Server Security dog Linux version software Installation Instructions _linux

Source: Internet
Author: User
Tags anonymous memory usage sleep cpu usage iptables
The server Security Dog Linux version (Safedog for Linux server) is a server management software developed for Linux Server, it integrates the system parameter fast setting, the system running state shows directly, the system state real-time monitoring, the common service, The ability to quickly install and configure devices or software to help administrators quickly and visually manage servers. The software also provides interface interface and detailed operation instructions under the pure character interface, which makes the administrator more aware of the state of the server and simpler to manage and configure the server.
System Quick Configuration

1. Network Interface Configuration

Interface display system each network card's IP, subnet mask, MAC address, IP setting way, network card activation state and so on information, also displays the System DNS server (nameserver) setting.

Shortcut key support to modify the IP access of the network card, if the settings manually need to fill in IP and mask information, gateway and DNS information can be filled out, at the same time provide a Stop network card, start the network card functions.

If the display value is "??", it means that the software cannot detect the item parameter or that the parameter does not exist.

[note]

The dynamic or static that the software displays is the way the current IP is obtained, just as a reference, may not necessarily be correct.


2, System State Configuration

The interface displays the system's machine name, the system date and time, the shortcut key supports modifies the system the machine name, the system's account and the password, the system date and the time. This menu automatically refreshes every 2-3 seconds.


Fast System optimization


1, Network Optimization

Icmp Echo Ignore all turns on or off the "No Response ping Package policy"

[Validation Effective Method]

Cat/proc/sys/net/ipv4/icmp_echo_ignore_all

The result is 1, and 0 means no.

[Test Method]

can be done by executing commands on this machine

Ping 127.0.0.1

View the effect before and after the configuration


TCP syncookies turn on or off the "Prevent SYN Flood attack policy"

[Validation Effective Method]

Execute command

Cat/proc/sys/net/ipv4/tcp_syncookies

The result is 1, and 0 means no.

[Test Method]

Temporarily No


tcptimewaitreuse turn on or off "port reuse for time-wait status"

[Validation Effective Method]

Execute command

Cat/proc/sys/net/ipv4/tcp_tw_reuse

The result is 1, and 0 means no.

[Test Method]

Temporarily No



2, Process Resource Optimization

Shmmax sets the maximum value for a single shared memory segment, in bytes

[Validation Effective Method]

Execute command

Cat/proc/sys/kernel/shmmax

[Test Method]

Use the following command

Ipcmk

Shmall all allowable shared memory sizes, in units of pages

[Validation Effective Method]

Execute command

Cat/proc/sys/kernel/shmall

[Test Method]

Use the following command

Ipcmk

Shmmni the maximum number of system-wide shared memory segments

[Validation Effective Method]

Execute command

Cat/proc/sys/kernel/shmmni

[Test Method]

Use the following command

Ipcmk

Maximum number of threads for Threadsmax system

[Validation Effective Method]

Execute command

Cat/proc/sys/kernel/threads-max

[Test Method]

Temporarily No

Filemax the maximum number of file descriptors assigned to a process

[Validation Effective Method]

Execute command

Cat/proc/sys/kernel/file-max

[Test Method]

Temporarily No

System real-time monitoring


1, File Monitoring

Monit Toggle File Monitor switch

List of files monitored by file list

[Test Method]

After you have set up the file list and then turn on the monitor switch, you can view the report file by using the following command

Tail-f/etc/safedog/monitor/filemonit.txt

The generation, modification, and deletion of files or folders in the file list are immediately reflected in the report file.

The generation, modification, and deletion of files or level folders within a folder in a file list are immediately reflected in the report file.

Attention

does not recursively monitor the subdirectory, and cannot start the monitor when the file name list is empty.

2, Process Monitoring

Monit Toggle Process Monitor switch

List of process names monitored by the process list (must include run parameters)

[Test Method]

After you set up the list of process names and then turn on the monitor switch, you can view the report file with the following command

Tail-f/etc/safedog/monitor/processmonit.txt

Using commands

Top or PS aux

You can see if the process is running and once the process is finished or killed, the monitor will restart the process immediately.

For example, set the list of process names as

/bin/sleep 5

/bin/sleep 15

As you can see, there will always be two processes running in the process and will be restarted as soon as they are over.

Note When the list of process names is empty, the monitor cannot be started.

Attention

This function is only applicable to monitor can be started by a command daemon, the correct use of this function is, the initial start to monitor the service, by adding to monitor the process to start the command, so that the security dog automatically start the monitored process, Otherwise, the security dog may not be able to match the process name in the process list because of a different startup process. (for example, to monitor the VSFTPD process, if the user added the monitoring content is "VSFTPD &", but the user has started the command service vsftpd start VSFTPD command will be wrong.) )


3, CPU monitoring

Monit Toggle CPU Usage monitor switch

CPU Ceil CPU Usage monitoring upper limit (write report higher than this value)

CPU Floor CPU Usage monitoring lower limit (write report below this value)

[Test Method]

After you set up your watch range, and then turn on the monitor switch, you can view the report file with the following command

Tail-f/etc/safedog/monitor/cpumonit.txt


4, Memory Monitoring

Monit Toggle Memory Usage monitor switch

Memory use Ceil memory usage monitoring upper limit (write report higher than this value)

Displays the system's current memory usage and amount of idle

[Test Method]

After you set up your watch range, and then turn on the monitor switch, you can view the report file with the following command

Tail-f/etc/safedog/monitor/memorymonit.txt


5, Disk Capacity Monitoring

Partition monitored disk partitions, such as/DEV/SDA1

Ceil the maximum amount of disk capacity that is monitored (above this value write report)

Lower limit of disk capacity monitored by Floor (write report below this value)

Interval monitored disk capacity reporting interval value (write report when the increase or decrease is greater than this value)

[Test Method]

After you set up your watch range, and then turn on the monitor switch, you can view the report file with the following command

Tail-f/etc/safedog/monitor/ diskvolumemonit.txt


6, file Backup

File absolute path that files need to back up

Target directory for backup directory

Backup size when the file size that is monitored exceeds this value, the file is compressed and backed up to the backup directory while the original file is emptied

[Test Method]

After you set up the monitoring path and backup, turn on the monitor switch, and when the file size exceeds the set value, you can check the target directory of the backup and the contents of the files being monitored.


7, TCP Listening Port

Displays the TCP port on which the current system is listening and the corresponding address, process ID, and process name.




Application settings


1, iptables

Displays the current list of rule sets for iptables and the default policy (policy) for the rule chain.

You can add some simple rules to the input chain or output chain in iptables, including protocol type (TCP/UDP), source address, source port, destination address, destination port, behavior, etc.

[Test Method]

After adding the appropriate rules through the software, test to test the appropriate rules through the network to be effective.

Attention

The setting of the iptables is lost after the reboot through the software.

2, vsftpd

Make some simple configuration of vsftpd that have not been configured in the system.

Anonym enable anonymous users to log on

Anonym Upload whether to allow anonymous users to upload permissions

Anonym make Directory allows anonymous users to establish folder permissions

Anonym root path for anonymous user

Local user enable Log on

Write enable writes permission is allowed, some switches affect all operations that require write permission

FTP Start start Stop FTP service

FTP Restore default initialization or revert defaults configuration, first entry must be initialized first

[Test Method]

Start VSFTPD After the configuration is complete, and then access the FTPD Server test configuration entry for this computer over the network.

Enter on the browser

ftp://Server ip/

Accessing the FTP server

Attention

The software can only be simple to configure VSFTPD, if more complex settings are required, please refer to the VSFTPD manual to edit the configuration file directly. When you use this feature, you must first start the FTP Restore Default feature, initialize the configuration, and after initialization, VSFTPD configuration information is lost, and the anonymous user's root directory is set to/srv/ftp and/srv/ftp/ The upload directory is an upload directory for anonymous users. The relevant settings can also be modified through the software. After the software configuration is complete, to use the configuration to take effect, you need to shut down the service and reopen the service (that is, restart the service) in "FTP start" on the software interface.

3, Samba

Make some simple configuration for samba that has not been configured in the system.

Path to Share Directory path shared folder

Share Write Enable Anonymous writes permission for shared folders

Samba Start start stop sharing

Samba Restore Default Initializes a configuration file that must be initialized the first time it is entered

[Test Method]

Start Samba After the configuration is complete, and then access the native's Samba shared folder through the network to test whether the configuration entry takes effect.

Enter on the browser

\ server Ip\

Accessing the Samba shared server

Attention

Refer to VSFTPD considerations.



software Uninstall


Execute the command in the previously extracted safedog_1.0.0.tar.gz directory:

./uninstall.sh

Can.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.