Running a dediacted server problably the most important aspect is availabilite, i. e. the constant and uninterupted operation of all relevant services. Furthermore data security and integrity are important to guarantee that no one has changed or deleted the data served or stored. In this section an overview over the solutions that are used on incunabulum.de is given.
Availability
The availability of services is done using the monit system monitoring tool.
From the product page:
monit is a utility for monitoring and managing daemons or similar programs running on a Unix system. It will start specified programs if they are not running and restart programs not responding.
This tool checks regulary if a process with a given pid file is alive and – if configured and possible – the corresponding ports are accessible. In case of a broken process monit restarts the service. Disk quotas and memory usage checks are also performed by monit.
The status of services etc. is available online via the status page or directly here
The configuration file is online for download
Furthermore in case of errors email notifications are send to mail addresses defined. For critical errors mail is send to an sms forwarder so that instant and offline notification is possible.
Security
Snort
Snort is a sniffer and packet logger used for intrusion detection. All incoming trraffic is scanned for possibly critical patterns. Warnings are given in case of suspicious packets.
From the package information:
Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate "alert" file, or even to a Windows computer via Samba.
Currently all alert mails are send to the local alert email account.
Other
Not implemented yet. Possible candidate solutions are samhain, aide, integrit