Then, just like on the Zabbix server, run the following command to install the repository configuration package:. Confirm it so the installation can complete. While Zabbix supports certificate-based encryption, setting up a certificate authority is beyond the scope of this tutorial. Instead, this tutorial will use pre-shared keys PSK to secure the connection between the server and agent. Now edit the Zabbix agent settings to set up its secure connection to the Zabbix server.
Open the agent configuration file in your text editor:. Each setting within this file is documented via informative comments throughout the file, but you only need to edit some of them. Next, find the section that configures the secure connection to the Zabbix server and enable pre-shared key support. Find the TLSConnect section, which looks like this:. Then set the option that points to your previously created pre-shared key.
The agent will listen on port for connections from the server. In order to configure access coming from specific IP addresses or subnets, use the rich rule functionality of firewalld :. Rich rules allow you to create more complex and customizable firewalld rules to gain greater control over your firewall. In this command, you are adding a rule that accepts ipv4 traffic from the source, which you have set as the IP address of the Zabbix server, to port of your second CentOS server.
Your agent is now ready to accept connections and send data to the Zabbix server. In the next step, you will complete the configuration. Installing an agent on a server you want to monitor is only half of the process. Each host you want to monitor needs to be registered on the Zabbix server, which you can do through the web interface.
When you have logged in, click on Configuration , and then Hosts in the top navigation bar. Then click the Create host button in the top right corner of the screen. This will open the host configuration page. You can select an existing group, for example Linux servers , or create your own group.
The host can be in multiple groups. To do this, enter the name of an existing or new group in the Groups field and select the desired value from the proposed list. Type Template OS Linux in the Search field and then click Add immediately under the search bar to add this template to the host.
Next, navigate to the Encryption tab. Then set PSK value to the key you generated for the Zabbix agent. You will see your new host in the list. Wait for a minute and reload the page to see green labels indicating that everything is working fine and the connection is encrypted. If you have additional servers you need to monitor, log in to each host, install the Zabbix agent, generate a PSK, configure the agent, and add the host to the web interface following the same steps you followed to add your first host. The Zabbix server is now monitoring your second CentOS server. Now, set up email notifications to be notified about problems.
Zabbix automatically supports several types of notifications: email, Jabber , SMS, etc. You can also use alternative notification methods, such as Telegram or Slack. You can see the full list of integrations here. The simplest communication method is email, and this tutorial will configure notifications for this media type.
Click on Administration , and then Media types in the top navigation bar. You will see the list of all media types. Click on Email. Adjust the SMTP options according to the settings provided by your email service. You will find instructions on how to generate this password in the Google Help Center. You can also choose the message format—html or plain text. Finally, click the Update button at the bottom of the form to update the email parameters. Now, create a new user. Click on Administration , and then Users in the top navigation bar. You will see the list of users.
Then click the Create user button in the top right corner of the screen. This will open the user configuration page. Enter the new username in the Alias field and set up a new password. Type Zabbix administrators in the Groups field and select it from the proposed list. You will see a pop-up window. Enter your email address in the Send to field. You can leave the rest of the options at the default values. Click the Add button at the bottom to submit.
Now navigate to the Permissions tab. Select Zabbix Super Admin from the User type drop-down menu. Now you need to enable notifications. Click on the Configuration tab, and then Actions in the top navigation bar. You will see a pre-configured action, which is responsible for sending notifications to all Zabbix administrators. You can review and change the settings by clicking on its name. For the purposes of this tutorial, use the default parameters.
Linux Network Configuration
To enable the action, click on the red Disabled link in the Status column. Now you are ready to receive alerts. In the next step, you will generate one to test your notification setup. In this step, you will generate a test alert to ensure everything is connected. By default, Zabbix keeps track of the amount of free disk space on your server.
It automatically detects all disk mounts and adds the corresponding checks. This discovery is executed every hour, so you need to wait a while for the notification to be triggered. Next, determine how much free space you have on the server.
You can use the df command to find out:. The command df will report the disk space usage of your file system, and the -h will make the output human-readable. This will be enough to trigger the alert:. After around an hour, Zabbix will trigger an alert about the amount of free disk space and will run the action you configured, sending the notification message.
You can check your inbox for the message from the Zabbix server.
- Certified Information Systems Security Professional Engineering (CISSP-ISSEP) Secrets To Acing The Exam and Successful Finding And Landing Your Next Certified Information Systems Security Professional Engineering (CISSP-ISSEP) Certified Job.
- Children and Spirituality: Searching for Meaning and Connectedness.
- Philosophy of Jean-Paul Sartre;
- Step 1 — Installing the Zabbix Server!
- Exploring public relations.
You will see a message like:. You can also navigate to the Monitoring tab, and then Dashboard to see the notification and its details. Now that you know the alerts are working, delete the temporary file you created so you can reclaim your disk space:.
Join Kobo & start eReading today
After a minute Zabbix will send the recovery message and the alert will disappear from the main dashboard. In this tutorial, you set up a simple and secure monitoring solution that will help you monitor the state of your servers. It can now warn you of problems, and you have the opportunity to analyze the processes occurring in your IT infrastructure. With Kubernetes applications that often have unexpected loads, the most efficient and least error prone approach is to automate your clusters scaling with the Horizontal Pod Autoscaler HPA.
In this tutorial, you will set up a sample Nginx deployment on DigitalOcean Managed Kubernetes that can autoscale horizontally to account for increased CPU load. You will accomplish this by deploying Metrics Server into your cluster to gather pod metrics for HPA to use when determining when to scale. Grafana is an open-source data visualization and monitoring tool that integrates with complex data from sources like Prometheus, InfluxDB, Graphite, and ElasticSearch.
In this tutorial, you will install Grafana and secure it with an SSL certificate and an Nginx reverse proxy. See the Security FAQ for information on how to report security issues. If you think you have found a bug, report it. See Submitting Bugs for how to do this. You might have uncovered a vulnerability, or a bug that could lead to one.
The web server running WordPress, and the software on it, can have vulnerabilities. Therefore, make sure you are running secure, stable versions of your web server and the software on it, or make sure you are using a trusted host that takes care of these things for you.
Be sure to ask your web host what security precautions they take. The network on both ends — the WordPress server side and the client network side — should be trusted. That means updating firewall rules on your home router and being careful about what networks you work from. An Internet cafe where you are sending passwords over an unencrypted connection, wireless or otherwise, is not a trusted network. Your web host should be making sure that their network is not compromised by attackers, and you should do the same. Network vulnerabilities can allow passwords and other sensitive information to be intercepted.
Many potential vulnerabilities can be avoided with good security habits. A strong password is an important aspect of this. The goal with your password is to make it hard for other people to guess and hard for a brute force attack to succeed. Many automatic password generators are available that can be used to create secure passwords. WordPress also features a password strength meter which is shown when changing your password in WordPress.
Use this when changing your password to ensure its strength is adequate. A strong password is necessary not just to protect your blog content. A hacker who gains access to your administrator account is able to install malicious scripts that can potentially compromise your entire server. When connecting to your server you should use SFTP encryption if your web host provides it. If you are unsure if your web host provides SFTP or not, just ask them. Using SFTP is the same as FTP, except your password and other data is encrypted as it is transmitted between your computer and your website.
This means your password is never sent in the clear and cannot be intercepted by an attacker.
4 Ways to Identify Who is Logged-In on Your Linux System
Some neat features of WordPress come from allowing various files to be writable by the web server. However, allowing write access to your files is potentially dangerous, particularly in a shared hosting environment.
It is best to lock down your file permissions as much as possible and to loosen those restrictions on the occasions that you need to allow write access, or to create specific folders with less restrictions for the purpose of doing things like uploading files. All files should be owned by your user account, and should be writable by you. Any file that needs write access from WordPress should be writable by the web server, if your hosting set up requires it, that may mean those files need to be group-owned by the user account used by the web server process.
The root WordPress directory: all files should be writable only by your user account, except. Theme files. If you want to use the built-in theme editor, all files need to be writable by the web server process. If you do not want to use the built-in theme editor, all files can be writable only by your user account. Permissions may vary. If you have shell access to your server, you can change file permissions recursively with the following command:.
All files are set to and all directories are set to , and writable by only the user and readable by everyone else, including the web server. If you run multiple blogs on the same server, it is wise to consider keeping them in separate databases each managed by a different user. This is best accomplished when performing the initial WordPress installation. This is a containment strategy: if an intruder successfully cracks one WordPress installation, this makes it that much harder to alter your other blogs.
By revoking such privileges you are also improving the containment policies. Note: Some plugins, themes and major WordPress updates might require to make database structural changes, such as add new tables or change the schema. In such case, before installing the plugin or updating a software, you will need to temporarily allow the database user the required privileges. Thus, it is NOT recommended to revoke these privileges. If you do feel the need to do this for security reasons, then please make sure that you have a solid backup plan in place first, with regular whole database backups which you have tested are valid and that can be easily restored.
A failed database upgrade can usually be solved by restoring the database back to an old version, granting the proper permissions, and then letting WordPress try the database update again. Restoring the database will return it back to that old version and the WordPress administration screens will then detect the old version and allow you to run the necessary SQL commands on it. Most WordPress upgrades do not change the schema, but some do. Only major point upgrades 3.
- Books & Videos?
- Dirichlet Problem with L2-Boundary Data for Elliptic Linear Equations?
Minor upgrades 3. Nevertheless, keep a regular backup. This forces an attacker or bot to attack this second layer of protection instead of your actual admin files. Many WordPress attacks are carried out autonomously by malicious software bots. A second layer of protection can be added where scripts are generally not intended to be accessed by any user.
WordPress can overwrite anything between these tags. Omitting that line will allow the code to work, but offers less security. You can move the wp-config. This means for a site installed in the root of your webspace, you can store wp-config. Note: Some people assert that moving wp-config. Others disagree. Note that wp-config. Also, make sure that only you and the web server can read this file it generally means a or permission.
If you use a server with. This is often the first tool an attacker will use if able to login, since it allows code execution.
WordPress has a constant to disable editing from Dashboard. Placing this line in wp-config. This will not prevent an attacker from uploading malicious files to your site, but might stop some attacks. First of all, make sure your plugins are always updated. Also, if you are not using a specific plugin, delete it from the system. There are many plugins and services that can act as a firewall for your website. Some of them work by modifying your.