Section 5.6. Care and Feeding

5.6. Care and Feeding

5.6.1. Monitoring

You'll want to install some form of monitoring for all of your systems. Section 5.6.2 lists several good open-source monitoring tools for both host-based and network-based monitoring. You should also take a look at monit as a means of watching your systems internally (meaning not from an external server the way nagios would do it). Others prefer to use runit to manage their processes reliably, and it should work well with monit.

5.6.2. Security

You can install a few small pieces of software right away and get a massive security improvement.

  • samhain A fantastic little bit of software that monitors your system for host-based intrusion. It can detect file changes, root kits, logins, logouts, privilege escalation, and use a secure central server or e-mail for reporting. It's also great for finding rogue admins and developers who change things without telling anyone.

  • psad This or portsentry will watch your system for portscans (people trying to find out what your systems are running) and then block them actively. This is a very effective way of stopping most attackers since the first thing they do is scan your machine.

  • mod_security This is a module for Apache that lets you do very capable security controls at the HTTP level. You can sometimes use this to protect against new exploits found for Rails without having to upgrade right away.

  • snort Another fantastic tool that watches your network for potential attacks. You can put it on a separate little machine (running OpenBSD if you're ultra hardcore) and it'll detect network level intrusions.

  • syslog-ng A great way to centralize your system logging. A centralized log infrastructure makes it easier to recover from intrusions, find out how they were done, and makes it easier to monitor your systems.

Mongrel. Serving, Deploying, and Extending Your Ruby Applications
Mongrel. Serving, Deploying, and Extending Your Ruby Applications
ISBN: 9812836357
Year: 2006
Pages: 48 © 2008-2017.
If you may any questions please contact us: