Nine tasks that the system administrator should perform on a regular basis

BKJIA selection] Today, Linux releases are easy to install and get started. Even an inexperienced system administrator can establish necessary services and complete executable programs within several hours.

BKJIA is recommended for editing: SA, xianshen and installation male: What is O & M work like?

Unfortunately, Getting Started easily masks the maintenance work that needs to be done, which is necessary to maintain system stability and keep the system in a good working order for a long time. A single server can usually run for a long time without human intervention. However, the premise is that all other bits and blocks must be configured in advance.

The worst thing about this list is that you may not have done it for months or years. If you ignore any of these things, they will come back at the worst of the time: such as traffic peaks, Hard Drive crashes, or hacker attacks. What should the Linux System Administrator do every day? We will summarize this for you.

Nine tasks that the system administrator should perform on a regular basis-Configuration Management

I started with configuration management because it is very different from other items in this list. This is not important to a single server, but if you have many systems, this is crucial. Configuration management tools such as Puppet and Chef allow you to write 'referes' to define how servers should be put together. Those 'reduces' can run on each server to generate a consistent and easy-to-copy installer. This allows you to immediately start a new copy of the system, which can provide a great degree of freedom for your installation.

Configuration Management is done, but it adds initialization complexity to the server installer, so if you are timid, you don't have. However, even if there are only two or three servers, the benefits are enormous.

Nine tasks that the system administrator should perform on a regular basis-Backup

This is obvious, and most system administrators will do some work in this regard. If you do not have a reliable backup policy, you need to adjust it immediately. Even if you wait for only one day, the consequences may be disastrous. At the same time, please make sure that you have backed up correctly, because the backup is easy to do wrong. Mozy, Carbonite, backblze, and other tools have made great progress in At-home backup, but similar Linux solutions are far from mature. Rsync, tar, and similar script tools have been very popular and are also a viable alternative, but you must be careful to adapt to special situations like MySQL databases. Each person has different backup requirements, so no matter what solution you choose, you should also carefully study its potential shortcomings. The solution you selected should be:

◆ Regular operation

◆ Maintain multiple rounds of backup

◆ Automatic deletion of old backup

◆ Store backups outside your current operating system

◆ Maintain the same security as your original data

◆ Merge all the key data, replace the key configuration file with the server, and then start and run anything the system may need), and recent logs

The system administrator should perform nine tasks on a regular basis-test your backup

What follows the backup plan is to test it. This means regularly checking whether the backup is ongoing, whether the generated files are valid and not damaged, and whether they include all the data you need. A good rule of thumb is that if your backup is rotated every 30 days, you should recheck them frequently. Here, the automation tool can help you automatically check whether the backup file is up-to-date, reasonable, and valid ). Even so, nothing can replace human eyes ...... Otherwise, when you find that you have not backed up the data you think you have backed up, you will have to cry.

BKJIA recommended topics: Linux system backup-operation practices and tools

Nine tasks that the system administrator should perform on a regular basis-log Rotation

In recent years, Ubuntu, RedHat, and other major releases have greatly improved the running and configuration of the logrotate packages they provide. Therefore, it is quite reasonable that your apache and mysql logs can be properly rotated by default, although it may not be your desired method ). However, you need to create its own logrotate entry for the "Extra" items you add, such as the Rails application. Missing this step will cause countless server errors with "hard drive full" at the most inappropriate time. Of course, you usually don't even know that your logs cause this problem. In this case, resource monitoring is the key.

BKJIA: Linux Server-Log

Nine tasks that the system administrator should perform on a regular basis-Resource Monitoring

Tracking CPU, memory usage, hard disk space, bandwidth, and so on can give you a better insight into your system status. When traffic increases, you can compare your memory or IO usage to plan your scaling in advance ". RRDTool/Munin, ServerDensity, and Cloudkick are good choices to observe the data that changes over time. If you choose an alert feature that includes a process that is out of control of unexpected changes, the drive is full, and so on), you will be one step ahead of any potential problems.

Nine tasks that the system administrator should perform on a regular basis-Process Monitoring

It is critical for your website to keep your Apache, MySQL, and similar processes running. There are several good tools, such as Monit and God, that can help you ensure that your process is always running. By checking process responsiveness, opened ports, or process IDs, tools can restart a dead service or terminate an out-of-control process before causing your entire system to crash. It is difficult to configure rules for this matter, but when everything is done well, it can save a lot of downtime at three o'clock a.m.

BKJIA recommended topics: exhibition hall for Linux monitoring tools

Nine tasks that the system administrator should perform on a regular basis-security reinforcement Hardening)

Hardening includes many different operations that can make your stock system safer. Many simple operations are often missed. Do you really know what every one of those running processes has done? What additional ports and services are opened on your system? Is there a suitable PAM module for security authentication? Once again, RedHat and Ubuntu are at the forefront of the age, providing a secure stock system and ensuring that the most common software packages comply with the correct security protocols. However, this does not mean you can skip this step.

Nine tasks that the system administrator should perform on a regular basis-Security Updates

Secure update is easy to execute on an apt or RPM-based system. The trap in this process is that it is difficult to know whether the upgrade package will cause some types of errors in your stack. To know exactly how the upgrade package will affect your system, it is the only good way to have a simulated server with the same configuration. Fortunately, the troubles caused by security updates are rare. Fixing the compatibility of an update requires downtime, which is much less risky than exploiting a known security vulnerability on your system. Therefore, do not let "not knowing" prevent you from performing the correct upgrade. Finally, not every security vulnerability can be immediately installed with a patch. Viewing the available alerts on the CVE dictionary allows you to take the initiative to keep your system secure before patches are available. To ensure that everything is smooth and up-to-date, there is nothing to replace the human eye in this regard.

Nine tasks that the system administrator should perform on a regular basis-log monitoring/security scanning/Intrusion Detection

All items in this list must be completed to a minimum. They are easy to forget until your system has been infiltrated, and you may not think of them. Continuous scanning of abnormal activities, hacker attacks, and other malicious behaviors is very important to help prevent or mitigate attacks.

BKJIA recommended reading: Cao jianghua interview transcript: Linux server security policy details

Summary

This is certainly not a complete list, but it is also very extensive. Many developers and system administrators only have no time, interest, or knowledge to process them. Even worse, many development projects are handed over to customers, and once the technical team migrates to another project, these customers will not be able to handle these tasks.

Original article: http://www.roundhousesupport.com/blog/9-things-you-should-be-doing-with-your-server-but-probably-arent

Note: RoundHouse is a foreign it o & M outsourcing service provider .)

Bkjia.com: the source and the source of the original article are reprinted on the Cooperation site .]