Solved

General Linux (CentOS) and Apache Questions

Posted on 2013-11-20
3
660 Views
Last Modified: 2013-11-26
Firstly please excuse my lack of knowledge - I'm from a Microsoft Background, so I'm on a steep learning curve.

1. My server has SSH Access, would it be considered 'best practice' to remove SSH access and have a different user for shell access then either su to root or make them add them to the sudoers?

 a. If so how do you remove ssh access form the root account?
 b. Also how do I check which other usernames/accounts have ssh access and remove those rights?

2. I've been told that Apache out of the box will need some 'tweaking' to accept a lot of connections etc? what needs to be done? (of do you have a link to a good article).

3. When setting up a Linux box to serve my website (and ultimately my mail server, but that can wait), what typical errors am I bound to make?

Thanks in advance

Pete
0
Comment
Question by:Pete Long
3 Comments
 
LVL 35

Assisted Solution

by:Kimputer
Kimputer earned 250 total points
ID: 39662143
0
 
LVL 62

Accepted Solution

by:
gheist earned 250 total points
ID: 39662548
1. You can limit access to SSH using tcp wrappers (man hosts.allow) or sshd configuration (man sshd_config) either way take care to not lock out yourself i.e. check if you still can make new connection.
a. in /etc/ssh/sshd_config add line or change existing PermitRootLogin without-password
probably you might want to confirm public key auth works beforehand. manual has more options, usually you need a user in wheel or sudo group to become root after
b. all have the access if they have password set. You can allow ssh connections based on system group membership

2. you might want to change from httpd.prefork to httpd.worker (/etc/sysconfig/httpd)
then you might need EPEL repository to get multithreaded versions of server modules
nginx is even smaller and faster

3. Apache: make one huge unmaintainable conf file, allow apache more access than needed
Apache: get familiar with yslow, pagespeed etc content analysis tools
Mail: read about open relays and DNS setup before forwarding your first mail
CentOS: compiling your own package when system provides good and supported one
CantOS: start from "minimal server" install template. The very minimal template expects you to configure network manually
0
 
LVL 57

Author Closing Comment

by:Pete Long
ID: 39679265
Thanks All
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question