Securing and Optimizing your server

[AllianceOne]

hello, after configure my.cnf file with this parameters:

[mysqld]
max_connections = 400
key_buffer = 64M
join_buffer_size = 1M
read_buffer_size = 1M
sort_buffer_size = 2M
table_cache = 1024
thread_cache_size = 286
interactive_timeout = 25
wait_timeout = 1000
connect_timeout = 10
max_heap_table_size = 128M
max_allowed_packet = 16M
max_connect_errors = 10
read_rnd_buffer_size = 524288
query_cache_limit = 1M
query_cache_size = 16M
query_cache_type = 1
query_prealloc_size = 163840
tmp_table_size = 32M
myisam_sort_buffer_size = 32M
query_alloc_block_size = 32768
bulk_insert_buffer_size = 16M
skip-innodb

[mysqld_safe]
open_files_limit = 8192

[mysqldump]
quick
max_allowed_packet = 16M

[myisamchk]
key_buffer = 32M
sort_buffer = 32M
read_buffer = 16M
write_buffer = 16M

[mysqlhotcopy]
interactive-timeout

My VPS is hitting the QoS parameter: dcachesize, i have this in JagMonitor:

dcachesize 4 MB 5 MB 5 MB 5 MB 1757

How can solve this?

I have the Enterprise VPS with 1024 RAM

[AllianceOne]

i installed tuning-primer.sh on my VPS to help with the optimization and get this errors:

mysqld is alive

-- MYSQL PERFORMANCE TUNING PRIMER --
- By: Matthew Montgomery -

MySQL Version 5.0.67-community-log x86_64

./tuning-primer.sh: line 389: bc: command not found
./tuning-primer.sh: line 390: bc: command not found
./tuning-primer.sh: line 391: bc: command not found
./tuning-primer.sh: line 392: bc: command not found
./tuning-primer.sh: line 393: bc: command not found
./tuning-primer.sh: line 394: bc: command not found
Uptime = days hrs min sec
Avg. qps = 33
Total Questions = 17617564
Threads Connected = 4

Server has been running for over 48hrs.
It should be safe to follow these recommendations

To find out more information on how each of these
runtime variables effects performance visit:
http://dev.mysql.com/doc/refman/5.0/...variables.html
Visit http://www.mysql.com/products/enterprise/advisors.html
for info about MySQL's Enterprise Monitoring and Advisory Service

SLOW QUERIES
The slow query log is enabled.
Current long_query_time = 2 sec.
You have 451 out of 17617586 that take longer than 2 sec. to complete
Your long_query_time seems to be fine

BINARY UPDATE LOG
The binary update log is NOT enabled.
You will not be able to do point in time recovery
See http://dev.mysql.com/doc/refman/5.0/...-recovery.html

WORKER THREADS
Current thread_cache_size = 286
Current threads_cached = 167
Current threads_per_sec = 0
Historic threads_per_sec = 0
Your thread_cache_size is fine

MAX CONNECTIONS
Current max_connections = 200
Current threads_connected = 4
Historic max_used_connections = 171
The number of used connections is 85% of the configured maximum.
You should raise max_connections

MEMORY USAGE
./tuning-primer.sh: line 1205: bc: command not found
./tuning-primer.sh: line 1206: bc: command not found
./tuning-primer.sh: line 1230: bc: command not found
./tuning-primer.sh: line 1233: bc: command not found
./tuning-primer.sh: line 1234: bc: command not found
./tuning-primer.sh: line 1236: bc: command not found
./tuning-primer.sh: line 1238: [: -gt: unary operator expected
./tuning-primer.sh: line 351: [: max_memoryHR: integer expression expected
./tuning-primer.sh: line 357: [: max_memoryHR: integer expression expected
./tuning-primer.sh: line 363: [: max_memoryHR: integer expression expected
./tuning-primer.sh: line 370: export: `0=max_memoryHR': not a valid identifier
Max Memory Ever Allocated : bytes
./tuning-primer.sh: line 351: [: per_thread_buffersHR: integer expression expected
./tuning-primer.sh: line 357: [: per_thread_buffersHR: integer expression expected
./tuning-primer.sh: line 363: [: per_thread_buffersHR: integer expression expected
./tuning-primer.sh: line 370: export: `0=per_thread_buffersHR': not a valid identifier
Configured Max Per-thread Buffers : bytes
./tuning-primer.sh: line 351: [: global_buffersHR: integer expression expected
./tuning-primer.sh: line 357: [: global_buffersHR: integer expression expected
./tuning-primer.sh: line 363: [: global_buffersHR: integer expression expected
./tuning-primer.sh: line 370: export: `0=global_buffersHR': not a valid identifier
Configured Max Global Buffers : bytes
./tuning-primer.sh: line 351: [: total_memoryHR: integer expression expected
./tuning-primer.sh: line 357: [: total_memoryHR: integer expression expected
./tuning-primer.sh: line 363: [: total_memoryHR: integer expression expected
./tuning-primer.sh: line 370: export: `0=total_memoryHR': not a valid identifier
Configured Max Memory Limit : bytes
./tuning-primer.sh: line 332: bc: command not found
Physical Memory : G
Max memory limit seem to be within acceptable norms

KEY BUFFER
./tuning-primer.sh: line 332: bc: command not found
./tuning-primer.sh: line 647: bc: command not found
./tuning-primer.sh: line 648: bc: command not found
./tuning-primer.sh: line 332: bc: command not found
Current MyISAM index space = M
./tuning-primer.sh: line 332: bc: command not found
Current key_buffer_size = M
Key cache miss rate is 1 : 811
Key buffer fill ratio = %
./tuning-primer.sh: line 685: [: -ge: unary operator expected
./tuning-primer.sh: line 689: [: -le: unary operator expected
Your key_buffer_size seems to be fine

QUERY CACHE
./tuning-primer.sh: line 720: bc: command not found
./tuning-primer.sh: line 721: bc: command not found
Query cache is enabled
./tuning-primer.sh: line 332: bc: command not found
Current query_cache_size = M
./tuning-primer.sh: line 332: bc: command not found
Current query_cache_used = M
./tuning-primer.sh: line 332: bc: command not found
Current query_cache_limit = M
Current Query cache Memory fill ratio = %
./tuning-primer.sh: line 332: bc: command not found
Current query_cache_min_res_unit = K
./tuning-primer.sh: line 734: bc: command not found
./tuning-primer.sh: line 735: bc: command not found
./tuning-primer.sh: line 736: [: -gt: unary operator expected
./tuning-primer.sh: line 743: [: -le: unary operator expected
./tuning-primer.sh: line 747: [: -ge: unary operator expected
MySQL won't cache query results that are larger than query_cache_limit in size

SORT OPERATIONS
./tuning-primer.sh: line 332: bc: command not found
Current sort_buffer_size = M
./tuning-primer.sh: line 332: bc: command not found
Current read_rnd_buffer_size = K
Sort buffer seems to be fine

JOINS
./tuning-primer.sh: line 332: bc: command not found
Current join_buffer_size = M
You have had 1576 queries where a join could not use an index properly
You should enable "log-queries-not-using-indexes"
Then look for non indexed joins in the slow query log.
If you are unable to optimize your queries you may want to increase your
join_buffer_size to accommodate larger joins in one pass.

Note! This script will still suggest raising the join_buffer_size when
ANY joins not using indexes are found.

OPEN FILES LIMIT
Current open_files_limit = 6210 files
The open_files_limit should typically be set to at least 2x-3x
that of table_cache if you have heavy MyISAM usage.
You currently have open more than 75% of your open_files_limit
You should set a higher value for open_files_limit in my.cnf

TABLE CACHE
Current table_cache value = 3000 tables
You have a total of 2563 tables
You have 2919 open tables.
Current table_cache hit rate is 70%, while 97% of your table cache is in use
You should probably increase your table_cache

TEMP TABLES
./tuning-primer.sh: line 332: bc: command not found
Current max_heap_table_size = M
./tuning-primer.sh: line 332: bc: command not found
Current tmp_table_size = M
Of 171468 temp tables, 50% were created on disk
Perhaps you should increase your tmp_table_size and/or max_heap_table_size
to reduce the number of disk-based temporary tables
Note! BLOB and TEXT columns are not allow in memory tables.
If you are using these columns raising these values might not impact your
ratio of on disk temp tables.

TABLE SCANS
./tuning-primer.sh: line 332: bc: command not found
Current read_buffer_size = M
Current table scan ratio = 769 : 1
read_buffer_size seems to be fine

TABLE LOCKING
Current Lock Wait ratio = 1 : 499
You may benefit from selective use of InnoDB.
If you have long running SELECT's against MyISAM tables and perform
frequent updates consider setting 'low_priority_updates=1'
If you have a high concurrency of inserts on Dynamic row-length tables
consider setting 'concurrent_insert=2'.

[kodes]

======================================== =
Checking for formmail
======================================== =

Form mail is used by hackers to send out spam email, by relay and injection methods. If you are using matts script or a version of it, you may be in jeopardy.


Command to find pesky form mails:
find / -name "[Ff]orm[mM]ai*"

CGIemail is also a security risk:
find / -name "[Cc]giemai*"

Command to disable form mails:
chmod a-rwx /path/to/filename
(a-rwx translates to all types, no read, write or execute permissions).

(this disables all form mail)

If a client or someone on your vps installs form mail, you will have to let them know you are disabling their script and give them an alternative.

Should i disable below formmail?
these owned by cpanel




root@vps [~]# find / -name "[Ff]orm[mM]ai*"
find: WARNING: Hard link count is wrong for /proc/vz/vzaquota: this may be a bug in your filesystem driver. Automatically turning on find's -noleaf option. Earlier results may have failed to include directories that should have been searched.
/usr/local/cpanel/base/frontend/x/cgi/FormMail.html
/usr/local/cpanel/base/frontend/x3/cgi/FormMail.html
/usr/local/cpanel/cgi-sys/FormMail-clone.cgi
/usr/local/cpanel/cgi-sys/FormMail.cgi
/usr/local/cpanel/cgi-sys/FormMail.pl
/usr/local/cpanel/cgi-sys/formmail.cgi
/usr/local/cpanel/cgi-sys/formmail.pl
/usr/local/cpanel/install/formmail

[dennyhalim]

hi. i'm new client so somethings are not clear for me...

i see all jpc vps are now fully managed.
so...
do i still need to do all these myself?

dont all vps pre-configured like this?

tia

[rebaths]

Hi I just signed up for a VPS Linux account with Jaguar.

My only web experience prior to this is with a godaddy shared hosting account, so needless to say, getting my website up and running on the VPS has been a challenge!

I like all the suggestions made in this thread regarding security, even if I don't understand what half of them are! My question is: Where do I make these changes? Do I make them on the main 'Web Host Manager' account? Or do I make them on the actual account for my website 'example.com' ?

And, how do I connect to the server to make all those linux commands? Is there a program to connect to the server?

[JPC-Jawad]

Hi I just signed up for a VPS Linux account with Jaguar.

My only web experience prior to this is with a godaddy shared hosting account, so needless to say, getting my website up and running on the VPS has been a challenge!

Welcome to Jag!

I like all the suggestions made in this thread regarding security, even if I don't understand what half of them are! My question is: Where do I make these changes? Do I make them on the main 'Web Host Manager' account? Or do I make them on the actual account for my website 'example.com' ?
And, how do I connect to the server to make all those linux commands? Is there a program to connect to the server?

You can open a support ticket, we will do the basic security hardening for your VPS for you. Most of the commands are run via SSH and you can download any open source SSH tool like "putty" and connect to your server's SSH. If you do not have any previous Linux experience, I suggest that you learn the basics of Linux and then attempt to log in to SSH and run these commands.

[Linux.RedHat]

thanks but this not enough

example :

securing mysql

nano /etc/my.cnf

after [mysqld] add this

set-variable=local-infile=0
local-infile=0
skip-locking
skip-innodb
skip-networking
safe-show-database


next ,,

save a file by ctrl+x then y then Enter

and restart the service

/scripts/restartsrv mysql


there are too securing apache & php

and disable functions

best wishes

Hossam

[thisisit3]

The above post is rather ignorant.

For example, what if some people use InnoDB tables? the above "skip-innodb" rule would brake them. Same for the rest of the lines.

You should really read the documentation of MySQL before blindly adding anything in your configuration.

[jmoore160]

I ran the first step to find formmail and it returned this.....
root@vps [~]# find / -name "[Ff]orm[Mm]ai*"
/usr/local/cpanel/base/frontend/x/cgi/FormMail.html
/usr/local/cpanel/base/frontend/x3/cgi/FormMail.html
/usr/local/cpanel/cgi-sys/formmail.cgi
/usr/local/cpanel/cgi-sys/formmail.pl
/usr/local/cpanel/cgi-sys/FormMail.cgi
/usr/local/cpanel/cgi-sys/FormMail.pl
/usr/local/cpanel/cgi-sys/FormMail-clone.cgi
/usr/local/cpanel/install/FormMail.pm
/usr/local/cpanel/install/formmail

Are these something I should be concerned with or not since they are related to cpanel ?

Thanks

John

[Frank Broughton]

John, they are part of cPanel. I believe you can disable them in the tweaks section of WHM. A Google search shows conflicting info on the security status of them.

[GherkinDilds]

What are the file permission best practices? I am running a Drupal site which may have different file permission requirements.

Suggestions appreciated