7 obvious rules for secure system administration of physical servers
These rules, as they say, "written in blood." Perhaps, they will help someone to save some (many) lives and nerves.
Required when working with a physical server, if there is even the slightest chance that it will lose network availability (changing network settings, kernel parameters, network services, rebooting after a year of continuous operation, etc.)
')
1. Prepare a rollback plan for changes.
2. Make sure you know the root password for the server. If you do not know, install a new one. Check that you can login with this password.
3. KVM order BEFORE the work. Do not start work until you log in to the KVM console under the root.
4. After logging in to the server, check that logged in WHERE YOU NEED . At a minimum, run htop, ifconfig, check the contents of / var / www
5. Make a backup of all the files that you are going to change.
6. If there are critical services on the server (which is not allowed to be idle) - backup all of their data , there is a possibility that you will see this server for the last time . Check that the data from this backup is restored (for example, on the virtual machine).
7. Remember that from the console all servers look the same.
And what rules did you set for yourself in similar situations? What can you share?
Required when working with a physical server, if there is even the slightest chance that it will lose network availability (changing network settings, kernel parameters, network services, rebooting after a year of continuous operation, etc.)
')
1. Prepare a rollback plan for changes.
2. Make sure you know the root password for the server. If you do not know, install a new one. Check that you can login with this password.
3. KVM order BEFORE the work. Do not start work until you log in to the KVM console under the root.
4. After logging in to the server, check that logged in WHERE YOU NEED . At a minimum, run htop, ifconfig, check the contents of / var / www
5. Make a backup of all the files that you are going to change.
6. If there are critical services on the server (which is not allowed to be idle) - backup all of their data , there is a possibility that you will see this server for the last time . Check that the data from this backup is restored (for example, on the virtual machine).
7. Remember that from the console all servers look the same.
And what rules did you set for yourself in similar situations? What can you share?
Source: https://habr.com/ru/post/151650/
All Articles