Talk:Good Admin Guide

From Sysadmin

Jump to: navigation, search

Contents

Add to the Good Admin Guide

Points can be added here for inclusion in the right section later.

General

  • Don't repurpose systems. This may result in important information left on the system, applications running that shouldn't be, and poor filesystem arrangement.
  • Vendor liability appears to be limited - vendors are rarely brought to task for poor software so this should not be a strong basis for a decision in deciding on software supported by a large vendor
  • wtmp should not normally be automatically rotated. For virtually every system it is so small compared to available disk that a rotation is inadvisable, given that information on who accessed a system is sometimes needed months or even years after the event.
  • Should network (eg ldap) be used for system and/or application users?
    • The OS will largely become unresponsive if it looses access to the ldap servers
    • Applications could fail badly and in unexpected ways if network access is lost (which is easier than many people seem to think)
    • A system with local users may well be able to keep operating properly in network isolation - this may or may not matter depending on the application
    • Puppet and similar systems offer a way of centrally managing local users
  • IT moves so quickly that standing assumptions and existing systems should be re-evaluated at least every 5 years

Timezones

  • In general, running all servers within an organisation in the same timezone is useful for event correlation across timezones.
  • Pick the actual TZ for convenince.
  • The use of UTC can be over-rated as a choice

Security

  • Consider downloading (and possibly building) a fresh copy of a HIDS when performing spot checks on servers (eg, if an intrusion is suspected)
  • This will make it harder (but not impossible) for the intruder to tamper with the HIDS results and cause false negatives
  • It is possible for a compiler to be tampered with although actual exploits like this have been rare over the last few decades
  • Using a statically linked or scripted HIDS is an option although in practice it will make little difference

DNS

  • The CNAME (canonical name) is actually the value to the right of the key word CNAME in the zone file but people colloquially refer to the value to the left as a CNAME. It is correctly called an alias.
Retrieved from "http://www.practicalsysadmin.com/wiki/index.php/Talk:Good_Admin_Guide"
Personal tools