As you may tell from the title of this post, I have decided to start a “hardened server project”. what this means is, I have used the first 2 articles (securing a LAMP server) and have decided it would be a fun project to pursue.
I would love to get some contributors to this, know what services you would and wouldn’t want, what needs changing etc.
I’m hoping to upload the virtual machine image with each post and give you guys something to play with and see how it’s set up, but that won’t be until the next post.
Anyway enough with the introduction, and on to todays post – monitoring.
The idea behind this if fairly simple to set up a user account you can log in on the server which with just display status reports. heres how I did it:
First you will need the tools htop, iftop & apachetop
htop will be used for the system monitoring, resources used, disk space etc.
iftop is for monitoring the network, bandwidth utilization, speed and destinations
apachetop as you can probably tell by the title is for monitoring apache
to install these you can just use apt-get
apt-get install htopapt-get install iftopapt-get install apachetop |
To have it set up so the 3 programs will loop on the screen we will need to install the aptly named screen. Again simply
apt-get install screen |
Now to create the user account
useradd -s /bin/bash -m -d /home/monitor -g monitor |
Set the password as the prompt tells you.
Finally, we need to create 3 files in the new users director (/home/monitor/)
They are:
monitor – The main script which starts the 3 screen sessions
background – A script that runs in the background to swap between them and set the timings
.bash_profile – The script that gets run on login
Inside each script should be:
.bash_profile
export PATH=${PATH}:/usr/sbin./monitor |
monitor
#!/bin/bashscreen -dmS "monitoring"screen -S "monitoring" -p 0 -X title resourcesscreen -S "monitoring" -p 0 -X stuff "htop$(printf \\r)"screen -S "monitoring" -X screenscreen -S "monitoring" -p 1 -X title networkscreen -S "monitoring" -p 1 -X stuff "sudo iftop -i eth3$(printf \\r)"screen -S "monitoring" -X screenscreen -S "monitoring" -p 2 -X title apachescreen -S "monitoring" -p 2 -X stuff "apachetop$(printf \\r)"screen -S "monitoring" -X screenscreen -S "monitoring" -p 3 -X title bgscreen -S "monitoring" -p 3 -X stuff "./background$(printf \\r)"screen -DR "monitoring"clearpkill -KILL -u monitor |
background
#!/bin/bashecho ""echo "--commands in X-window--"echo "alt + del = quit monitoring"echo "alt + (left/right) = previous/next"echo "ctrl + c (in this window) = stop rotation"echo ""echo "--commands in terminal--"echo "ctrl + A then \\ = quit monitoring"echo "ctrl + A then n = next"echo " = exit"while true; do screen -X select 0 sleep 45 screen -X select 1 sleep 45 screen -X select 2 sleep 45 screen -X select 3 sleep 5done |
Just have to make them executable
chmod g+x monitorchmod g+x background |
Thats all now you can simply leave the account “monitor” logged in, the second it’s logged in monitoring will be displayed on the screen and automatically rotated. When you exit the log rotation it will also log out the account.
Well that’s all for this installment, please let me know what services etc. you would want on a web server and hopefully next post I should have a VM for you to play with.
Interesting – can that be applied to my network to try?
yes it would be fairly simple to add