There’s a few tools I tend to use over and over again when I’m managing a web server. Here’s a list of my top 5 favorite tools I always use.
1. Alternative PHP Cache (APC)
APC is a PHP accelerator which boosts the performance of your PHP scripts. If you are not using it already you should really do so. It works very nice out of the box with default settings.
Installation
$ sudo apt-get install php5-apc
or:
$ sudo pecl install apc
Configuration
Add the following section to your php.ini-file.
[apc] extension = apc.so apc.enabled = 1 apc.shm_size = 30 apc.stat = 1
Note: You need to restart Apache in order to load this new extension.
How much memory to allocate for APC is defined by apc.shm_size (default is 30M).
apc.stat = 1 forces APC to check if the PHP-file has been modified upon each request. On a production server where your files rarely change you can achieve a significant performance boost by having this feature turned off. In that case you’ll either need to restart the web server or clear the cache manually when updating files.
Learn more
2. DenyHosts
Denyhosts let you protect your server against SSH brute force attacks. If you have a public web server and have a look at your SSH log file (in example /var/log/auth.log on Ubuntu) you’ll be amazed how many attackers that want to gain access to your server. Denyhosts address this problem by rejecting access to the server after a certain number of failed login attempts (defaults to 1 for root, 5 for invalid user accounts and 10 for valid user accounts).
Attackers IP-address will be appended to /etc/hosts.deny and will be rejected instantly upon trying to attacking your server again.
Installation
$ sudo apt-get install denyhosts
Configuration
Default settings are mostly fine. You can configure your DenyHosts setup in /etc/denyhosts.conf.
3. rsnapshot
rsnapshot is a simple backup tools which create rotated backups of local or remote files and directories. rsnapshot is built on top of OpenSSH for secure transfer and rsync for synchronizing directories contents without using excessive bandwidth. The disk space required is just a little more than the space of one full backup, plus incrementals.
Installation
$ sudo apt-get install rsnapshot
Configuration
Once installed you should edit /etc/rsnapshot.conf and configure which files and directories you want to backup.
For local files use:
# localhost backup /home/ localhost/ backup /etc/ localhost/ backup /usr/local/ localhost/
For remote files use:
# example.org backup root@example.org:/home/ hostname/ backup root@example.org:/etc/ hostname/ backup root@example.org:/usr/local/bin/ hostname/
For remote backups you need to setup a password-less SSH login between the backup server and the remote server.
Note: You need to use TAB for spaces and trailing “/” for directories (skipping trailing slash and rsnapshot will treat it as a file).
For more information about setting up rsnapshot on your server check out this guide.
4. Munin
Munin is a simple resource monitoring tool that help you analyze trends on your resource usage. It comes with many useful graphs out of the box and is easy to install additional graphs or even write your own graphs.
Installation
$ sudo apt-get install munin
Configuration
You don’t need to configure anything here if you are just running munin locally. If you want to run Munin for multiple servers read this guide.
Learn more
You can find additional plugins here and a tutorial on how to write your own plugins here.
5. Logwatch
Logwatch analyse your system log files and create a report on areas where you should pay attention. It’s easy to use and work well with default settings on most systems.
Installation
$ sudo apt-get install logwatch
Configuration
In order to receive email reports from Logwatch you should edit /etc/logwatch/conf/logwatch.conf. Here’s an example:
MailTo = your.email@example.org MailFrom = logwatch@example.org Range = Yesterday Detail = Med mailer = "/usr/sbin/sendmail -t" Service = all
With this setup you’ll receive a daily email of yesterday’s activity with a medium severity which is an ok start. For more information on how to configure Logwatch click here.
I hope you find these tips interesting. Any tools you miss from this favorite list? Please leave your comments.
