Loading...
 

Server Maintenance

Below are routine tasks that I perform on my servers to confirm that they have not been vandalized and to make sure they are not rejecting valid users.

sendmail

I use DNS RBLs to block some spam. The lists have a habit of blocking legitimate mail systems. I try to occasionally scan my mail logs to look for servers that should not be blocked by the RBLs. To help with this task I developed a Perl script that reads the logs and can be configured to ignore known spamers and spam domains. The script also ignores host names that appear to be a dynamic IP assignment.

Apache

I use a modified Apache log scanning script to look for various abuses of my TikiWiki installation. Probably need to clean this up and give it a real name.
~/honeySpoon/apache2_parse.pl /var/log/apache2/stovenour.access.log


Follow the access log file ignoring uninteresting entries
tail -n1000 -f /var/log/apache2/jdock.access.log | egrep -v "SurveyBot|MJ12bot|msnbot|Googlebot|ysearch\/slurp|\/img\/smiles|\/img\/|\/styles\/|192\.168\.171|208\.45\.178\.5|99\.48\.7\.17"

tail -n1000 -f /var/log/apache2/stovenour.access.log | egrep -v "SurveyBot|MJ12bot|msnbot|Googlebot|ysearch\/slurp|\/img\/smiles|\/img\/|\/styles\/|192\.168\.171|208\.45\.178\.5|99\.48\.7\.17"

tail -n1000 -f /var/log/apache2/access.log


Looking for High Users
awk '{ print $1}' /var/log/apache2/stovenour.access.log | sort  | uniq -c  | sort -nr
awk -F\" '{print $6}' /var/log/apache2/stovenour.access.log | sort | uniq -c | sort -fr
awk '{print $9}' /var/log/apache2/stovenour.access.log | sort | uniq -c | sort
awk '($9 ~ /404/)' /var/log/apache2/stovenour.access.log
awk '($9 ~ /404/)' /var/log/apache2/stovenour.access.log | awk '{print $9,$7}' | sort
awk -F\" '($2 ~ /tmp/){print $6}' /var/log/apache2/stovenour.access.log

TikiWiki

I allow anonymous comments on the site. To keep the vandals in check, I routinely dump the TikiWiki comments database table to look for vandalism. Some day I would like to create a modified version the mod-wiki_last_comments.php module that includes comments from all TikiWiki sections. This would make it much easier to keep track of vandalism on the site.
mysql -u root -p
use ....;
select a.title, a.userName, a.commentDate, a.objectType, a.object from tiki_comments as a order by a.commentDate desc;
select a.title as "comment title", a.userName, a.commentDate, b.title as "post title", c.title as "blog title" from tiki_comments as a inner join tiki_blog_posts as b on a.object = b.postId inner join tiki_blogs as c on b.blogId = c.blogId where a.objectType = "post" order by a.commentDate desc;

Check and Repair Tables
mysqlcheck --debug-info -u root -p --optimize stovenour
mysqlcheck --debug-info -u root -p --check --auto-repair  stovenour

Linux

Backups

I use rsync for my backups. It is not the perfect backup method since it does not create incremental backups, but for me it is good enough and has some rather nice features. For one it allows me to quickly review all the backup files and pull out the ones that I need if something catastrophic happens. The biggest down side is that, with the way I run it, rsync can delete all the backup files if they are deleted in the source path. This doesn't allow me to recover from stupid mistakes.
It took me quite a bit of trial and error to get the --chmod parameters right but what I have seems to work for me.
profile.ini
[DellBackup-deb]
ServerIP=192.168.171.208
ModuleName=DellBackup
Port=873
AdditionalParams=--chmod=ug+rw,Dug+rwX --delete-excluded --exclude="/*/My Documents/Trash" --exclude="/*/My Documents/Download" --exclude="/*/Local Settings" --exclude="/*/Application Data"  --exclude="/*/Recent" --exclude="/*/Cookies" --exclude="/All Users/Documents/Backups"  --exclude="*/NTUSER.*" --exclude="*/ntuser.*"
Compression=0
DeleteOlderFiles=1
SkipNewerFiles=0
Recursive=1
UseSSH=0
VerboseLogging=1
AssignPermissions=0
UserID=backup
Password=
File_1=C:\Documents and Settings\@%@%@%Documents and Settings/



Contributors to this page: michael and admin .
Page last modified on Sunday 03 of August, 2014 09:24:37 CDT by michael.