1 | page 2 | 3 | 4 | 5
Create Linux user account to secure web applications. Scripts and programs to support a typical Linux web server using apache, mysql and php can be set to run as a Linux user with appropriate file permission. It is important that you should set up a user account with limited system-wide access for this purpose. In other words, a program or script initiating by apache or php will inherit the parent's environment which is confined to this special Linux user. In case of a breach of security, this compromised Linux user cannot access any important system directories. The damages if any are confined to the files and directories of this Linux user and can easily be detected and restored. In other words, never allow apache, mysql, php, or any components of your web server to run with root authority.

Stop all unused services
To see what services are running and the current firewall setting, use the following command.

[root@ brucelee]# service --status-all

If your current shell cannot find where the command service is, use the following command to get the appropriate path name to add to the PATH environment variable.

[root@ brucelee]# which service

If the result scrolls off the screen of your current shell, the command more or grep can be useful to filter out what you want to see. For example, the following command shows only the processes that are running.

[root@ brucelee]# service --status-all | grep running
[root@ brucelee]# service --status-all | more

If you need to start or stop a service manually, use the following syntax
service start/stop/restart. For example,

[root@ brucelee]# service httpd start
[root@ brucelee]# service httpd stop
[root@ brucelee]# service httpd restart

You might want to automate as much as possible to avoid unnecessary typing and errors. If a service needs to be started or disabled immediately each time after a system reboot, you can add this required operation into the configuration file /etc/rc.local so that a server reboot will do it automatically. Running unnecessary services wastes processor cycles and exposes your server to potential intruders.

Process administration. The following commands help to make the administration of your dedicated server simpler.

Background process.
When a command is entered, it is executed as a foreground process by default. The user must wait for one foreground process to complete before running another one. Contrary to a foreground process, the shell does not have to wait for a background process to end before it can run more processes. Within the limit of the available memory, you can enter many background commands one after another. To run a command as a background process, type the command and add a space and an ampersand to the end of the command. For example:

[brucelee@ ~]% cmd1 &

Immediately after entering the above command, the shell will execute the command. While that is running in the background, the shell prompt (%) returns and does not wait for the command to complete. At this point, you can enter another command for either foreground or background process. Background jobs are run at a lower priority to the foreground jobs. A message is displayed on the screen when a background process is finished running to indicate whether it is successful or if there are errors. The message may get appended to the last character of the command that you are currently typing but does not intefere with it in any way.

To see the priority of the current processes and what processes keep your server busy, use the following command. The display is updated periodically.

[brucelee@ ~]% top

top - 04:50:18 up 1 day, 4:54, 1 user, load average: 0.00, 0.00, 0.00
Tasks: 85 total, 1 running, 83 sleeping, 1 stopped, 0 zombie
Cpu(s): 0.2%us, 0.0%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 1026668k total, 159172k used, 867496k free, 9184k buffers
Swap: 2031608k total, 0k used, 2031608k free, 110024k cached

1 root 20 0 1948 740 532 S 0.0 0.1 0:00.87 init
2 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root RT -5 0 0 0 S 0.0 0.0 0:00.00 migration/0
4 root 15 -5 0 0 0 S 0.0 0.0 0:00.03 ksoftirqd/0
1 | page 2 | 3 | 4 | 5