linux系统的管理员
My recent post on benchmarking Linux system security generated a question about my procedures for maintaining Linux system health. Aside from some specific procedures based on special needs of some clients, I have noted a few odd tasks and then broken down my routine in a daily, weekly and monthly schedules.
我最近发布的有关基准测试Linux系统安全性的文章引发了一个有关我维护Linux系统健康状况的过程的问题。 除了基于某些客户特殊需求的一些特定程序外,我还注意到了一些奇怪的任务,然后按每天,每周和每月的时间表细分了我的日常工作。
There are a few things I only do on occasion such as quarterly user audits, house cleaning on administrative storage directories (downloads, patches, odds and ends) and quarterly backup restore tests. The latter every administrator should do at least twice annually – literally testing a restore from tape, disc or online storage to insure your backup processes are working properly.
我仅偶尔执行一些操作,例如季度用户审核,清理管理存储目录上的房屋(下载,补丁,零头)和季度备份还原测试。 后者每个管理员每年至少应执行两次-从字面上测试从磁带,磁盘或在线存储进行的还原,以确保备份过程正常运行。
One final quarterly tasks is flushing old Apache access logs, where applicable, off of the backup server as some of them chew up gigabyte after gigabyte of space.
最后一个季度任务是将旧的Apache访问日志(如果适用)从备份服务器中清除掉,因为其中一些会在数GB的空间后占用1 GB的空间。
As some background, a majority of the Linux servers I manage are not all in my own data center or from one client by spread all over in different environments. I still have managed to maintain a limited number of operating system builds and configurations so I do not create chaos as a system administrator. I also spend most of my time hardening a Linux box via iptables, setting up verbose logging and tightening apps like Apache, SSH, mail servers, ftp and others at the outset of its deployment.
在某些背景下,我管理的大多数Linux服务器并非全部位于我自己的数据中心中,也不是来自一个客户端(分布在不同环境中)。 我仍然设法维护了数量有限的操作系统内部版本和配置,因此我不会以系统管理员的身份造成混乱。 我还大部分时间都在通过iptables加固Linux系统,设置冗长的日志记录并在部署一开始就加强了诸如Apache,SSH,邮件服务器,ftp等应用程序的使用。
My daily routine is pretty straightforward and includes cursory log reviews for iptables, system logs, mail, web, ftp and ssh. I generally query all of the mail servers for what is in queue (usually garbage spam but every once in a while a legitimate lost message). In qmail this is very easy via qmailctl on the command line and a handy Perl script that shows mail headers in the queue.
我的日常工作非常简单,包括对iptables,系统日志,邮件,Web,FTP和SSH的粗略日志审查。 我通常会在所有邮件服务器中查询队列中的内容(通常是垃圾邮件,但偶尔会丢失合法的邮件)。 在qmail中,通过命令行上的qmailctl和一个方便的Perl脚本(在队列中显示邮件头),这非常容易。
Aside from the expected daily tasks that run in cron on a majority of production Linux servers, I have some custom cron jobs I check in on that handle hot online backups via rsync, some mail tasks, scripts specific to clients, bandwidth use measurements and a Tripwire log.
除了在大多数生产Linux服务器上在cron中运行的预期日常任务之外,我还检查了一些自定义cron作业,这些作业通过rsync处理热在线备份,一些邮件任务,特定于客户端的脚本,带宽使用度量以及Tripwire日志。
Weekly I set aside some time to again check some system and client logs to be sure all is running smoothly, numerous automated data transfers and a glance at my own database of SSL certs, domain name and hosting contract dates. It is this weekly window when I also take time to investigate deeper into any flaky log entries like penetration attempts and other possible malicous attack attempts. If anything substantive comes from the research I report to the corresponding ISP the source IP originates from.
每周,我都会抽出一些时间来再次检查一些系统和客户端日志,以确保一切正常运行,进行大量自动数据传输,并浏览一下我自己的SSL证书,域名和托管合同日期数据库。 在这个每周的窗口中,我还需要时间来更深入地研究任何片状日志条目,例如渗透尝试和其他可能的恶意攻击尝试。 如果研究中有实质性内容,我会向相应的ISP报告来源IP。
I also set aside a weekly slot to run down the various security and vulnerability emails received and RSS feeds or web sites I monitor (aside from of course the red alert emails that I respond to on demand for patching).
我还预留了一个每周的时间来处理收到的各种安全性和漏洞电子邮件以及我监视的RSS源或网站(当然,红色的警报电子邮件会根据需要进行修补)。
Finally, on a monthly basis I insure the log rotation occurs across the boxes I manage and take a closer look at backup logs. Finally I usually run some utilities monitoring disk space, review ‘top’ and ‘mytop’ logging done to file at various times throughout the previous month and perhaps runs rootkit checks.
最后,我确保每月进行一次日志轮流管理,并仔细查看备份日志。 最后,我通常运行一些实用程序来监视磁盘空间,在上个月的不同时间查看对文件进行的“ top”和“ mytop”日志记录,并可能运行rootkit检查。
Of course this is not completely all inclusive as there are proprietary client specific tasks, but reflects that keeping a Linux server(s) healthy entails building it right, knowing what is going on and keeping a system current.
当然,这并不完全包含所有内容,因为有专有的客户端特定任务,但是反映出保持Linux服务器的健康需要正确构建它,了解正在发生的事情并保持系统最新。
If one has the flexibility, it is ideal to have at least one development Linux server so you can run quick tests of patches, updates and so on for your environments (I dupe a production box to an internal Linux server running a 10.5.x.x non-public IP and test for my own needs). This allows you to react quickly to emergency updates and still test so no production services are broken by it.
如果有灵活性,那么至少要有一台开发Linux服务器是理想的,这样您就可以针对您的环境运行补丁程序,更新等的快速测试(我将生产机器复制到运行10.5.xx的内部Linux服务器上)。 -公共IP并测试我自己的需求)。 这使您可以快速响应紧急更新并进行测试,因此不会破坏生产服务。
Perhaps most important, my final monthly activity is sending out invoices! ;>)
也许最重要的是,我最后的每月活动是发送发票! ;>)
翻译自: https://www.sitepoint.com/linux-system-administrators-schedule/
linux系统的管理员
扫一扫
1414
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
