Managing a server is not as complicated as you might think, but there are a few gotchas that often catch out neophyte server hosting clients. You shouldn’t feel bad about making mistakes: most of the old hands who frown at you from the pages of Serverfault made the same mistakes and learned from the experience.
But it is better if some types of mistakes aren’t allowed to become learning experiences.
Deploying Insecure Databases
There has been a spate of data leaks from improperly secured databases in recent years. Modern databases and caching tools are easy to install and use, which lets inexperienced developers get up-and-running quickly. But in some cases — MongoDB prior to version 2.6.0 and Memcached being prominent examples — they are insecure by default.
Your database should not be accessible from the internet except through the application it serves. When you deploy a database, read the documentation and pay particular attention to the recommended security configuration.
Failing To Keep A Record Of Changes
If the changes made to a server’s configuration aren’t recorded, they are forgotten. This has two consequences: it is impossible to roll back to a good state if the changes cause a problem that manifests a few hours or days in the future, and the lessons learned while making the configuration changes can’t be applied to other servers.
There are a couple of possible solutions:
- Record changes manually in a file or notebook.
- Put configuration files into a version control system like Git.
Alternatively, don’t make any changes to a live server: use an automatic configuration system like Ansible to provide servers with a known good configuration and then leave them alone.
Security patches are vital to the security of your server and the data stored on it. Your server may be compromised if you don’t update to apply patches.
Updates can be run manually on the command line or you can use a tool like yum-cron to update automatically. Although CentOS updates don’t often include breaking changes, it is always a risk to update a production server without checking what will change.
Future Hosting’s Future Engineer Pro management service includes pro-active security updates for the kernel and other software so your server will always be protected by the latest security patches.
Data that exists in only one place barely exists at all. The majority of data loss incidents are caused by human error or security issues, both of which are unpredictable. Without backups, your business is one bad day from a disaster.
Choosing Guessable Passwords
Server administrators should understand the importance of using long and hard-to-guess passwords. But the evidence shows that convenience often beats knowledge. Successful brute force attacks against Linux servers are common.