LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 10-08-2008, 09:29 AM   #1
rl2hb
LQ Newbie
 
Registered: Oct 2008
Posts: 1

Rep: Reputation: 0
Inherited a Server - Oh boy...


So, I've inherited a server for a retailer and have to be able to maintain it.

My story: I'm just about finished with my bachelor's degree (just a couple GenEd courses left) and was hired into a company as a PHP programmer. The person who had set up the server is no longer here, and I have to be able to do maintenance, security officer-ing, whatever we need (on top of my normal duties of programming, washing windows, and answering phones). What's worse is that I have a very minimal amount of experience with Linux/UNIX (basically, one whole class this past summer).

Trust me, I know this isn't an ideal scenario. There should be a fully capable server administrator here. Isn't going to happen anytime soon.

I need a bit of guidance, if the gurus here would be so kind

I know that...
  1. we're running FreeBSD 6.2-RC1 and running a web server, database, and email all within jails, and that jails provide some level of security.
  2. the web server is lighttpd/1.4.18
  3. the database is MySQL/5.0.45
  4. email has postfix, dovecot, and amavisd which does... stuff
  5. DNS is running and doing... something

Really doesn't seem like a whole lot, now that I list it out....

Anyhow, do any of you know a good process for figuring out a sort of complete inventory of the system? Basically, users, programs, security, ports, any and all settings that would be customized, anything else that could possibly be useful in running, maintaining, and keeping this secure? And tips on why certain packages, settings, and configurations would be in place.

On top of that, the other guy had his own site and email hosted on our server (separate jails) and some setting somewhere (probably in the DNS or DNS cache) is still telling it that it's here, when it should be hitting DNS and finding it's new home out on the web.

My company is kind of afraid of sabotage at this point, and I want to be able to assure them that before the other guy left, he didn't do anything to our email (since there's been a slight dropoff in it). And since he was the former admin, he had root access, and knew a lot more than I do. I'd like to think the best of people, but you know, maybe not everyone passed the Ethics final.

Obviously there isn't much you can do without actually using the server, but any guidance you can offer towards figuring this out on my own would be appreciated.

Thanks!

Roger
 
Old 10-08-2008, 09:40 AM   #2
ncsuapex
Member
 
Registered: Dec 2004
Location: Raleigh, NC
Distribution: CentOS 2.6.18-53.1.4.el5
Posts: 770

Rep: Reputation: 42
First advice.

CHANGE ALL PASSWORDS. Specifically the root passwords and disable his account.

2nd. I was in the same boat except we have around 80 servers and they all are configured differently. It's a PITA. I would start with the software that you know you have and do some research. Find out what conf files are where and what they do and poke around them some to see if anything looks out of place, as far as him hosting his email/website. BEFORE YOU MAKE ANY CHANGES!. Back up the conf files so you can restore when when you break something.. And you will break something.


Check out the log files. Not familiar with BSD but usually they are found in /var/log in other *nix. This will at least tell you if something is going wrong and what the errors are, for a google search or LQ search.
 
Old 10-08-2008, 11:09 AM   #3
BallsOfSteel
Member
 
Registered: Mar 2008
Location: Florida
Distribution: Fedora mainly, but I am open to others.
Posts: 273

Rep: Reputation: 33
You also might want to look into this: http://search.barnesandnoble.com/A-P...1478237/?itm=2 just to get your feet wet.
 
Old 10-08-2008, 01:08 PM   #4
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,887

Rep: Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774
Quote:
Originally Posted by ncsuapex View Post
CHANGE ALL PASSWORDS. Specifically the root passwords and disable his account.
..absolutely...

Quote:
Find out what conf files are where and what they do and poke around them some to see if anything looks out of place, as far as him hosting his email/website. BEFORE YOU MAKE ANY CHANGES!. Back up the conf files so you can restore when when you break something.. And you will break something.
I'd do this twice: A backup of absolutely everything to go in a fireproof safe, or offsite and either another copy or a copy of just the bits that you think you need (conf files and the like) onto a DVD or something convenient (USB stick?) that you keep somewhere close at hand. (But then, I'm a belt and braces sort of person.)

Quote:
Check out the log files. Not familiar with BSD but usually they are found in /var/log in other *nix. This will at least tell you if something is going wrong and what the errors are, for a google search or LQ search.
Again good advice. You mentioned, in particular, DNS/DNS cache. Unclear if that was BIND/named or djbdns, but whatever it is there should be a log. You may have to get a log viewer program (if there is a fair amount of traffic - if not a quick look with a plain text viewer may be enough), but one way or another, you need to have a look that nothing dramatically bad is going on.

Also have a look what other services are running - you may want to get a list of those into a file and included with your backup 'just in case'. And then get a list of your firewall rule set, and then you can start breathing a little more easily.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Inherited Redhat Server toferloafer Linux - General 5 12-23-2007 09:56 PM
Inherited SuSE LES 8.1 server... where to begin? noctech Suse/Novell 3 06-02-2006 08:46 PM
inherited permissions with NFS elbe3321 Linux - Networking 1 10-25-2005 12:13 AM
Here's a Doozy, just inherited a problem. jrwizzard Linux - Software 3 12-03-2004 08:19 PM
inherited laptop centr0 General 3 04-23-2003 02:36 PM


All times are GMT -5. The time now is 12:34 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration