Solved

General Linux (CentOS) and Apache Questions

Posted on 2013-11-20
3
656 Views
Last Modified: 2013-11-26
Firstly please excuse my lack of knowledge - I'm from a Microsoft Background, so I'm on a steep learning curve.

1. My server has SSH Access, would it be considered 'best practice' to remove SSH access and have a different user for shell access then either su to root or make them add them to the sudoers?

 a. If so how do you remove ssh access form the root account?
 b. Also how do I check which other usernames/accounts have ssh access and remove those rights?

2. I've been told that Apache out of the box will need some 'tweaking' to accept a lot of connections etc? what needs to be done? (of do you have a link to a good article).

3. When setting up a Linux box to serve my website (and ultimately my mail server, but that can wait), what typical errors am I bound to make?

Thanks in advance

Pete
0
Comment
Question by:Pete Long
3 Comments
 
LVL 35

Assisted Solution

by:Kimputer
Kimputer earned 250 total points
ID: 39662143
0
 
LVL 62

Accepted Solution

by:
gheist earned 250 total points
ID: 39662548
1. You can limit access to SSH using tcp wrappers (man hosts.allow) or sshd configuration (man sshd_config) either way take care to not lock out yourself i.e. check if you still can make new connection.
a. in /etc/ssh/sshd_config add line or change existing PermitRootLogin without-password
probably you might want to confirm public key auth works beforehand. manual has more options, usually you need a user in wheel or sudo group to become root after
b. all have the access if they have password set. You can allow ssh connections based on system group membership

2. you might want to change from httpd.prefork to httpd.worker (/etc/sysconfig/httpd)
then you might need EPEL repository to get multithreaded versions of server modules
nginx is even smaller and faster

3. Apache: make one huge unmaintainable conf file, allow apache more access than needed
Apache: get familiar with yslow, pagespeed etc content analysis tools
Mail: read about open relays and DNS setup before forwarding your first mail
CentOS: compiling your own package when system provides good and supported one
CantOS: start from "minimal server" install template. The very minimal template expects you to configure network manually
0
 
LVL 57

Author Closing Comment

by:Pete Long
ID: 39679265
Thanks All
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my business, I use the LTS (Long Term Support) versions of Linux. My workstations do real work, and so I rarely have the patience to deal with silly problems caused by an upgraded kernel that had experimental software on it to begin with from a r…
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question