Linux Server configuration best practices

Most of the time, beginners in Linux get confused about the things they need to consider while installing and configuring Linux server for deployments.

During Installation

  1. Opt for hardware raid. If not you can go for software raid.
  2. If possible configure Hardware raid 10. If not you can configure hardware raid 5 or  raid 1.
  3. Except boot partition, please configure LVM for every partitions.
  4. Make swap double of physical RAM size for less than 4GB and same as physical RAM for more than 4GB

After we install and configure servers, Please be aware of doing following tasks.

After Installation

 Enable ntp

  1. Sync date and time with local ntp server
ntpdate -b ntp.kijush.com.np
  1. Run ntpd service
service ntpd start
chkconfig ntpd on

Enable rsyslog

  1. Install rsyslog (if not installed)
yum install rsyslog
  1. Configure /etc/rsyslog.conf to forward log to syslog server (tcp connection)
vi /etc/rsyslog.conf

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

*.*		@@syslog.kijush.com.np

Enable SNMP

yum -y install net-snmp net-snmp-utils
  1. Configure /etc/snmp/snmpd.conf to enable snmp with desire community and access
view    systemview    included   .1.3.6.1.2.1.1
view    systemview    included   .1.3.6.1.2.1.25.1.1

# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
#       sec.name        source          community
      com2sec local     localhost       s0m3S3cur3pa55
      com2sec mynetwork 192.168.1.0/24      s0m3S3cur3pa55

##     group.name sec.model  sec.name # enable snmp version to access for the network & localhost 
 group MyRWGroup  v1        local2
 group MyRWGroup  v2c        local2
 group MyROGroup  v2c        mynetwork
 group MyROGroup  v1        mynetwork

 ##                context sec.model sec.level prefix read   write  notif
 access MyROGroup ""      any       noauth   exact      all    none   none
 access MyRWGroup ""      any       noauth   exact      all    all    all
 
 # System contact information
   syslocation Kathmandu, Nepal (edit /etc/snmp/snmpd.conf)
   syscontact Root <noc@kijush.com.np> (configure /etc/snmp/snmp.local.conf)

 * save the config and start the service -->/etc/init.d/snmpd restart

 SSH customization

  1. Disable root login for ssh
  2. Allow certain users to ssh the server
  3. Change the default ssh port to 3333

 sudo customization

  1. Create users as necessary and assign them to wheel group
  2. Allow wheel group for sudo access

Firewall customization

  1. Configure necessary firewalls to prevent from different attacks and other malicious activities.
  2. Give appropriate Host name.

    iptables: Stop Bruteforce attacks

2 thoughts on “Linux Server configuration best practices”

    1. Hi Prabin,

      Thank you for the comment.

      Yes it’s not much covered but it’s just a basic. You can email me if you have further more details.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *