Hardened server project – Monitoring

Hard tuxAs you may tell from the title of this post, I have decided to start a “hardened server project”. what this means is, I have used the first 2 articles (securing a LAMP server) and have decided it would be a fun project to pursue.

I would love to  get some contributors to this, know what services you would and wouldn’t want, what needs changing etc.

I’m hoping to upload the virtual machine image with each post and give you guys something to play with and see how it’s set up, but that won’t be until the next post.

Anyway enough with the introduction, and on to todays post – monitoring.
The idea behind this if fairly simple to set up a user account you can log in on the server which with just display status reports. heres how I did it:

First you will need the tools htop, iftop & apachetop

htop will be used for the system monitoring, resources used, disk space etc.
iftop is for monitoring the network, bandwidth utilization, speed and destinations
apachetop as you can probably tell by the title is for monitoring apache
to install these you can just use apt-get

apt-get install htop
apt-get install iftop
apt-get install apachetop

To have it set up so the 3 programs will loop on the screen we will need to install the aptly named screen. Again simply

apt-get install screen

Now to create the user account

useradd -s /bin/bash -m -d /home/monitor -g monitor

Set the password as the prompt tells you.
Finally, we need to create 3 files in the new users director (/home/monitor/)
They are:
monitor – The main script which starts the 3 screen sessions
background – A script that runs in the background to swap between them and set the timings
.bash_profile – The script that gets run on login
Inside each script should be:

.bash_profile

export PATH=${PATH}:/usr/sbin
./monitor

monitor

#!/bin/bash

screen -dmS "monitoring"

screen -S "monitoring" -p 0 -X title resources
screen -S "monitoring" -p 0 -X stuff "htop$(printf \\r)"

screen -S "monitoring" -X screen
screen -S "monitoring" -p 1 -X title network
screen -S "monitoring" -p 1 -X stuff "sudo iftop -i eth3$(printf \\r)"

screen -S "monitoring" -X screen
screen -S "monitoring" -p 2 -X title apache
screen -S "monitoring" -p 2 -X stuff "apachetop$(printf \\r)"

screen -S "monitoring" -X screen
screen -S "monitoring" -p 3 -X title bg
screen -S "monitoring" -p 3 -X stuff "./background$(printf \\r)"

screen -DR "monitoring" 

clear
pkill -KILL -u monitor

background

#!/bin/bash
echo ""
echo "--commands in X-window--"
echo "alt + del = quit monitoring"
echo "alt + (left/right)  = previous/next"
echo "ctrl + c (in this window) = stop rotation"
echo ""
echo "--commands in terminal--"
echo "ctrl + A then \\ = quit monitoring"
echo "ctrl + A then n  = next"
echo " = exit"

while true; do
   screen -X select 0
      sleep 45
   screen -X select 1
      sleep 45
   screen -X select 2
      sleep 45
   screen -X select 3
      sleep 5
done

Just have to make them executable

chmod g+x monitor
chmod g+x background

Thats all now you can simply leave the account “monitor” logged in, the second it’s logged in monitoring will be displayed on the screen and automatically rotated. When you exit the log rotation it will also log out the account.

Well that’s all for this installment, please let me know what services etc. you would want on a web server and hopefully next post I should have a VM for you to play with.

2 thoughts on “Hardened server project – Monitoring

Leave a Reply