Security settings for Web-Dedicated Servers _ security settings

Source: Internet
Author: User
Tags error code mssql parent directory php and system log file permissions knowledge base disk defragmenter
Related Settings for IIS:
Delete the default established site virtual directory, stop the default Web site, delete the corresponding file directory c:inetpub, configure all the site's public settings, set the relevant number of connection limits,

Other settings such as bandwidth settings and performance settings. Configures application mappings, removes all unnecessary application extensions, and retains only asp,php,cgi,pl,aspx application extensions. Right

In PHP and CGI, it is recommended to use ISAPI parsing, and EXE parsing has an impact on security and performance. User program debug Settings send text error message to customer. For databases, try to pick

With the MDB suffix, you do not need to change to ASP, you can set up an MDB extension mapping in IIS to use this mapping with an unrelated DLL file such as C:winntsystem32inetsrvssinc.dll

To prevent the database from being downloaded. Set the log Save directory for IIS, and adjust logging information. Set to send text error messages. Modify the 403 error page and turn it to another page to prevent

Stop the detection of some scanners. In addition, to hide system information, prevent the system version information that is leaked from telnet to port 80 to modify IIS banner information, you can use Winhex to manually modify or

The person uses the related software such as Banneredit to revise.
For the directory where the user site is located, here is a description of the user's FTP root directory corresponding to three files good, wwwroot,database,logfiles, respectively, storage site files, database

Backup and log of the site. If an intrusion event can set specific permissions on the directory where the user's site resides, the directory in which the picture resides is given permission to the column directory, and the program's directory

If you do not need to generate a file (such as a program that generates HTML), write permission is not given. Because it is a virtual host of the normal script security can not be nuanced to the point, more than only in the method

User elevated permissions from script:

Security Settings for asp:
After setting permissions and services, prevent ASP Trojan also need to do the following work, in the CMD window run the following command:
Regsvr32/u C:\WINNT\System32\wshom.ocx
Del C:\WINNT\System32\wshom.ocx
Regsvr32/u C:\WINNT\system32\shell32.dll
Del C:\WINNT\system32\shell32.dll
The Wscript.Shell, shell.application and wscript.network components can be unloaded to effectively prevent ASP Trojans from executing commands through WScript or shell.application and

Use Trojans to view some system sensitive information. Alternatively: You can cancel the permissions of the users user of the above file and restart IIS to take effect. However, this method is not recommended.
In addition, for the FSO because the user program needs to use, the server can not log off the component, here only to mention the prevention of FSO, but do not need to open space in the automatic virtual Business Server

On use, only suitable for manually-opened site. You can set up two groups for sites that require FSO and do not need FSO, and give C:winntsystem32scrrun.dll to the user group that requires the FSO

The execution permission of the file, does not need to give the permission. Restarting the server can take effect.
For such settings combined with the above permission settings, you will find that the Haiyang Trojan has lost its role here!

Security Settings for PHP:
The default installation of PHP requires the following issues to be noted:
C:\winnt\php.ini only gives users read access. The following settings are required in php.ini:
Safe_mode=on
Register_globals = Off
Allow_url_fopen = Off
Display_errors = Off
MAGIC_QUOTES_GPC = on [default is on, but need to check again]
Open_basedir =web Directory
Disable_functions =passthru,exec,shell_exec,system,phpinfo,get_cfg_var,popen,chmod
The default setting Com.allow_dcom = True is modified to remove the front before the false[modification;]

MySQL Security settings:
If the MySQL database is enabled on the server, the security settings that the MySQL database needs to be aware of are:
Delete all default users in MySQL, keep the local root account only, and add a complex password to the root user. When giving a normal user updatedeletealertcreatedrop permissions

and qualify to a specific database, especially to avoid the ability of ordinary customers to have MySQL database operations. Check the Mysql.user table to remove unnecessary user Shutdown_priv,relo

Ad_priv,process_priv and File_priv permissions that may leak more server information, including other information that is not MySQL. You can set up a startup user for MySQL,

The user only has permissions on the MySQL directory. Set permissions on the data database for the installation directory (this directory holds the MySQL database information). For MySQL installation directory for users plus read

Fetch, column directory, and execute permissions.

Serv-u Security Issues:
The installer will use the latest version as far as possible, avoid using the default installation directory, set the permissions of the Serv-u directory, and set up a complex administrator password. Modifying banner information for Serv-u

, set the passive mode port range (4001-4003)
In the local server settings to do the relevant security settings: including checking anonymous passwords, disable the scheduling of the go-ahead, blocking "FTP bounce" attacks and FXP, for 30 seconds to connect more than 3 times

Users to intercept for 10 minutes. The settings in the domain are: complex passwords are required, directories only use lowercase letters, and the advanced setting cancels the date that allows the file to be changed using the Mdtm command.
To change the startup user for Serv-u: Create a new user in the system, set a complex password, and not belong to any group. Give the user Full control of the SERVU installation directory. Establish

An FTP root directory that needs to give this user full control of the directory, because all FTP users upload, delete, change files are inherited by the user's permissions, otherwise unable to operate

File. Additionally, you need to give the user Read permission to the parent directory above the directory, or it will appear 530 not logged in, home directory does at the time of the connection.

Exist For example, when testing the FTP root directory for D:soft, must give the user D disk Read permission, in order to safely cancel other folders in D disk inherited permissions. And the general use of the default S

Ystem Startup does not have these problems, because system generally has these permissions.

Security settings for the database server

For dedicated MSSQL database servers, open only 1433 and 5631 ports, as described above, to set up TCP/IP filtering and policy. For MSSQL, you first need to set a strong

Strong password, use mixed authentication, strengthen log records of database, audit the "success and failure" of database landing events. Remove unwanted and dangerous ole automatic stored procedures (

Causes some of the features in Enterprise Manager to not be used, including the following:
sp_OACreate sp_OADestroy sp_OAGetErrorInfo sp_OAGetProperty
sp_OAMethod sp_OASetProperty sp_OAStop
Remove unwanted registry access procedures, including:
Xp_regaddmultistring Xp_regdeletekey Xp_regdeletevalue
Xp_regenumvalues Xp_regread xp_regremovemultistring
Xp_regwrite
Remove other system stored procedures, if you think there is a threat, of course, be careful to drop these processes, can be tested on the test machine to ensure that the normal system to complete the work, these processes include


xp_cmdshell Xp_dirtree Xp_dropwebtask sp_addsrvrolemember
Xp_makewebtask Xp_runwebtask xp_subdirs sp_addlogin
Sp_addextendedproc
Select the properties of the TCP/IP protocol in the instance properties. Choosing to hide the SQL Server instance prevents detection of port 1434 and modifies the default 1433 port used. Drop Guest from Database

The account excludes the unauthorized users. Exceptions are the master and tempdb databases, because they are required for their Guest account. Also note that setting up each database user's

Permissions for those users who only give some permissions to the database in which they reside. Do not use the SA user to connect to any database in your program. The network has recommended that you use the protocol encryption, do not

Do this, or you can only reload the MSSQL.

Part II intrusion detection and data backup

§1.1 Intrusion Detection work

As the day-to-day management of the server, intrusion detection is a very important work, in the ordinary detection process, mainly include routine server security routine inspection and intrusion of intrusion inspection

, which is divided into security checks during the invasion and security checks before and after the invasion. The security of the system follows the cask principle, and the cask principle refers to the following: A wooden bucket consists of many pieces of wood

Well, if the planks that make up the barrel are different in length, the maximum capacity of the barrel does not depend on the length of the plank, but on the shortest piece of wood. Applied to the security aspect, which means the department

Safety depends on the most vulnerable parts of the system, where the focus of daily safety testing is.

Daily safety Testing

The daily safety inspection is mainly aimed at the security of the system, and the work mainly follows the following steps:
1. To view server Status:
Open the Process Manager, view server performance, and observe CPU and memory usage. See if there are any exceptions, such as CPU and memory usage.
2. Check the current process situation
Switch Task Manager to the process to find any applications or background processes that are suspicious or running. When you view a process with the process manager, there's a taskmgr, this is the process tube.

The process of the manager itself. If you are running a Windows Update, there is a wuauclt.exe process. For a process that is not in doubt, or which application is open on the server,

, you can search the network for the process name to determine [process Knowledge Base: http://www.dofile.com/]. Usually the back door, if there is a process, will generally take a process with the system

Similar names, such as Svch0st.exe, should be carefully distinguished at this time [usually confusing means is variable letter O for number 0, variable letter l for Number 1]
3. Check SYSTEM Account
Turn on Computer Management, expand Local user and group options, view group options, see if a new account is added to the Administrators group, and check for a cloned account.
4. View current port opening conditions
Use Activeport to view current port connections, especially with externally connected ports to see if there are unauthorized ports communicating with the outside world. If so, close immediately

Close the port and record the corresponding program for the port, and transfer the program to another directory for later analysis. Turn on Computer Management = = "Software Environment = =" Running tasks [

Here you can see hidden processes that are not visible in the process manager], view the currently running programs, and, if there is an unknown program, record the location of the program, open Task Manager to end the process

, for the daemon using the backdoor and other programs can try to end the process tree, such as still unable to end, search the registry in the name of the program, delete the key values, switch to safe mode to delete

get rid of relevant program files.
5. Check System Services
Run services.msc, check the service in the started state, see if there is a new unknown service and determine the purpose of the service. For unclear services, open the properties of the service, check

Look at the service's corresponding executable file, if it is determined that the file is a normal use of the system files, can be roughly spared. See if there are other normal open service dependencies in this service

On, if there is, can be roughly spared. If you cannot determine whether the execution file is a normal system file and there is no other normal open service dependency on the service, you can temporarily stop the

Service, and then test that the various applications are normal. For some backdoor because of the use of the Hook system API technology, added service items in the Service Manager is not visible, then need to hit

Open the registry to find the Hkey_local_machinesystemcurrentcontrolsetservices items, by looking at the name of each service, the corresponding execution file to determine whether the back door

, Trojans and other programs.
6. View related logs
Run Eventvwr.msc to roughly check the related log records in the system. Right-click Properties on the corresponding log record while viewing, set a log filter in filter

, select only errors, warnings, and view the source and description information of the log. For errors that occur if a workaround is found in the server's common troubleshooting, the question is handled in accordance with the method

, if there is no solution to record the problem, detailed record of the event source, ID number and specific description information, in order to find solutions to the problem.
7. Check System files
Mainly check the system disk EXE and DLL files, recommend the system after installation with Dir *.exe/s >1.txt all the exe file list to save, and then each check

Then use this command to generate a copy of the current list, using FC to compare two files, and so on the DLL file to do related checks. Note that patching or installing the software will regenerate the original

The start list. Check if the related system files are replaced or if the system is installed a Trojan door and other malicious programs. If necessary, run an antivirus program to scan the system disk once.
8. Check to see if security policy changes
Open the properties of the local area connection to see if only the TCP/IP protocol is selected in general, open the TCP/IP protocol settings, click Advanced = = options, and view IP security

Mechanism is a set IP policy to see if the port allowed by the TCP/IP filter has been changed. Open the Administrative Tools = "Local Security policy" to view the IP security currently in use

Whether the policy has changed.
9. Check directory Permissions
Focus on whether the system directory and important application permissions have been changed. The directory that needs to be viewed has c:;c:winnt;
C:winntsystem32;c:winntsystem32inetsrv;c:winntsystem32inetsrvdata;c:documents and
Settings, and then check the Serv-u installation directory to see if the permissions for these directories have been changed. Check to see if some of the important files under System32 have changed permissions, including: CMD,

Net,ftp,tftp,cacls and other documents.
10. Checking for startup items
Mainly check the current boot from the program. You can use Areporter to check for a startup program.

Countermeasures to discover the invasion

For an instant-discovered intrusion event, the following are the cases where the system has been compromised, the system has not been compromised or is temporarily unaware of the damage. First, follow the above inspection steps

Check again and consider the following measures as appropriate. The following measures should be taken immediately after the system has been compromised:
The manner in which decisions are taken, depending on the circumstances, is handled either remotely or through the field. If the situation is seriously recommended for field treatment. If field processing is used, the first time that an intrusion is detected

Know the computer room shut down the server, when the processing staff rushed to the computer room disconnect the network cable, and then enter the system for inspection. If the use of remote processing, such as the case of serious first stop all application services, change I

P policy is to only allow remote management ports to connect and then reboot the server, reboot and then connect to the remote for processing, before restarting with Areporter check boot from boot

Program. And then proceed to the security check.

The following processing measures for user site intrusion but not endanger the system, if the user requirements to enhance the security of their site, you can strengthen the security of the user site as follows:

The site root----only Read permissions to the administrator, and permissions inherit.
wwwroot------Read and Write permissions to Web users. Advanced inside has delete subfolders and file permissions
LogFiles------Write permission to system.
The database------Read and Write permissions to Web users. Advanced inside does not delete subfolders and file permissions

If further modification is required, the characteristics of the user site for ordinary file storage directory such as HTML, JS, pictures folder only to read permissions, ASP and other script files to give the permissions of the above table

。 Also view the security log of the user's site, identify the cause of the vulnerability, and assist the user with patch vulnerabilities.

§1.2 data backup and data recovery

Data backup work is roughly as follows:
1. Back up system data once a month.
2. Back up the system two weeks after the backup of the application data, mainly including IIS, Serv-u, databases and other data.
3. Ensure that the backup data is secure and that these data backups are sorted and placed. Because the total backup method is basically used, the retention period for the data can be retained only for that second backup and last standby

Two copies of the data.

Data Recovery work:
1. When the system crashes or encounters other unrecoverable system normal conditions, make a backup of some of the change events that occurred after the last system backup, such as application, security policy, etc.

Restore these changes after you have completed the system.
2. Applications, and so on, with the most recent backup data recovery related content.

Part III Server performance optimization

§3.1 Server Performance Optimization

System performance Optimization
Organize system space:
Delete the system backup files, delete the drive backup, remove the unused input method, delete the system's Help files, uninstall the infrequently used components. Minimize the C-disk file.
Performance optimization:
Remove redundant boot autorun programs, reduce pre-read, reduce progress bar wait time; Let the system automatically shut down programs that stop responding; disable error reporting, but notify when a critical error occurs

; Turn off automatic Updates to manually update the computer;
Enable hardware and DirectX acceleration; disable shutdown event tracking; Disable the Configure Server Wizard; Reduce boot disk scan wait time; transfer processor planning and memory usage to application

, adjusting virtual memory, memory optimization, modifying the CPU's level two cache, and modifying the disk cache.

IIS Performance Tuning
1. Adjust the IIS cache
Hkey_local_machine\ system\currentcontrolset\services\inetinfoparametersmemorycachesize
The Memorycachesize range is from 0 4GB and the default is 3072000 (3MB). In general, this value should be set to 10% of the server memory. IIS passes cache system handles, directories

Lists and other common data values to improve system performance. This parameter indicates the amount of memory allocated to the cache. If the value is 0, that means "no caching is done

”。 In this case, the performance of the system may be reduced. If your server network traffic is busy, and you have enough memory space, you can consider increasing the value. It is important to note that the modification note

Table, a reboot is required for the new value to take effect.

2. Do not turn off system services: "Protected Storage"

3. Restricting access to traffic
A. Restrictions on the number of site visits
B. Site bandwidth limits. Keep the HTTP connection.
C. Process constraints, enter the percentage of CPU consumption

4. Improve the processing efficiency of IIS
Application settings and Application Protection Drop-down button, from the Drop-down list that pops up, select the low (IIS process) option to increase the efficiency of the IIS server handler by 20%

Around. However, this setting poses a serious security issue and is not worth recommending.

5. To set the IIS server as a stand-alone server
A. Improving the hardware configuration to optimize IIS performance
Hard disk: Hard disk space is used by NT and IIS services in the following two ways: one is simply storing the data, and the other is used as virtual memory. If you are using a ULTRA2 SCSI hard drive, you can

Significantly improve the performance of IIS
B. You can distribute the paging file of an NT Server to multiple physical disks, note that multiple "physical disks" are not available on multiple partitions. In addition, do not put the page Exchange file

In the same partition as the Windows NT boot zone
C. Using disk mirroring or disk stripe sets can improve disk read performance
D. It is best to store all the data in a separate partition. Then run the Disk Defragmenter on a regular basis to ensure that there is no fragmentation in the partition where the Web server data is stored. Using NTFS has

Help to reduce fragmentation. It is recommended that you use Norton's SpeedDisk to quickly organize NTFS partitions.

6. With HTTP compression
HTTP compression is a way to transfer compressed text content between a Web server and a browser. HTTP compression uses a common compression algorithm such as gzip compression HTML, JavaScript, or CSS files. Can

Use Pipeboost to set it up.

7. To recycle a resource
Use IIS5Recycle to periodically recycle process resources.

Troubleshooting Common §3.2 Servers

1. ASP "Requested resources in use" solution:
This problem is generally related to anti-virus software, installed on the server personal version of antivirus software. This error can be resolved by uninstalling the antivirus software or by trying to re-register VBSCRIPT.DL

L and Jscript.dll to resolve, run at the command line: regsvr32 vbscript.dll and regsvr32 jscript.dll.

2. ASP500 Error Resolution:
First determine whether the problem is a single site exists or all sites exist, if the problem is a single site, the site is the problem of the program, you can open the site error prompts, ie

The "Show friendly HTTP Error" message is canceled, view the specific error message, and then modify the associated program. If this problem exists for all sites, and the HTML page does not appear,

Related log appears the server could not load application '/lm/w3svc/1/root '. The error is ' do not support this interface '. That's ten to one. asp-related components in the server system

There is a problem, restart the IIS service, try to resolve the problem, unable to resolve the reboot system attempt to resolve the problem, such as the inability to fix the ASP components can be repaired

: First delete Three things about IIS in a COM component, and you need to first remove the "Prohibit deletion" check in the advanced in the attribute.
Command line, enter the "CD winnt\system32\inetsrv" string command, click the ENTER key, then execute the rundll32 wamreg.dll,createiispackage command, and then

Then execute the "regsvr32 asptxn.dll" command, "iisreset" command, and finally restart the computer operating system, so that the IIS server will be able to respond correctly to the ASP script

Page.

3. IIS appears with 105 errors:
In the system log the server was unable to register the Administration tool discovery information. Administrative tools may not see this server source: W3SVC id:105
WORKAROUND: Reinstall the NetBIOS Protocol in the network connection, and then cancel the check out after the installation is complete.

4. MySQL Service failed to start error code 1067 workaround
Start the MySQL service will be in the middle of the error! Content is: Unable to start MySQL service on local computer error 1067: Process aborted unexpectedly.
Workaround: Look for the My.ini file in the Windows directory, edit the content (if there is no file, create a new one), at least
Basedir,datadir these two basic configurations.
[Mysqld]
# set Basedir to installation path, e.g., c:/mysql
# set to MySQL installation directory
Basedir=d:/www/webserver/mysql
# set DataDir to location of data directory,
# e.g., C:/mysql/data or D:/mydata/data
# set to MySQL data directory
Datadir=d:/www/webserver/mysql/data
Note that I have also experienced this problem when I change the system's temp directory without giving the user permission to the changed directory.

5. DLLHOTST process consumes CPU 100% problem
Server normal CPU consumption should be below 75%, and CPU consumption should be up and down, the server with this problem, the CPU will suddenly be at 100% level, and will not drop.

Viewing Task Manager, you can find that DLLHOST.EXE consumes all the CPU idle time, in which case the administrator has to restart the IIS service and, strangely, restart IIS

Everything is fine after the service, but it may be some time before the problem comes up again.
Direct reason:
One or more Access databases are corrupted during multiple reads and writes, and the MDAC system is in block state when writing to this corrupted access file, resulting in other threads having to wait only

IIS is deadlocked, and all CPU time is consumed in dllhost.
Solution:
Download the database locally, and then use access to open the repair operation. and upload it to the website. If not, just create a new Access database and then guide it from the original database

into all tables and records. Then upload the new database to the server.

6. Windows Installer Error:
"You cannot access the Windows Installer service when you install the software." Maybe you run Windows in Safe mode, or Windows Installer does not have the correct Ann

Loaded Please contact your support for help. If you try to reinstall InstMsiW.exe, you are prompted: "The specified service already exists."
Solution:
For installer errors, there may be other error prompts to try the following solutions:
First confirm whether is the permission aspect question, the prompt information may provide the related information, if is the permission question, gives the Winnt directory everyone permission to be able to [installs the authority to change back to be able

]。 If you are prompted with this information, you can try the following workaround: Run "msiexec/unregserver" Uninstall windows

Installer service, if you cannot uninstall, you can uninstall using SRVINSTW, and then download windows

Installer Installer [address: Http://www.newhua.com/cfan/200410/instmsiw.exe], extract the file with WinRAR, find MS in the unpacked folder

I.inf file, right-click to select Install, restart the system and run "msiexec/regserver" to re-register the Windows Installer service.

Part IV Server Management

§4.1 Server daily Management arrangement

Server management must be disciplined, especially when there is not only one administrator, but the day-to-day management of the work includes:
1. A timed reboot of the server. Each server is guaranteed to reboot once a week. After reboot to review, confirm that the server has been started, to confirm that all services on the server are restored

Re normal. Measures should be taken in cases where the failure to start up or the service fails to recover in time. The former may request the trustee's related staff to help the manual reboot, if necessary, may request

Let the monitor on the connection confirm that it is started, and the latter requires a remote login on the server for cause lookup and tries to recover the service based on the reason.
2. Server security, performance check, per server at least two times a week to make a rough check two times. The results of each inspection are required to be registered. If you need to use some tools to check

Check, you can find the relevant tools directly in the E:tools. For the temporary need to look for tools from the network, first of all, ie security level to high, and then on the network to find, do not DeMatha

Unknown site download, as far as possible to choose such as Huajun, Sky and other large Web sites to download, after downloading to ensure that the current anti-virus software has been upgraded to the latest version, upgraded after the download of the software to carry out a

Second anti-virus, confirm the normal use of the rear. For new tools that are downloaded to be used for future maintenance, save the tool under E:tools and do so in the Readme.txt file in the directory

Good records, record the tool name, function, use method. And in the folder in the RAR folder to keep a copy of the tool's WinRAR compressed file backup, set the decompression password.
3. Server data backup work, each server at least ensure monthly backup system data, system backup using Ghost Way, for ghost file fixed in e:ghost file directory

, the file name is named after the date of the backup, such as 0824.gho, each server at least guaranteed to back up the application data every two weeks, at least every month to ensure that the server backup user data, Standby

The data is fixed in the E:databak folder, the corresponding subfolder is set up for various data, such as Serv-u user data is placed under the Servu folder under this folder, the number of IIS sites

It is stored under the folder under the IIS folder.
4. Monitoring of the server, every day during normal work must ensure that all server status monitoring, once the service stopped to take appropriate measures. For discovery service stop, first check

Check that the same type of service on the server is interrupted, such as all of the same types of services have been interrupted in a timely manner to log on to the server to see the cause and try to reopen the corresponding service for that reason.
5. Server-related log operations, each server to ensure that the relevant log once a month to clean up the corresponding logs such as application log, security log, system log, etc. should be

Select Save Log. All log files are uniformly saved under E:logs, the application log is saved in E:logsapp, the System program log is saved in E:logssys, and the security log

exists in E:logssec. For other applications, the log is also processed in this way, such as the FTP log stored in e:logsftp. All of the backup log files are

Name the date of the backup, such as 20050824.EVT. For a log that is not a single file, create a date-named folder under the corresponding record location, and store the files in the text

Folder.
6. Server patches, application updates, and security updates for new vulnerabilities, applications must be put on every server at the first time of discovery

The patch.
7. The server's hidden trouble inspection work, mainly includes the security hidden danger, the performance and so on. Each server must ensure that the monthly focus is individually checked once. The results of each inspection must be well documented.
8. In the case of indefinite work, every server must be aware of all administrators because of the need to install new applications or uninstall applications, due to the application of software changes or other reasons.
9. Regular management password changes work, each server to ensure that at least every two months to change the password, for SQL Server because if SQL uses mixed authentication change the system administrator password will affect

The use of the database is not modified.

Related suggestions: Set up a server management records per server, the administrator every login system should be in this detailed record, the total need to record the following items: Login time, exit

Time, login server status [contains unknown process record, port connection status, System account status, Memory/cpu State], detailed operation record [detailed record of admin login system]

After each step of the operation]. Both remote logon operations and physical contact operations are recorded, and these records are archived according to each server, and the documents are sorted in chronological order.
It is recommended to group servers for data backup, server timed restart, for example, in four groups, to back up a set of server data every Saturday night of the month, one day a week to restart a

Group of servers, this is more convenient for the work, these belong to the fixed work. Other work can be done synchronously, such as a monthly data backup, security check, and management

Password modification work, the first data backup, and then conduct security checks, and then modify the password. For immediate actions that are required such as server patch installation, server uncertainty

These are immediate tasks, but in principle immediate work does not affect the arrangement of fixed work.

§4.2 Administrator Daily Considerations

During server management, administrators need to be aware of the following considerations:
1. Each operation should be a detailed record of their own, see the above recommendations, in order to later check.
2. Efforts to improve their own level, strengthen learning.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.