-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathREADME
191 lines (138 loc) · 5.16 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
Slice config: description
=========================
Overview.
This documents describes settings and installation instructions of
config and script files for a new SliceHost server.
General description of SliceConfig.
Here is a list of server types:
* base server;
* mysql server;
* RoR web server;
* PHP web server.
Adjustment of each type of a server is based on the general principles
of configuration. Various kinds of servers are built by addition of
necessary parts.
The code is located in the following git repo
[email protected]:fs/sliceconfig.git
SliceConfig contains following folders:
* config - default config files
* install - scripts for installation and adjustment of necessary
type of server;
* security - scripts to configure access rights to the services and
files, adjustment of a security system.
SliceConfig should be located by following path during installation it
on the server:
/etc/sliceconfig.
Files without public access (keys, .htpasswd files etc.) should be
located on the other server in the separate archive .tar.bz2. Access
to that archive is available through ssh.
The general set of configs.
The directory contains configs which will be applied to services
customisation on the server.
Installation of configs is carried out using scripts from the
directory
install/scripts.
After installation the original configs are renaming in the following
file name structure: filename-YYYY-MM-DD-HH:MM. If original files from
delivery sliceconfig are used they should be registered symbolical
references in the necessary directory. At change of these files, it is
desirable to remove symlink, and to make a usual copy. Changing these
files, it is recommended to remove simlink and make an usual copy.
Back up system.
This system is a set of scripts and configs for a backup of files.
Backups are built on following base: rdup, AutoMySQLBackup и
s3sync:
* rdup creates hourly backup critical files of system in the
directory /var/backups/files
* AutoMySQLBackup creates backup of mysql DB in the directory
/var/backups/mysql, if mysql stack is installed
* s3sync copies data from the following directory
/var/backups/mirror to Amazon S3
Monitoring system.
This system is a set of scripts and configs for monitoring of critical
processes on servers.
Monitoring is built on following base monit.
Monit is tracking the following statistics:
* a system state (free memory, processor loading)
* a state of a file system (free space)
* a state of backups(files, mysql, mirroring)
* checks performance of servises (nginx/httpd, mysql, crond,
sendmail, sshd, syslog)
Notifications sends to the email address - CONFIG_ROOT_ADDRESS in
the following cases:
* connection: connection problems with one of the services or
connection has been restored
* nonexist: one of the process does not work
* timeout: error related to request timeout
* resource: one of the paramentr of the system has exceeded a limit
or has settled into shape
Server checks on presence rootkits
Daily search on a server rootkits using Rootkit Hunter
General root email
All incoming mail of the root user is redirecting to an e-mail
specified in a variable CONFIG_ROOT_ADDRESS
Cron tasks
Performance time of cron tasks is moved:
* hourly: at 17 minutes of each hour
* daily: at 6:25 every day
* weekly: at 6:47 every Sunday
* monthly: at 6:52 each first day of month
Localisation
Set up UTF-8 localisation.
Firewall
Only following ports are accessible from outside:
* From variable CONFIG_SSH_PORT - ssh
* 80,443 - http,https
* 21 - ftp
SSH
Outside SSH access is available only for admin user. Also it is
possible to be authorised using the key - [email protected]. Set
CONFIG_ALLOW_ROOT_LOGIN=yes for open access to the root user
SUDO
Admin user can execute all commands without the password.
Admin user
Admin user added for system administration.
Yum
For installation of necessary version of Ruby the following repo was
added:RubyWorks.
Versions of packets can be locked using yum plugin
versionlock
Installation
* clone repo with sliceconfig
git clone [email protected]:fs/sliceconfig.git
* create an archive with private data tree
etc/
etc/s3conf/
etc/s3conf/s3config.yml
etc/httpd/
etc/httpd/conf.d/
etc/httpd/conf.d/access.passwd.tpl
etc/nginx/
etc/nginx/htpasswd
home/
home/admin/
home/admin/.tcshrc
home/admin/.bashrc
home/admin/.ssh/
home/admin/.ssh/authorized_keys
home/admin/.ssh/id_rsa
home/admin/.ssh/id_rsa.pub
home/admin/.ssh/known_hosts
root/
root/.ssh/
root/.ssh/known_hosts
Not all files are mandatory. In /home/admin/.ssh/authorized_keys
need to add key for admin user authorisation
* go to directory of installer
cd sliceconfig/install
* deploy archive with sliceconfig to the server
sh upload.sh [email protected]
* log in on the server and unpackage sliceconfig
tar xjvf sliceconfig*.tar.bz2 -C /etc
cd /etc/sliceconfig/install
* change variables if it necessary and Important set up file
with private data:
vim scripts/configuration.sh
* run the base stack installation and follow instructions
sh install_base.sh