Español
Effective monitoring for your servers for an early error detection
Early detection
Our policy is to apply an intensive monitoring of the internal status of our servers in order to detect problems as soon as possible.
Early solution
The early detection help us to offer you a highly available service. Most of the incidents that happen have their origin in small problems that are easy to solve. That way we can avoid serious problems in the future.
But, what kind of monitoring do you do?
All monitoring done by our systems and tech support, is focus on three aspects, which are the following:
- Internal server state monitoring: which covers checking the server internally and its general health.
- Server log monitoring: which covers real-time server logs monitoring to spot failures, problems and hints about server configuration problems and security issues.
- File system monitoring: which covers real-time monitoring for changes happening at the file system to detect and report unauthorized changes.
Internal server state monitoring
Next, we show a list of basic elements reviewed by checkers by default included at Core-admin.
Description
Ensure hostname is configured in a consistent way with the rest of the system.
What solves
Many applications do not work properly if this value (hostname) is not configured properly and synchronized with IP information
Description
Ensure DNS server configured at the system is working right..
What solves
Most of applications do fails when DNS service is not available or not working right.
Description
Ensure swap configuration is working and it does not reaches warning and/or critical levels.
What solves
To avoid reaching critical/warning levels of working memory held by the swap. To avoid the server do not enters into “swapping” state.
Description
Ensures syncookie setting is enabled to mitigate synflood
What solves
Mitigate and reduce synflood attacks.
Description
Ensure pop3 service is working right (if it is installed). This checker has support for complete ring-test.
What solves
Detect and recover pop3 service failures
Description
Ensures imap service is working right (if it is installed).
What solves
Detect and recover imap service.
Description
Ensure SMTP service is working right. This checker is a full ring-test.
What solves
Detect and recover SMTP service failures.
Description
Ensure apache2 works right and all ports are returning OK codes (like 200).
What solves
Detect and recover apache2 service failures.
Description
Ensure MySQL service is working right and max connection limit is not reached.
What solves
Detect and recover MySQL failures
Description
Track and check changes to crontab are safe and not used for exploit/rootkit/hacking
What it solves
To avoid malware/hacking/exploits to be executed periodically.
Description
Check startup time is consistent to detect unexpected reboots.
What solves
Detect and report uptime system changes
Description
Check and ensure system temporal directory is working right (allows users to create and remove their files), that has correct permissions and it is not full.
What solves
Most of the applications do not work with /tmp full or not working. This checker tries to avoid this point of failure and report it.
Description
Check and monitor harddisks usage status to report when warning/critical levels are about to be reached.
What solves
Detect and report hardisks are filling so actions can be taken beforehand.
Description
Ensure and check loopback interface is configured and working
What solves
Many applications do not work right if they do not have a loopback interface working in the system. This checker tries to detect and recover (if possible) this interface.
Description
Check and block those ips that create too many connections in “half-opened” state to disable or mitigate DOS based syn-flood attacks.
What solves
To provide an automatic and first container to block and detect these kind of attacks.
Description
In the case your system has a PMC-Sierra raid card, this checker reviews its status, memory, battery and hard disk errors.
What solves
Track and ensure raid workds
Description
In the case your system has a HP SmartArray raid card, this checker reviews its status, memory, battery and harddisk status.
What solves
To ensure raid is working.
Description
In the case of a raid software installation, this checker reviews its status and hard disks errors.
What solves
To ensure raid works
Description
In the case your system has a LSI Megaraid raid card, this checker reviews its status, memory, battery and harddisk status.
What solves
To ensure raid is working.
Description
Check and track cpu usage in a general manner and also at particular level..
What solves
To avoid broken or unauthorized processes to use more cpu than requiered.
Description
Check and track processes that started with a binary path and then changed to something different. Basic attack to hide processes.
What solves
Detect renamed processes as basic additional early attack detection
Description
Check and ensure iptables firewall is running.
What solves
Ensures iptables firewall is running and bring it up (if possible) when it is not found started.
Real time server log monitoring
Next it is shown a some of the elements checked at the system logs. This information is send in real-time to tech support center for its evaluation and early response if needed.
Description
Search for evidences for kernel hangs (“stack traces”) so that we can anticipate fixing a possible problem by doing an early restart or replace a hardware component.
Description
Search evidences for “command not found” to rule out configuration problems or attack attempts..
Descripción
Search for evidences of database failures or pending to be repaired (MySQL, SQLite, PostgreSQL).
Description
Search for evidences to detect reboots and shutdowns to ensure they are legitimate.
Descripción
Search for evidences for failures in any of the components required by mail servers.
Description
Search for evidences for database connection failures to databases that should be working.
Description
Search for evidences about unauthorized usage of mail accounts to avoid they are captured or compromised to be used to send Spam or supplantation operations.
Description
Search for evidences and block IPs that when they are detected causing connection failure attempts (and it is found they are fraud).
Description
Search for evidences about ssh accesses received by the server.
File system monitoring
Next, there is a list of some of the file system changes that are monitored. This information is sent to the tech support center for its evaluation and response.
Description
The user configures different folders and expressions to monitor when they are changed.
Description
Monitoring changes in the configuration directory used by default in Linux systems.
Description
Changes in web hosting files are monitored to detect unauthorized/hacking code that might cause problems to the web or the server itself.
