How to manage a Linux server? Our Linux admins explain
These days, you can get a server from AWS or Google Cloud within 1 hour.
The trouble is, these servers will have Linux as the operating system by default, which is a tough nut to crack for people who are familiar only with Windows or iOS.
Here at Bobcares, we help web hosts and other online businesses manage their Linux servers through our Server Management Services.
Today, we’ll take a quick look at broad areas we cover in Linux Server Management, and what exactly we do.
Why manage your Linux server?
You don’t “manage” your washing machine or dishwasher. How is a server different? Why do you have to manage it?
Servers store critical business information, and handles millions of transactions per week. Unlike a washing machine, a server crash or hack can potentially mean thousands or even millions of dollars worth of damage.
Regular maintenance and updates are the way to avoid an issue. There are four goals of Linux server management.
- Security – Ensure that the server data is always secure against the latest kinds of attacks.
- Performance – Make the server capable of handling spikes in traffic and a growth in traffic over time.
- Uptime – Make the server resilient to server faults, and quickly react in case something goes wrong.
- Features – Ensure the latest features and capabilities are available in the server so that the business retains an edge in the market.
How to manage a Linux server
Server management includes hundreds of different activities like server load monitoring, capacity forecast, security patching and more.
So instead of burdening you with a super long list, we’ll classify the activities into 7 broad areas, and then explain what we do in each of them.
1. Periodic security updates and emergency patching
Perhaps the most important of all activities is periodic updates.
Vendors like RedHat, Debian, SuSe and Ubuntu release patches for vulnerabilities all the time, and it needs to be applied as soon as possible – never later than 24 hours.
This alone will protect the server from hacks and data theft.
Then there’s the case of software vulnerabilities exposed before the vendors are able to release a patch.
In such cases, quick mitigation action is required that will prevent an exploit (like disabling a vulnerable function), until an official patch is available.
We setup alerts in our customer’s servers so that our team of engineers become aware of a pending update as soon as it is released. We usually patch the servers within a few hours, but never later than 24 hours.
We also monitor security channels for new vulnerability disclosures. When we detect an unpatched exploit making rounds, we proactively patch servers under our care within hours to prevent a security incident.
2. Firewall & other security software maintenance
Equally important as security updates is the maintenance of security software like firewalls, anti-malware, brute force detectors, and more.
Many server owners think that security tools, once set will work well their whole life.
You need to update it with the latest malware databases, update detection settings based on new attacks, upgrade (and even replace) the tools to deal with new threats, and tweak it periodically to make sure legitimate users are not affected.
Tools like web application firewalls (eg. mod_security), anti-virus, anti-spam and anti-malware release signature updates periodically to detect new virus updates.
We setup our customers servers to update these databases automatically, and manually audit the settings & proper functioning of these tools every couple of week.
This ensures that our customer servers remain capable of blocking any new virus making the rounds.
3. Resource usage monitoring & optimizing performance
Databases grow in size, application code becomes more complex over time, and traffic to the server can increase year after year.
All this changes resource utilization in a server, and if left unchecked, it can cause resource bottlenecks, sluggish servers, and server crashes.
That is why it is important to monitor the resource usage in the server 24/7, and periodically tweak the service settings to improve performance.
Our Linux experts monitor the server’s vital signs like CPU usage, Memory usage, I/O usage, etc. 24/7.
If the usage seems to be on an increasing trend, we login to the server, find the resource hogging process, and remove the bottleneck before server users are affected.
Then every few weeks, we audit the performance of each service (eg. Web, Database, Application, etc.) and tweak the settings or increase server resources to keep the server super fast.
4. User accounts & server data management
Unmaintained applications and old user accounts pose a server security threat.
Attackers can perform brute force attacks or run many exploits without detection, and gain entry into the server.
That is why it is important to remove old accounts periodically, and secure existing accounts with strong passwords, and other authentication methods.
We configure strict limits for users that includes disk quota, password strength, password expiry, access limits and more that prevents one user from ever accessing the data of another, or one user’s applications hogging all server resources.
Every few weeks we audit user accounts and disable old accounts, delete old files and remove all access privileges so that the server is trim and secure.
Finally, we keep an eye on the server log files, and remove any that are older than a couple of months. This prevents the server from running out of space.
5. Server & service upgrades
Every business needs the latest technology to compete in the marketplace.
Linux releases new server versions every couple of years and updates service packages every few months.
Applying these updates as soon as they are available will help you stay current, and avoid costly full application revamps in the future.
We upgrade server and service suites such as PHP, Apache, MySQL, etc. in our customer servers as soon as they are available.
This at times results in software conflicts (between old & new versions).
We resolve them by either running the old version in parallel temporarily, or upgrading the depending applications along with the service suites.
6. 24/7 monitoring and emergency rescue
The most failure prone component in a server is its hard drive, followed by the network card and the power supply unit.
By carefully monitoring the hardware health, you can detect early signs of failure, and schedule a preventive maintenance during non-business hours.
That is why it is a good idea to have server experts monitor your server 24/7, and undertake rescue or maintenance operations when an issue is noted.
We monitor a wide range of server metrics that include RAID health, CPU temperature, HDD errors, server load, and more that can indicate abnormal behavior in our customer’s servers.
It helps us detect trouble way before it happens, and prevent it through scheduled maintenance.
It also helps us react swiftly and restore services during critical server events such as DoS attacks, sluggish performance and more.
7. Disaster recovery readiness using backups
Despite all our efforts, servers can still fail due to hardware failures, man made errors or even malicious attacks.
Which is why it is important to take daily backups, store it in a remote location and test the backups periodically.
We monitor backup process everyday. If it fails for any reason, we fix the issue (eg. low disk space), and make sure the backup is completed successfully.
Then every week, we randomly test the backup archives to verify if they are intact, and if the data are not corrupted.
This helps us be 100% sure that we have a fully working recent backup to build a new server in case of a catastrophic server crash.
Proper maintenance of your Linux server will ensure high uptime, rock solid security and blazing fast access speeds. Today we’ve sen the top 7 areas of activity to keep a Linux server business ready.