rolfen
5/26/2018 - 2:11 PM

Setting up a Linux server

Setting up a Linux server

MONITORING.md
content_copyfile_download
  • Rendered
  • Source

Monitoring a Linux server

There are many tools for watching the server in real time, such as htop or iptraf-ng. However it is useful to collect statistics to detect activity spikes, abnormal traffic, etc.

vnstat

Vnstat will print a simple traffic overview by interface.

                      rx      /      tx      /     total    /   estimated
 tun0:
       May '18     93.84 MiB  /    1.85 GiB  /    1.94 GiB  /    2.34 GiB
     yesterday         0 KiB  /       1 KiB  /       1 KiB
         today       323 KiB  /    2.23 MiB  /    2.54 MiB  /      --    

 eth0:
       May '18      3.35 GiB  /    4.69 GiB  /    8.04 GiB  /    9.74 GiB
     yesterday      6.52 MiB  /   68.06 MiB  /   74.58 MiB
         today     29.86 MiB  /   29.89 MiB  /   59.75 MiB  /     100 MiB

Monitorix

Monitorix will serves a web page with graphs for many other activities such as memory usage, system load, etc.

Install it. By default it will allow everyone to see the statistics, so:

sudo nano /etc/monitorix/monitorix.conf

Find <httpd_builtin>section and set the following options:

hosts_deny = all
hosts_allow = 127.0.0.1

This will only allow connections from localhost.

sudo service monitorix restart

We just restarted the service to apply changes, now to access the web interface, we need to set up an SSH tunnel. Monitorix lives on port 8080 by default. Linux instructions follow. For Windows, use Putty.

ssh -L 8080:localhost:8080 my.monitorix.server

Now we can access our monitorix server on the following address, through the private SSH tunnel.

http://127.0.0.1:8080/monitorix

Other tools

  • nagios and monit monitor and test services (web server, etc.) and provide warnings and automatic actions when something goes wrong.
  • darkstat offers more detailed network statistics, for example traffic by host.
EMAIL.md
content_copyfile_download
  • Rendered
  • Source

Follow this:

https://thomas-leister.de/en/mailserver-debian-stretch/

Notes: See this section DKIM is a single domain setup. For multiple domains we need multiple DKIM keys. In /etc/rspamd/local.d/dkim_signing.conf, we would rather need something like this (source):

path = "/var/lib/rspamd/dkim/$domain.$selector.key";

Also checkout out comments here for DNS "Your record would need to be for x._domainkey.subdomain.example.com"

With this setup, for adding aliases, to send or receive from the same account, using different addresses, just add to the aliases table in the database, and don't forget to set enabled=1.

Todo:

Look at spamassassin and OpenDkim instead of rspamd (uses relatively much memory) https://www.digitalocean.com/community/tutorials/how-to-configure-a-mail-server-using-postfix-dovecot-mysql-and-spamassassin https://www.sophimail.com/configure-freebsd-email-server-using-postfix-dovecot-mysql-spamassassin/