Solved

General Linux (CentOS) and Apache Questions

Posted on 2013-11-20
3
663 Views
Last Modified: 2013-11-26
Firstly please excuse my lack of knowledge - I'm from a Microsoft Background, so I'm on a steep learning curve.

1. My server has SSH Access, would it be considered 'best practice' to remove SSH access and have a different user for shell access then either su to root or make them add them to the sudoers?

 a. If so how do you remove ssh access form the root account?
 b. Also how do I check which other usernames/accounts have ssh access and remove those rights?

2. I've been told that Apache out of the box will need some 'tweaking' to accept a lot of connections etc? what needs to be done? (of do you have a link to a good article).

3. When setting up a Linux box to serve my website (and ultimately my mail server, but that can wait), what typical errors am I bound to make?

Thanks in advance

Pete
0
Comment
Question by:Pete Long
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 36

Assisted Solution

by:Kimputer
Kimputer earned 250 total points
ID: 39662143
0
 
LVL 62

Accepted Solution

by:
gheist earned 250 total points
ID: 39662548
1. You can limit access to SSH using tcp wrappers (man hosts.allow) or sshd configuration (man sshd_config) either way take care to not lock out yourself i.e. check if you still can make new connection.
a. in /etc/ssh/sshd_config add line or change existing PermitRootLogin without-password
probably you might want to confirm public key auth works beforehand. manual has more options, usually you need a user in wheel or sudo group to become root after
b. all have the access if they have password set. You can allow ssh connections based on system group membership

2. you might want to change from httpd.prefork to httpd.worker (/etc/sysconfig/httpd)
then you might need EPEL repository to get multithreaded versions of server modules
nginx is even smaller and faster

3. Apache: make one huge unmaintainable conf file, allow apache more access than needed
Apache: get familiar with yslow, pagespeed etc content analysis tools
Mail: read about open relays and DNS setup before forwarding your first mail
CentOS: compiling your own package when system provides good and supported one
CantOS: start from "minimal server" install template. The very minimal template expects you to configure network manually
0
 
LVL 57

Author Closing Comment

by:Pete Long
ID: 39679265
Thanks All
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

1. Introduction As many people are interested in Linux but not as many are interested or knowledgeable (enough) to install Linux on their system, here is a safe way to try out Linux on your existing (Windows) system. The idea is that you insta…
The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question