If you experience any difficulty in accessing content on our website, please contact us at 1-866-333-8917 or email us at support@chicagovps.net and we will make every effort to assist you.
Maintaining a VPS is often critical. Putting in a little time & effort to do this has multiple benefits from better uptime to a lower probability of server compromise. For smaller or medium businesses, having a dedicated server admin is a luxury (though necessary). However, this need not stop you from establishing a framework for VPS maintenance. This article outlines some key housekeeping tasks you need to carve time for which would strengthen the IT side of your business. Time is money, if a task can be automated in anyway, I will also show you how.
Bugs and vulnerabilities crop up ever so often, software regularly gets patches. Sometimes, servers are not patched on time and hackers exploit this. Back in 2014, Apache servers were hit by a vulnerability which allowed hackers to execute shell commands by prefixing a string () { :; }; in the User-Agent header. Over 3000 vulnerable servers were reported by ArsTechnica. All it needed was a patch to bash often achieved by a single command on most distributions.
To update packages on your server, run one of the following commands based on your Linux flavor.
# yum -y update # CentOS/RHEL
# apt-get update && apt-get upgrade # Ubuntu/Debian
To make this a little easier for you, you can enable automatic updates
On CentOS/RHEL systems, install yum-cron
# yum -y install yum-cron
You can configure this by editing the /etc/yum/yum-cron.conf file. Some of the key flags to note
update_cmd : default is the equivalent of yum upgrade. To install only security upgrades, set the value of this to security
apply_updates : Setting this to yes, applies the update as soon as it is available (requires that download_updates be set to yes)
For Ubuntu/Debian, install the unattended-upgrades package
# apt install unattended-upgrades
The configuration is done through the file /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};
The // is a comment. This means in the above, only security upgrades are enabled. You can also bypass certain packages via the blacklist
Unattended-Upgrade::Package-Blacklist {
"nano";
};
Now that we have tackled packages, we also need to ensure that applications are upgraded regularly. Some applications such as WordPress automatically allow updates to the core. You can choose to update plugins automatically via another plugin.
System and application logs are often written into the /var/log directory. Logs are a good way to debug and resolve issues. However, it is good to remove old logs which would end up using disk space.
Install a tool called logrotate to setup how many logs you want to retain and what to do with older logs
# apt-get update && apt-get install -y logrotate # Ubuntu/Debian
# yum update && yum install -y logrotate # Centos/RHEL
Within the configuration file (/etc/logrotate.conf), uncomment the line, include /etc/logrotate.d to include all .conf files from the logrotate.d directory. This way you can control configuration by application. To setup a configuration for nginx, create a file /etc/logrotate.d/nginx.conf with the following
/var/log/nginx/* {
weekly
rotate 3
size 10M
compress
delaycompress
}
The above configuration instructs logrotate to rotate log files under the /var/log/nginx directory on a weekly basis (other options being daily & monthly). Keep only 3 logs, allow files to reach upto 10MB in size before rotating. Finally compress older log files, leave the most recent one as-is.
One of the key factors we perform a log rotate is to prevent your disk from filling up. So, you need to keep a watch on disk usage. Run df -h on your server to identify if any of the filesystems are going to run out of space. You may run out of space because you accidentally setup a backup process without catering to cleaning up old archives. Here is the output from one of my servers. Things are looking good
Filesystem Size Used Avail Use% Mounted on
/dev/ploop40670p1 40G 8.5G 30G 23% /
none 252G 0 252G 0% /sys/fs/cgroup
none 252G 0 252G 0% /dev
tmpfs 2.0G 0 2.0G 0% /dev/shm
tmpfs 2.0G 46M 2.0G 3% /run
tmpfs 410M 0 410M 0% /run/user/920
tmpfs 410M 0 410M 0% /run/user/0
tmpfs 410M 0 410M 0% /run/user/563
If you are like me, you install a service/package for trying out something. After the test, I forget to remove the service/package. These unwanted components could be entry points for hacks or in other cases, end up hogging memory and resources on your server.
Most installations have smtp turned on by default or have the web server (apache/httpd) running. You may chose to run nginx or a different web server, uninstall the default to prevent conflicts and better resource usage.
While researching for this post, the one thing that came to mind was server restarts. From having used Windows regularly, I am used to restarting the machine ever so often after an update is installed. Linux patches don’t generally require reboots unless it is a kernel upgrade.
