting the file list, enable the monitor switch. You can run the following command to view the report file:

Tail-f/etc/safedog/monitor/filemonit.txt

Generation, modification, and deletion of files or folders in the file list are immediately reflected in the report file,

The generation, modification, and deletion of files in the folder or level-1 folder in the file list will be immediately reflected in the report file.

[Note]

NoRecursively monitors sub-directories and cannot start the monitor when the file name list is empty.

2. Process Monitoring

Monit Toggle process monitor Switch

List of processes monitored by the Process List (which must include running parameters)

[Test Method]

After the process name list is set, enable the monitor switch. You can run the following command to view the report file:

Tail-f/etc/safedog/monitor/processmonit.txt

Use commands

Top or ps aux

Check whether the process is running. Once the process ends or is killed, the monitor immediately restarts the process.

For example, set the process name list

/Bin/sleep 5

/Bin/sleep 15

We can see that these two processes are always running, and will be restarted immediately after the process ends.

Note: The monitor cannot be started when the process name list is empty.

[Note]

This function is only applicable to the daemon process that can be started by using a command. The correct way to use this function is: do not start the service to be monitored at the beginning, by adding the process startup command to be monitored, enable the dongle to automatically start the monitored process. Otherwise, the dongle may not be able to match the process name in the Process List due to different startup processes. (For example, to monitor the vsftpd process, if the monitoring content added by the user is "vsftpd &", but before that, an error occurs when the user starts the vsftpd command by running the service vsftpd start command .)

3. CPU monitoring

Monit Toggle CPU usage monitor Switch

CPU Ceil CPU usage monitoring upper limit (higher than the value written to the report)

CPU Floor CPU usage monitoring lower limit (lower than this value write report)

[Test Method]

After setting the monitoring range, enable the monitor switch. You can run the following command to view the report file:

Tail-f/etc/safedog/monitor/cpumonit.txt

4. Memory monitoring

Monit Toggle memory usage monitor Switch

Memory Use Ceil Memory usage monitoring upper limit (higher than this value to write the report)

Displays the current memory usage and idle space of the system.

[Test Method]

After setting the monitoring range, enable the monitor switch. You can run the following command to view the report file:

Tail-f/etc/safedog/monitor/memorymonit.txt

5. disk capacity monitoring

Disk Partitions monitored by Partition, such as/dev/sda1

The maximum disk capacity monitored by Ceil (higher than this value to write the report)

Minimum disk capacity monitored by Floor (lower than this value for writing reports)

Report Interval value of the disk capacity monitored by Interval (when the increase or decrease is greater than this value, the report is written)

[Test Method]

After setting the monitoring range, enable the monitor switch. You can run the following command to view the report file:

Tail-f/etc/safedog/monitor/diskvolumemonit.txt

6. file backup

Absolute path of the File to be backed up

Target Directory of the Backup file stored in Backup Directory

When the file Size monitored by Backup Size exceeds this value, the file will be compressed and backed up to the Backup directory, and the original file will be cleared.

[Test Method]

After setting the monitoring path and backup, turn on the monitor switch. When the file size exceeds the set value, you can check the backup target directory and the monitored file content.

7. TCP listening port

Display the tcp port being monitored in the current system and the corresponding address, process ID, and process name.

Application settings

1. iptables

Displays the current rule set list of iptables and the Default policy of the Rule chain ).

You can add some simple rules to the input or output chains in iptables, including the protocol type (TCP/UDP), source address, source port, Destination Address, destination port, and behavior.

[Test Method]

After adding rules through the software, test whether the rules take effect through the network.

[Note]

The iptables settings of this software are lost after restart.

2. vsftpd

Perform some simple configurations on vsftpd that has not been configured in the system.

Whether Anonym Enable allows anonymous users to log on

Does Anonym Upload allow anonymous users to Upload?

Does Anonym Make Directory allow anonymous users to create folder permissions?

Anonym Root Path: Root directory Path of Anonymous Users

Whether Local User Enable allows Local User login

Whether Write Enable allows Write permission. Some switches affect all operations that require Write permission.

Ftp Start stop ftp service

Default configuration of Ftp Restore for initial or recovery. Initialization must be performed before the first entry.

[Test Method]

After the configuration is complete, start vsftpd and access the ftpd server on the local machine through the network to test whether the configuration item takes effect.

Enter

Ftp: // server ip Address/

Access the ftp server

[Note]

This software can only perform simple configuration For vsftpd. For more complex settings, see the vsftpd manual to edit the configuration file. When using this function, you must first enable the "Ftp Restore Default" function to initialize the configuration. After initialization, the configuration information before vsftpd will be lost, the root directory of the anonymous user is set to/srv/ftp, and the/srv/ftp/upload directory is the upload directory of the anonymous user. You can also modify related settings through the software. After the software configuration is complete, to use the configuration to take effect, you must first disable the service on the "Ftp Start" page on the software interface and then re-open the Service (that is, restart the service ).

3. samba

Perform some simple configuration on samba that has not been configured in the system.

Share Directory Path: Path of the shared folder

Share Write Enable: anonymous Write permission for Shared Folders

Start Samba Start to stop sharing

Samba Restore Default initializes the configuration file. Initialization must be performed before the first entry.

[Test Method]

After the configuration is complete, start samba and access the local samba shared folder through the network to test whether the configuration item takes effect.

Enter

\ Server ip \

Access the samba Shared Server

[Note]

For more information, see vsftpd.

Uninstall Software

Run the following command in the safedog_1.0.0.tar.gz directory:

./Uninstall. sh

You can.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.