The server Security Dog Linux version (Safedog for Linux server) is a server management software developed for Linux Server, it integrates the system parameter fast setting, the system running state shows directly, the system state real-time monitoring, the common service, The ability to quickly install and configure devices or software to help administrators quickly and visually manage servers. The software also provides interface interface and detailed operation instructions under the pure character interface, which makes the administrator more aware of the state of the server and simpler to manage and configure the server.
System Quick Configuration
1. Network Interface Configuration
Interface display system each network card's IP, subnet mask, MAC address, IP setting way, network card activation state and so on information, also displays the System DNS server (nameserver) setting.
Shortcut key support to modify the IP access of the network card, if the settings manually need to fill in IP and mask information, gateway and DNS information can be filled out, at the same time provide a Stop network card, start the network card functions.
If the display value is "??", it means that the software cannot detect the item parameter or that the parameter does not exist.
[note]
The dynamic or static that the software displays is the way the current IP is obtained, just as a reference, may not necessarily be correct.
2, System State Configuration
The interface displays the system's machine name, the system date and time, the shortcut key supports modifies the system the machine name, the system's account and the password, the system date and the time. This menu automatically refreshes every 2-3 seconds.
Fast System optimization
1, Network Optimization
Icmp Echo Ignore all turns on or off the "No Response ping Package policy"
[Validation Effective Method]
Cat/proc/sys/net/ipv4/icmp_echo_ignore_all
The result is 1, and 0 means no.
[Test Method]
can be done by executing commands on this machine
Ping 127.0.0.1
View the effect before and after the configuration
TCP syncookies turn on or off the "Prevent SYN Flood attack policy"
[Validation Effective Method]
Execute command
Cat/proc/sys/net/ipv4/tcp_syncookies
The result is 1, and 0 means no.
[Test Method]
Temporarily No
tcptimewaitreuse turn on or off "port reuse for time-wait status"
[Validation Effective Method]
Execute command
Cat/proc/sys/net/ipv4/tcp_tw_reuse
The result is 1, and 0 means no.
[Test Method]
Temporarily No
2, Process Resource Optimization
Shmmax sets the maximum value for a single shared memory segment, in bytes
[Validation Effective Method]
Execute command
Cat/proc/sys/kernel/shmmax
[Test Method]
Use the following command
Ipcmk
Shmall all allowable shared memory sizes, in units of pages
[Validation Effective Method]
Execute command
Cat/proc/sys/kernel/shmall
[Test Method]
Use the following command
Ipcmk
Shmmni the maximum number of system-wide shared memory segments
[Validation Effective Method]
Execute command
Cat/proc/sys/kernel/shmmni
[Test Method]
Use the following command
Ipcmk
Maximum number of threads for Threadsmax system
[Validation Effective Method]
Execute command
Cat/proc/sys/kernel/threads-max
[Test Method]
Temporarily No
Filemax the maximum number of file descriptors assigned to a process
[Validation Effective Method]
Execute command
Cat/proc/sys/kernel/file-max
[Test Method]
Temporarily No
System real-time monitoring
1, File Monitoring
Monit Toggle File Monitor switch
List of files monitored by file list
[Test Method]
After you have set up the file list and then turn on the monitor switch, you can view the report file by using the following command
Tail-f/etc/safedog/monitor/filemonit.txt
The generation, modification, and deletion of files or folders in the file list are immediately reflected in the report file.
The generation, modification, and deletion of files or level folders within a folder in a file list are immediately reflected in the report file.
Attention
does not recursively monitor the subdirectory, and cannot start the monitor when the file name list is empty.
2, Process Monitoring
Monit Toggle Process Monitor switch
List of process names monitored by the process list (must include run parameters)
[Test Method]
After you set up the list of process names and then turn on the monitor switch, you can view the report file with the following command
Tail-f/etc/safedog/monitor/processmonit.txt
Using commands
Top or PS aux
You can see if the process is running and once the process is finished or killed, the monitor will restart the process immediately.
For example, set the list of process names as
/bin/sleep 5
/bin/sleep 15
As you can see, there will always be two processes running in the process and will be restarted as soon as they are over.
Note When the list of process names is empty, the monitor cannot be started.
Attention
This function is only applicable to monitor can be started by a command daemon, the correct use of this function is, the initial start to monitor the service, by adding to monitor the process to start the command, so that the security dog automatically start the monitored process, Otherwise, the security dog may not be able to match the process name in the process list because of a different startup process. (for example, to monitor the VSFTPD process, if the user added the monitoring content is "VSFTPD &", but the user has started the command service vsftpd start VSFTPD command will be wrong.) )
3, CPU monitoring
Monit Toggle CPU Usage monitor switch
CPU Ceil CPU Usage monitoring upper limit (write report higher than this value)
CPU Floor CPU Usage monitoring lower limit (write report below this value)
[Test Method]
After you set up your watch range, and then turn on the monitor switch, you can view the report file with the following command
Tail-f/etc/safedog/monitor/cpumonit.txt
4, Memory Monitoring
Monit Toggle Memory Usage monitor switch
Memory use Ceil memory usage monitoring upper limit (write report higher than this value)
Displays the system's current memory usage and amount of idle
[Test Method]
After you set up your watch range, and then turn on the monitor switch, you can view the report file with the following command
Tail-f/etc/safedog/monitor/memorymonit.txt
5, Disk Capacity Monitoring
Partition monitored disk partitions, such as/DEV/SDA1
Ceil the maximum amount of disk capacity that is monitored (above this value write report)
Lower limit of disk capacity monitored by Floor (write report below this value)
Interval monitored disk capacity reporting interval value (write report when the increase or decrease is greater than this value)
[Test Method]
After you set up your watch range, and then turn on the monitor switch, you can view the report file with the following command
Tail-f/etc/safedog/monitor/ diskvolumemonit.txt
6, file Backup
File absolute path that files need to back up
Target directory for backup directory
Backup size when the file size that is monitored exceeds this value, the file is compressed and backed up to the backup directory while the original file is emptied
[Test Method]
After you set up the monitoring path and backup, turn on the monitor switch, and when the file size exceeds the set value, you can check the target directory of the backup and the contents of the files being monitored.
7, TCP Listening Port
Displays the TCP port on which the current system is listening and the corresponding address, process ID, and process name.
Application settings
1, iptables
Displays the current list of rule sets for iptables and the default policy (policy) for the rule chain.
You can add some simple rules to the input chain or output chain in iptables, including protocol type (TCP/UDP), source address, source port, destination address, destination port, behavior, etc.
[Test Method]
After adding the appropriate rules through the software, test to test the appropriate rules through the network to be effective.
Attention
The setting of the iptables is lost after the reboot through the software.
2, vsftpd
Make some simple configuration of vsftpd that have not been configured in the system.
Anonym enable anonymous users to log on
Anonym Upload whether to allow anonymous users to upload permissions
Anonym make Directory allows anonymous users to establish folder permissions
Anonym root path for anonymous user
Local user enable Log on
Write enable writes permission is allowed, some switches affect all operations that require write permission
FTP Start start Stop FTP service
FTP Restore default initialization or revert defaults configuration, first entry must be initialized first
[Test Method]
Start VSFTPD After the configuration is complete, and then access the FTPD Server test configuration entry for this computer over the network.
Enter on the browser
ftp://Server ip/
Accessing the FTP server
Attention
The software can only be simple to configure VSFTPD, if more complex settings are required, please refer to the VSFTPD manual to edit the configuration file directly. When you use this feature, you must first start the FTP Restore Default feature, initialize the configuration, and after initialization, VSFTPD configuration information is lost, and the anonymous user's root directory is set to/srv/ftp and/srv/ftp/ The upload directory is an upload directory for anonymous users. The relevant settings can also be modified through the software. After the software configuration is complete, to use the configuration to take effect, you need to shut down the service and reopen the service (that is, restart the service) in "FTP start" on the software interface.
3, Samba
Make some simple configuration for samba that has not been configured in the system.
Path to Share Directory path shared folder
Share Write Enable Anonymous writes permission for shared folders
Samba Start start stop sharing
Samba Restore Default Initializes a configuration file that must be initialized the first time it is entered
[Test Method]
Start Samba After the configuration is complete, and then access the native's Samba shared folder through the network to test whether the configuration entry takes effect.
Enter on the browser
\ server Ip\
Accessing the Samba shared server
Attention
Refer to VSFTPD considerations.
software Uninstall
Execute the command in the previously extracted safedog_1.0.0.tar.gz directory:
./uninstall.sh
Can.