- 7 minutes to read
- Print
- DarkLight
- PDF
Manage the server
- 7 minutes to read
- Print
- DarkLight
- PDF
Learn how to check the server information. This information is not linked to the senhasegura features. Here we will talk about the settings that are common Linux operating systems.
List hardware information
Through the menu Orbit Config Manager ➔ Server ➔ Information, you can view the server's Uptime, IP, CPU Load, Memory, details of the network interfaces, DNS configuration, firewall rules applied, and configuration with NTP service status.
Manage disks and partitions
Through the menu Orbit Config Manager ➔ Server ➔ Disks and partitions, you can view the partitions mounted on the operating system senhasegura. The possible views are:
- Disk use: Describes how the partitions use space.
- Inodes use: Presents how the partitions use inodes. High use of inodes can lead to the unavailability of services.
- Partitions: Presents the relationship between virtual and physical partitions, their UUIDs, and partition types.
On this screen, you can also add remote partitions using CIFS and NFS protocols. Fill in the authentication methods based on the desired protocol. Orbit will automatically mount the partition without restarting the instance.
Look at the mounted partition as /var
. This partition receives the recorded session files and the backup files. Orbit will monitor growth and alert through incidents close to exhaustion.
Remote Partition Passwords must not contain the characters \, &
and !
in remote partition mapping
Disk resize
On this same screen is also possible to expand the free space of the physical disk in the virtual partitions. The Orbit itself coordinates this resizing without the need for user intervention. But be careful! Take an instance snapshot before performing this procedure.
The primary hard disk where senhasegura is installed can be expanded up to 2TB. This size limit is based on the MBR partition scheme, chosen as default by senhasegura to ensure that old hypervisors can host the solution.
To expand the LVM partition to sizes over 2TB, you should add a new virtual hard disk and resize the partition using the Orbit interface.
It would help if you shut down the instance to resize the primary hard disk or add a new one. Keep every instance with the same hardware profile in a cluster schema to avoid replication issues.
Add an AWS S3 bucket for backup
This subsection aims to specify the installation of the AWS S3 client and the administration format for uploading the senhasegura backup files.
For general use, the AWS configure command is the fastest way to configure the AWS CLI installation: aws configure
.
Next, enter the Access Key ID, and Secret Access Key, and if necessary, fill in the rest of the information.
Access keys consist of an access key ID and a secret access key, which are used to sign programmatic requests that you make to AWS. If you do not have access keys, you can create them in the AWS Management Console.
To start synchronizing data to the bucket, use the following command:
aws s3 sync /var/orbini/backup/senhasegura s3://mybucket/folder
Change the //mybucket/folder
information according to the bucket configuration used.
Once done, the bucket is configured and ready to receive the backup data from senhasegura.
To automate the backup process via bucket, you need to create a file as follows:
vim /etc/cron.d/aws_sync
In this file, enter the following information:
*/1 * * * * root /usr/local/bin/aws s3 sync /var/orbini/backup/senhasegura/ s3://mybucket/folder/ 2> /dev/null 1>/dev/null
*/10 * * * * root /usr/local/bin/aws s3 sync /var/senhasegura/arz/ s3://mybucket/folder/ 2> /dev/null 1>/dev/null
*/1 * * * * root /usr/local/bin/aws s3 sync /srv/cache/coba/ s3://mybucket/folder/ 2> /dev/null 1>/dev/null
If you do not want to back up videos, use the following parameters:
*/1 * * * * root /usr/local/bin/aws s3 sync /var/orbini/backup/senhasegura/ s3://mybucket/folder/ 2> /dev/null 1>/dev/null
*/1 * * * * root /usr/local/bin/aws s3 sync /srv/cache/coba/ s3://mybucket/folder/ 2> /dev/null 1>/dev/null
To apply the settings, save the file and run the following command to restart the service used for calling backups: service cron restart
.
Basic System Services Control
Through the Orbit Web interface, you can view and control the status of some server services. Through the Orbit Command Line interface, you have access to all services, but for security reasons, through the Web interface, your choices are limited.
Access the Orbit Config Manager ➔ Server ➔ Services menu to view and control the CRON, Zabbix Agent, Open VMWare Tools, Database, and SSH server services.
We do not recommend that the CRON, Database, and SSH server services be shut down or restarted without necessity. Please get in touch with our support if you need to perform this type of operation.
Change the SSL Certificate of the application
Attention! The certificate exchange will restart the web server service.
The default senhasegura installation includes a self-signed 512-bit SSL certificate. It is highly recommended that you change this certificate for a valid market certificate.
Access the menu Orbit Config Manager ➔ Server ➔ Certificates to access the screen where you can upload a new pair of certificate files and your key.
Being a valid certificate, it will be listed in the list of certificates installed in the application. To apply it, click on the Install button of the desired certificate. At that moment, Orbit will apply the certificate to the web server and restart the service.
The certificate must be of the type PEM. Being a file extension crt
for the certificate and a file extension key
for the key.
Certificates of DER or PKCS#12 (PFX, P7B, and P12) must be converted.
Network Services
DNS
Although it is in the Orbit Wizard process, you can change DNS settings anytime. Just be aware that this action, although not restarting services in the instance, can put the senhasegura in a network situation that will prevent you from reaching devices that were previously accessible.
By accessing the menu Orbit Config Manager ➔ Server ➔ Settings, you have access to the DNS configuration fields, being able to inform up to three DNS server addresses, Domain information, and Search information.
When changing, apply the changes with the Save button and wait for Orbit to perform the necessary operations.
NTP
The NTP server can also be changed after executing the Orbit Wizard steps. By changing the NTP server, you are changing the time zone of the entire system. Users may be logged off the platform.
By accessing the Orbit Config Manager ➔ Server ➔ Settings menu, you can access the configuration fields Primary NTP server and Secondary NTP server.
Firewall information
By accessing the menu Orbit Config Manager ➔ Server ➔ Information, you will have access to all firewall rules in the senhasegura. These rules cannot be modified through the web interface. System updates will always normalize firewall rules by removing non-standard rules.
HIDS blocking (Wazuh)
senhasegura uses an integrated HIDS system based on Wazuh to protect server access. It prevents unsuccessful SSH connection attempts, ensuring resource integrity.
After three failed password attempts, the system blocks the IP/host for an increasing period of time: 1 minute, 10 minutes, 1 hour, and 24 hours. The IP/host is unblocked after the specified time limit.
The blocked IP/host is added to the senhasegura firewall blocklist, preventing future connections. The administrator can manually unblock the IP.
To manually unblock, the administrator needs to access the Grid Menu ⁝⁝⁝, indicated by the box with nine squares and select the Orbit Config Manager ➔ Server ➔ Security menu, locate the IP in the blocklist, and remove the block. The unblocking process may take a few minutes.
Server Tuning
When there is a change in the user profile or the hardware configuration, it is recommended that the load parameters of the web server and database are reconfigured so that the senhasegura always works in the best hardware configuration that is hosted and within the user's usage profile.
You can perform this maintenance from the menu Orbit Config Manager ➔ Server ➔ System tuning. You can choose between different system usage profiles on this screen, which will calculate the best configuration with the available hardware resources.
This calculation may show low or no value variation if the available hardware is insufficient for a change in usage profile.
This action will reboot the systems and affect the senhasegura behavior. Be aware of downtime.