Hello,

I am kinda new to linux, I have some scripting knowledge, etc, but I have been asked to preform some Administration tasks on our Linux (Redhat, CentOS, Fedora) servers.

I have some basic crons running that email me things such as disk usage and warn me if disk space gets to low, etc.

What I need to kinda know now is things like:

Load
Hardware Failures

Etc.

I guess the more advanced stuff! I have looked at "Logwatch" which I notice I can divert to an external address. I assume this would warn me failures and such?

Do you guys use any software for monitoring and such?

Or if you think there should be anything else I should be monitoring (No websites running on these servers they are purely database servers, with user numbers in excess of 800 on some servers.)

Would appriceate the ideas

Thanks

You don't say exactly what you have been asked to do.....

Have you been put in charge of these servers? Is there a more senior/experienced person guiding you?

You might look into Nagios or something similar for monitoring. Depending on what type of database server you're using, it might have its own monitoring tools.

yeah they are all under my control

The database part is under someone elses control and management, mine is the email server, users, printers, hardware, etc

I already do basic checks manually, and I am trying to automate things. But also making sure I am checking things I should be.

The first thing is to bullet proof outside access, as much as possible. The 2.6 kernel uses iptables to build networking packet filters. You should look at /etc/hosts.allow and /etc/hosts.deny to make sure access terminates with an ALL or NONE statement. There are man pages for these files. Disable all services that you don't need. Bullet proof ssh by not allowing root logins, or remote X sessions. Run snort to monitor network intrusuion, unless it's running on a firewall somewhere.

Get a spam filter, and train it. It doesn't take long. Make sure the ports for local services are blocked to the outside world. Configure syslog to log what you want. And configure one machine to gather all syslog data remotely. Splunk is good. Make sure the program files you don't need are deleted.

You can install bastille to harden the system. If you want realtime log monitoring, for say root logins, try w | grep 'root'. If there is any output, you've got a root login. If you want monitoring for syslog for a specific thing, sudo tail -f /var/log/syslog | grep 'eth0' | 'died' | 'root' | 'sudo' will monitor syslog for the strings listed.

The first thing is to bullet proof outside access, as much as possible. The 2.6 kernel uses iptables to build networking packet filters. You should look at /etc/hosts.allow and /etc/hosts.deny to make sure access terminates with an ALL or NONE statement. There are man pages for these files. Disable all services that you don't need. Bullet proof ssh by not allowing root logins, or remote X sessions. Run snort to monitor network intrusuion, unless it's running on a firewall somewhere.

Get a spam filter, and train it. It doesn't take long. Make sure the ports for local services are blocked to the outside world. Configure syslog to log what you want. And configure one machine to gather all syslog data remotely. Splunk is good. Make sure the program files you don't need are deleted.

You can install bastille to harden the system. If you want realtime log monitoring, for say root logins, try w | grep 'root'. If there is any output, you've got a root login. If you want monitoring for syslog for a specific thing, sudo tail -f /var/log/syslog | grep 'eth0' | 'died' | 'root' | 'sudo' will monitor syslog for the strings listed.