Going Live with a Linux Server
Table of Contents
Based on past mistakes by myself and others, here is a check-list before putting a Linux (or other Unix) server online:
- Run memtest86+ (or an equivalent program for other architectures) before going live, ideally run it before installing the OS. Run it again every time you upgrade the RAM.
- Reboot the machine after every significant change. EG if you install a new daemon then reboot it to make sure that the daemon starts correctly. It’s better to have 5 minutes of down-time for a scheduled reboot than a few hours of down-time after something goes wrong at 2AM.
- Make sure that every account that is used for cron jobs has it’s email directed somewhere that a human will see it. Make sure that root has it’s mail sent somewhere useful even if you don’t plan to have any root cron jobs.
- Make sure that ntpd is running and has at least two servers to look at. If you have a big site then run two NTP servers yourself and have each of them look to two servers in the outside world or one server and a GPS.
- Make sure that you have some sort of daily cron job doing basic log analysis. The Red Hat logwatch program is quite effective, then you need to have some way of making sure that you notice if an email stops being sent (getting 11 instead of 12 messages from logwatch in the morning won’t be noticed by most people).
- Make sure that when (not if) a hard drive in your RAID array dies then you will notice it.
Any suggestions on other things I can add?
You may also like
RAM Speed according to Memtest86+
May 19, 2024
Debian Repositories
October 12, 2022
ZFS and BTRFS
January 24, 2019
Related posts:
3 comments
Leave a Reply
You must be logged in to post a comment.
Archives
- December 2025
- October 2025
- September 2025
- May 2024
- September 2023
- October 2022
- August 2022
- February 2022
- January 2022
- August 2021
- September 2020
- May 2020
- November 2019
- January 2019
- July 2017
- April 2016
- March 2015
- January 2015
- July 2014
- October 2012
- August 2012
- February 2012
- August 2011
- January 2011
- June 2010
- May 2010
- April 2010
- October 2009
- January 2009
- December 2008
- July 2008
- June 2008
- May 2008
- April 2008
- January 2008
- December 2007
- November 2007
Calendar
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | 31 | |||||
yes the memtest thing has bitten me a few times..
also maybe (some of these are more basic security things):
run nmap from a remote location to make sure no un-needed services are running.
lock down ssh via sshd_config (no root logins, etc)
if possible check switch port duplex settings are all matching what the eth interface thinks it should be, and after blasting with traffic no errors on ethernet interface or packet loss to nearby host.
Keep a separate copy of /boot on a separate disk, and keep it up to date with the _exact_ same contents as the real /boot. Have a rescue disk handy with a grub installer on it and PRACTICE using it before you install anything.
May I make a suggestion? Using only two NTP servers is not that ideal. If one is wrong, which one do you believe? Ideally there should be one NTP server which is considered the “source of truth”, or at least three NTP servers so there is a tie-breaker in the event of a conflict.