LinuxWebLog.com

These are some services I would normally turn off on web servers.
NOTE: usage may vary.

1. gpm -- mouse
2. mdmonitor -- monitor raid devices
3. netfs -- nfs, samba etc...
4. autofs -- automount, nfs, cd etc...
5. kudzu -- detect new hardware
6. restorecond -- monitor selinux file context
7. mcstrans -- mandatory access control selinux translation
8. messagebus -- routes messages between applications
9. haldaemon -- maintains database of devices connected

There may be more, but if you've cleaned up your rpm packages, it would probably not exist.

Below is a list of rpm packages that are not necessary on a web server. Use it as a reference starting point for cleaning up servers. You may also want to make sure not to run services not required by the server.
NOTE: usage may vary and removal should be in the order listed:

1. redhat-lsb cups system-config-printer-libs system-config-printer paps -- printer support
   
   
2. system-config-soundcard  -- gui for sound setup
   
   
3. system-config-securitylevel-tui -- gui for setting up security
   
   
4. nfs-utils system-config-nfs nfs-utils-lib -- nfs server
   
   
5. portmap -- manage RPC connections
6. ypbind yp-tools -- NIS client binding
7. htmlview  -- view webpages via gui
   
   
8. system-config-services system-config-samba pinfo system-config-users system-config-date -- gui configs
   
   
9. samba samba-client samba-common -- samba support
   
   
10. oprofile oprofile-devel oprofile-gui qt
11. vnc
12. libglade2 libgnomecanvas usermode-gtk libbonoboui libgnomeui libglade-java pygtk2-libglade system-config-httpd system-config-network gnome-mount libgnome-java gnome-python2-bonobo gnome-python2-canvas gnome-python2 authconfig-gtk system-config-lvm authconfig-gtk pirut gnome-vfs2 gnome-python2-gnomevfs gnome-python2-gconf libgnome libgsf librsvg2 librsvg2
    ImageMagick
13. gnome-mime-data gnome-keyring  notify-python
    
    
14. GConf2 notification-daemon bluez-gnome libgconf-java libnotify bluez-utils
15. libgtk-java libvte-java
16. pygtk2 system-config-language system-config-rootpassword
17. vte
18. libwnck
19. glib-java cairo-java frysk
20. libwmf
21. gtk2
22. cups-libs
    
    
23. ghostscript ghostscript-fonts
    
    
24. avahi avahi-glib
25. wpa_supplicant NetworkManager
26. system-config-rootpassword
27. system-config-language
    
    
28. system-config-keyboard
29. system-config-network-tui firstboot-tui
30. system-config-securitylevel-tui
31. dhcpv6_client dhcdbd dhclient -- dhcp support
    
    
32. irda-utils -- Infra Red communications
33. isdn4k-utils -- ISDN
34. apmd -- laptop power management
35. cpuspeed -- dynamically changing cpu speed
36. bluez-libs -- bluetooth
37. irqbalance -- irq load balancing on multi-cpus (remove only in single cpu situation)
38. rsh -- unsecure remote access
39. talk -- internet talk protocol
40. foomatic -- printer driver database
41. finger -- finger client
42. eject -- eject removable media
43. cvs -- concurrent version control
    
    
44. rcs -- revision control system
45. dosfstools mkbootdisk -- bootdisk
46. redhat-menus desktop-file-utils startup-notification -- desktop
47. ppp rp-pppoe wvdial -- dialup
48. esound -- sound daemon
49. pcmciautils -- PCMCIA Cardbus
50. pcsc-lite coolkey ifd-egate ccid
51. OpenIPMI net-snmp-libs
52. ImageMagick-devel -- ImageMagick development package
53. xorg-x11-devel -- X server development package
54. acpid -- power management (remove if you don't shutdown using power button)

Godaddys' linux hosting allows for editing your own "php.ini" file and enables support for logging errors, good for debugging purposes when developing with php.

Add the below lines to php.ini in the document root, to log all errors:

You should also protect the php.ini and error_log file via .htaccess:

Easy way to add freetype support on PHP, on a DirectAdmin hosting environment with Fedora as the OS, is to use the rpm versions of freetype and freetype-devel.

1. If not installed already:
   
   # yum install freetype freetype-devel
   
   
2. Edit "/usr/local/directadmin/customapache/configure.php" to include the below lines.
   
           --with-freetype \
        --with-freetype-dir=/usr/lib \
        --enable-gd-native-ttf \
   
   Note: /usr/lib is the path to the libttf.so .
   
   # rpm -ql freetype-devel | grep libttf.so
   
   
3. Then run the build:
   
   # ./build clean
# ./build php n
   
   
4. If you need to build and update existing packages:
   
   # ./build clean
# ./build update
# ./build all
   
   
5. Check with phpinfo to confirm.

These are some notes I had taken down during the installation of Bugzilla on a server with ISPConfig hosting control panel:

Requirements:

Create Site:

Site was created via the ISPConfig control panel with "web6_bugs" as the admin user and "web6" as the group.

Install:

Apache with mod_perl need the below directives in httpd.conf:

Runs a lot faster, but is a memory hog. Suggested to turn off KeepAlive in apache when running mod_perl.

Crontab Entry:

Place the snippet of code in an index.php file to pull up a different web page for each domain pointed to the same web-space.

Check to make sure the quota package is installed, else run:

Below are some basic guidelines on setting up new hosting servers. This is only a point of reference to begin with and you should know what you are doing, else it is highly advisable to get an expert to work on setting up and securing the server:

Synopsis:

• Scan server with tools such as netstat, nmap, nessus etc...
  
• Disable services not required.
  
• Remove packages not required.
  
• Update all other packages.
  
• Secure Incoming and Outgoing ports.
  
• Move SSH to a different port and disable direct root login.
  
• Enable Antidos and BruteForce Detection.
  
• Scan for rootkits and setup daily reporting.
  
• Secure tmp and tmpfs.
  
• Secure binaries, paths and profiles.
  
• Secure Apache and PHP, and cofigure to expose minimum info about the applications used.
  
• Secure Ftp via TLS/SSL connection.
  
• ...

These are some basic notes for reference just in case I need to do the migration thing again!!!

Steps taken on the old server

1. Created a new reseller account.
   

2. Created sites in the new reseller account as domain.com2 for the domains that needed to be migrated. DA won't let you add the same name twice, which is why I used a different one for the time being. Doing this will setup all the required files/paths needed to use the website.
   

3. Copied the files to the new domain.
   
   # cp -pR /home/olduser/domains/domain.com/* /home/newuser/domains/domain.com2/
# chown -R newuser:newuser /home/newuser/domains/domain.com2
4. Did a search for the old file path and updated it to the new file path.
   
   # for x in `find /home/newuser/domains/*/public_html -type f -print0 | xargs --null grep -l /home/olduser`; do perl -pi.bak -e 's/\/home\/olduser/\/home\/newuser/g' $x ; done
5. Swapped around the the email folders.
   
   # cd /etc/virtual
# mv domain.com domain.com.tmp
# mv domain.com2 domain.com
# mv domain.com.tmp domain.com2
6. Copied over the imap files. Any data in /home/olduser/imap needed to be copied over. There will also be permission issues as well, but can be fixed afterwards with the set_permissions.sh script.
   

7. Changed user for the imap files.
   
   # find /home/newuser/imap -user olduser | xargs chown newuser:newuser
8. Renamed the existing domains with a suffix of ".old".
   

9. Renamed the new domains to domain.com from domain.com2.
   

10. Logged in as reseller and created a backup.
    

11. Created a script and dumped out single databases.
    
    #!/bin/bash
# dbExport.sh

OLD_DB=(
db1
db2
db3
...
)

for ((i=0; i<${#OLD_DB[@]}; i++))
do
  mysqldump --opt -u root --password={psswd} ${OLD_DB[$i]} > ./db/${OLD_DB[$i]}.db
done
12. Did a search and created a list of folders with 777 permission set.
    
    # find /home/newuser/domains -perm 0777 -type d > 777.txt
13. Setup dns for each domain with a www1 A record to point to the new server IP. Better solution, would be to edit the local hosts file for testing purpose.

1. Free web hosting service: is free, (sometimes) advertisement-supported web hosting, and is extremely limited when compared to paid hosting.
   
2. Shared web hosting service: one's Web site is placed on the same server as many other sites, ranging from a few to hundreds or thousands. Typically, all domains may share a common pool of server resources, such as RAM and the CPU.
   
3. Reseller web hosting: allows clients to become web hosts themselves. Resellers could function, for individual domains, under any combination of these listed types of hosting, depending on who they are affiliated with as a provider.
   
4. Virtual Dedicated Server: slicing up a server into virtual servers. each user feels like they're on their own dedicated server, but they're actually sharing a server with many other users.
   
5. Dedicated hosting service: the user gets his or her own Web server and gains full control over it (root access for Linux/administrator access for Windows); however, the user typically does not own the server.
   
6. Colocation web hosting service: similar to the dedicated web hosting service, but the user owns the server; the hosting company provides physical space that the server takes up and takes care of the server. This is the most powerful and expensive type of the web hosting service. In most cases, the colocation provider may provide little to no support directly for their client's machine, providing only the electrical, Internet access, and storage facilities for the server.
   
7. Clustered hosting: having multiple servers hosting the same content for better resource utilization.