Archives for July 2007

How to install CSF and LFD?

Securing a web server is critical if it is Internet facing. A steady flood of random and targeted attacks is going to happen as soon as the server is available over the Internet. Installing a firewall and a brute force attack detection tool should be one of the very first steps for a web master. In the past we recommended APF and BFD of R-fx Networks as the software to use, but both tools have not kept up with the pace and are very much outdated. A competing product developer stepped up to the plate and grabbed the opportunity to position his own software solution in the market. Best of all – the solution is freely available at Configserver.com.

CSF and LFD are very easy to install and to configure – especially if you are using a cpanel & WHM server. Here are the instructions on how to install CSF and LFD.

1) Log into your server and switch to the root user
2) Switch directories to your download directory
3) Download the latest version of the software: # wget http://www.configserver.com/free/csf.tgz
4) Untar the package: # tar -xzf csf.tgz
5) Switch into the new extracted folder: # cd csf
6) Run the installer: # sh install.sh
7) If you are still running APF and BFD on your server it is necessary to disable those applications: # sh disable_apf_bfd.sh

If you are running WHM you can now configure CSF and LFD from WHM. CSF/LFD comes pre-configured for a cpanel/WHM server and so there is not that much to do after the installation. Log into WHM and inspect the new configuration utility. As an example you can uninstall APF and BFD from here with the click of the button. If you want to manually edit the CSF/LFD configuration you can do so at / etc/csf/*. Make sure to make backups before you make changes as well as using the debug mode to avoid being locked out.

If for whatever reason you need to uninstall CSF and LFD you can do this easily yourself as well. Login to your server via SSH and switch to the root user.

1) Switch to the folder holding the uninstaller: # cd /etc/csf
2) Run the uninstaller: # sh uninstall.sh

All done. We highly recommend to make yourself familar with the product and how it works. CSF / LFD comes with a readme.txt file that you really should read. The readme file will give a great insight into how both apps work and what you need to configure to have your server properly configured.

How to rotate your Apache Log Files?

 

 

Cpanel does a good job with rotating Apache log files for the different domains on a cpanel/WHM server, but they are still not doing anything good to rotate the main Apache log files. To prevent problems on your server you need to setup log file rotation yourself. This should be done on every Apache web server and not just on a Cpanel server. Here is an easy way to do it.

 

 

 

Log into your server via SSH and switch to the root user. Now create a file for Apache log file rotation:

 

 

 

# vi /etc/logrotate.d/httpd

 

 

 

VI comes up with the new file open. Now add the following content to the new file:

 

 

 

/var/log/httpd/*log {
    missingok
    notifempty
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true
    endscript
}

 

 

 

Save the file and you are all done. But hold on. What if you wanted to go a little more sophisticated? Consider the following to extend your logging and to keep log files around for a while.

 

 

 

/var/log/httpd/*log {

 

    weekly

 

    rotate 52

 

    compress
    missingok
    notifempty
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true
    endscript
}

 

 

 

Save it and you are done. What does this actually do? Here are all options explained for you:

 

 

 

The log files are now rotated on a weekly base. The "52" is equal to 52 weeks before log files are overwritten. To save on disk space the log files are compressed accordingly. "missingok" tells the rotation job to continue to the next file if a log file is missing and not to trigger an error. If a log file is empty it will not be rotated (notifempty). The last two options are not really critical to know for now. All we really care about are the options specified.

 

Comparing RAID 1 and RAID 5

 

Using RAID 1 or 5 has become much more affordable over the years when it comes to redundancy on servers. Both hardware RAID 1 (mirroring or duplexing) or RAID 5 (striping with parity) offer good data redundancy should a single hard drive in a RAID array fail. The major difference however can be found in the system performance between RAID 1 and RAID 5. RAID 5 experiences more heavy write overhead because of the additional parity data that has to be created and is then written to the disk array. RAID 1 does not experience this overhead.

Read performance, on the other hand, is usually better with a RAID 5 setup. This gets even better if your RAID 5 array has more than 3 disk. RAID 5 read performance increases with more disks in an array because the more disks there are, the more read/write heads there are, and RAID 5 arrays have the awesome ability to read simultaneously from all the drives at the same time. RAID 1 only has two disk drives by nature and is therefore limited in the number of read/write heads.

Drilling further down into this subject a server setup should be thoroughly investigated to decide which option to choose. If your server supports enough drives, a popular setup is a RAID 1 setup for the OS (Operating System) and a RAID 5 setup for the data. There are certain applications like SQL databases that eventually work better in a different setup, but for most standard setups the described option works fine.

In the web hosting world a good approach would be a setup with RAID 1 and a standalone hard drive for the backups. This gives the web host protection from a single drive failure while it is less an issue if the hard drive for backups fails. In my case I use an external backup service and rsync my backups from the backup standalone hard drives to the external location. If the stand-alone hard drive fails I just re-populate it from the external source and all is good. Another advantage for putting the backups on a different is system performance. While the web server is hosting customer websites and is busy serving pages the stand-alone disk is used for writing the backups to it while the read process is on the RAID-1 array.

 

For a dedicated server hosting large databases a different approach can make more sense. Let’s assume you would be hosting a large SQL Server database. A server setup could look like this.

 

System/OS = RAID 1

 

Database = RAID 5

 

Database Logs = RAID 1

 

Not every server can hold that many drives, but it really depends on your budget anyway. The listed configuration is made for best performance. First of all we separate the operating system from the application. The database itself has a lot of read processes to take care of and RAID 5 provides best performance. The database logs are written to before they get truncated. So, using RAID 1 here provides better peformance.

 

Conclusion: When building your next web server do some research on what the server will do. With the knowledge from this article you might be able to gain some better performance from the system. And if you go with a standard volume/RAID 0 setup that is fine, too. As long as you are aware that there is no redundancy and you have a proper Disaster Recovery plan in place that suits your needs … go for it.