?
Solved

General Linux (CentOS) and Apache Questions

Posted on 2013-11-20
3
Medium Priority
?
673 Views
Last Modified: 2013-11-26
Firstly please excuse my lack of knowledge - I'm from a Microsoft Background, so I'm on a steep learning curve.

1. My server has SSH Access, would it be considered 'best practice' to remove SSH access and have a different user for shell access then either su to root or make them add them to the sudoers?

 a. If so how do you remove ssh access form the root account?
 b. Also how do I check which other usernames/accounts have ssh access and remove those rights?

2. I've been told that Apache out of the box will need some 'tweaking' to accept a lot of connections etc? what needs to be done? (of do you have a link to a good article).

3. When setting up a Linux box to serve my website (and ultimately my mail server, but that can wait), what typical errors am I bound to make?

Thanks in advance

Pete
0
Comment
Question by:Pete Long
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 36

Assisted Solution

by:Kimputer
Kimputer earned 1000 total points
ID: 39662143
0
 
LVL 62

Accepted Solution

by:
gheist earned 1000 total points
ID: 39662548
1. You can limit access to SSH using tcp wrappers (man hosts.allow) or sshd configuration (man sshd_config) either way take care to not lock out yourself i.e. check if you still can make new connection.
a. in /etc/ssh/sshd_config add line or change existing PermitRootLogin without-password
probably you might want to confirm public key auth works beforehand. manual has more options, usually you need a user in wheel or sudo group to become root after
b. all have the access if they have password set. You can allow ssh connections based on system group membership

2. you might want to change from httpd.prefork to httpd.worker (/etc/sysconfig/httpd)
then you might need EPEL repository to get multithreaded versions of server modules
nginx is even smaller and faster

3. Apache: make one huge unmaintainable conf file, allow apache more access than needed
Apache: get familiar with yslow, pagespeed etc content analysis tools
Mail: read about open relays and DNS setup before forwarding your first mail
CentOS: compiling your own package when system provides good and supported one
CantOS: start from "minimal server" install template. The very minimal template expects you to configure network manually
0
 
LVL 57

Author Closing Comment

by:Pete Long
ID: 39679265
Thanks All
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You ever wonder how to backup Linux system files just like Windows System Restore?  Well you can use Timeshift in Linux to perform those similar action.  This tutorial will show you how to backup your system files and keep regular intervals. Note…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month10 days, 16 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question