How to Properly Maintain a DA Server

N

netdynamix

Verified User
Joined
May 20, 2008
Messages
31
Location
Johannesburg, South Africa
Hi Guys,

I am calling on all of the Experts and Intermediates here...
I have been running DA servers since we migrated from Cpanel and we have been happy ever since. We have tried all sorts of other FREE control panels (of which I quite liked ispCP Omega... but it just doesnt feel as solid as good ol DA)

What we were wondering is, what is the monthly/weekly process that you should go through on your DA servers to:

- Remove Garbage/Unneeded Files
- Keep ALL Services up to Date (i.e. Apache, PHP, MySQL, SpamAssassin, etc)
- Keep Spam Protection running at it's optimal and catching most to all SPAM
- General Monthly or weekly housekeeps, etc

Anything that people can provide would help me loads.
We have only ever had one (1) successful hack on one of our DA servers, which was an exploit in an outdated version of Joomla that one of our clients had installed.

Anyways. Thanks in advance.

Chris
 
For security-related matters, that's what I do (daily, often many times a day):
  1. read security mailing lists (BugTraq: http://www.securityfocus.com/archive/1, http://www.vupen.com/english/mailing.php ...) and security websites news (http://www.milw0rm.org/, http://isc.sans.org/ ...)
  2. systems upgrades (Debian/Ubuntu: aptitude update && aptitude upgrade, RH/CentOS/FC: yum update, Gentoo: eix-sync && emerge -avuND world, ...)
  3. CustomBuild updates (cd /usr/local/directadmin/custombuild && ./build update && ./build update_versions)
  4. always know which software is running and pay attention on any known vulnerability (see point 1)
  5. related to the last point, the less software you run the better: if none of your customers use a server-wide webmail software or POP3 or phpMyAdmin or anything else, just remove it
  6. automatic daily runs of rkhunter and chkrootkit with instant and verbose Email reports (not just when there is a problem; this way you will notice when someone tries to remove/deactivate them)
  7. Login Failure Daemon (comes with CSF) blocks and reports automatically any login failure and much more

In many, many years no one ever got unauthorized access to a system under my watch. :D

About other things, like performance, you shouldn't have anything to do weekly or monthy... if your server is well configured it should run smoothly and endless without even paying attention to it.
Of course you should at least have a few graphs (like munin, or cacti, or nagios) and keep an eye on CPU/RAM/IO load, temperature, load average, number of processes, Apache/MySQL/DNS hits and traffic, disks usage, MTA throughput and queue, etc. Just be sure :)
 
Last edited:
To which I'll add that we check server email queues from time to time to make sure they're not filling with frozen emails and emails taking more than a day to clear the queue. The server will manage emails itself, but the larger the queue the longer queue runs will take.

Jeff
 
You must log in or register to reply here.
Back
Top