When I started working as a web developer 10 years ago, I had a basic understanding of Linux and managing a server, but about all that was actually needed was setting up the odd cron job. At the time, the common hosting arrangement was a reseller account. All that was, is an expanded version of the personal accounts most hosting providers offer for 5 to 10 euro per month. The only real difference was that instead of the two or three sites you could host there, you could host hundreds in the same account. It was handy in some ways (All maintenance was carried out by the hosting provider, it was cheaper and less work than a dedicated server, etc) and a pain in others (Want imagemagik installed? If it’s not there already, tough shit, best case scenario is you put in a request for it and it’s done months later. Same goes for modern versions of PHP, etc.).
Disclaimer: I am by no means a server admin, I know enough to muddle by, and I have not broken anything (yet).
In recent years this has changed, most companies (That I deal with anyway) seem to have moved away from that model, and instead offer VPS or cloud accounts. This is great for some reasons, (need something installed? Go ahead and do it!) and a pain in others (Need something installed? How the hell am I supposed to do that?). This has forced me, over time, to learn more and more about system administration and server management. What I would have dealt with a few years ago by sending in a support request, I now have to deal with myself. This includes everything from dealing with spammers, to hackers running exploit scanners or SQL injection attacks, to basic server admin (Updating PHP, managing backups, mail queue management etc).
So I figure I will do a series of posts on some basic things that I have picked up over time. I figure I will start with some tools that I use regularly to monitor the server. These are useful for a number of reasons.
The first of these tools is a shell command, top, top basically gives you a look at what is running on the system (Specifically, the items using up the most resources). It’s very similar to the task manager you might be familiar with if you work with windows in your day-to-day life.
The display is updated in real-time. pressing q quits out of it (And like most Linux commands, you can cancel out of it with ctrl+c too). By default, the output is ordered by the amount of CPU that the process is using, to change how it’s sorted, you generally use the < and > keys. This can vary from distro to distro though. So, for example, to see what process is using up the most memory, hit > once, press < to get back again.
I will generally use this for a couple of different things, the most common reason is if the server is running unusually slow, top is always the first thing I will check, in the past I have found everything from the plesk antivirus tool (Dr.Web) eating up loads of my ram, to a perl based denial of service tool running on a compromised FTP account. Now that you have identified the culprit, time to track down where it is.
This is pretty easy, to get a full path to the process, type ls -l /proc/$PID | grep exe replace $PID with the process id (The number in the PID column on the left of your top display.)
You can also stop the process by typing kill $PID or if that does not work, kill -9 $PID.
If it’s a service that’s gone a bit wrong, take a quick google to find out how to stop it, or see if you can find other people experiencing the same issue, if it’s something more malicious, I would suggest changing the usernames and passwords to any FTP accounts that point there, and take a look at the logs (Explained in a later post), and remove the file.
The second tool I use is the Apache module mod_status. mod_status is great, it allows you to see a snapshot of how the httpd is doing. It shows you all current requests that are running on it. The process id, the amount of resources that is using, the originating IP, etc. mod_status is a great place to spot things like denial of service attacks, compromised accounts using php based mass mailers. broken php pages that are using up too many resources, or to find things like someone running SQL injection attacks made possible because you are such an awful programmer.
It’s pretty easy to set up. First thing we need to do is install enable it. On my install (cloudlinux running plesk) it’s at /etc/httpd/conf/httpd.conf, but if it’s not there try locate httpd.conf. Edit the file (I’ll supply a dummies intro to vi at a later date) and find the commented out section that refers to ‘server-status’. (The line will specifically be something like “<Location /server-status>”). Uncomment it, and change it to the following
Deny from all
Allow from $YOUR_IP_ADDRESS
Just replace $YOUR_IP_ADDRESS with your own ip address. You can now access the statistics by going to http://example.com/server-status (If you are running WordPress on the domain, you may need to make some .htaccess changes, as WordPress, generally, redirects all traffic to index.php)