Manage the server

Learn how to check the server information. This information is not linked to the senhasegura features. Here we will talk about the settings that are common Linux operating systems.

List hardware information

Through the menu Orbit Config Manager ➔ Server ➔ Information, you can view the server's Uptime, IP, CPU Load, Memory, details of the network interfaces, DNS configuration, firewall rules applied, and configuration with NTP service status.

Manage disks and partitions

Through the menu Orbit Config Manager ➔ Server ➔ Disks and partitions, you can view the partitions mounted on the operating system senhasegura. The possible views are:

• Disk use: Describes how the partitions use space.
• Inodes use: Presents how the partitions use inodes. High use of inodes can lead to the unavailability of services.
• Partitions: Presents the relationship between virtual and physical partitions, their UUIDs, and partition types.

On this screen, you can also add remote partitions using CIFS and NFS protocols. Fill in the authentication methods based on the desired protocol. Orbit will automatically mount the partition without restarting the instance.

Disk resize 

On this same screen is also possible to expand the free space of the physical disk in the virtual partitions. The Orbit itself coordinates this resizing without the need for user intervention. But be careful! Take an instance snapshot before performing this procedure.

The primary hard disk where senhasegura is installed can be expanded up to 2TB. This size limit is based on the MBR partition scheme, chosen as default by senhasegura to ensure that old hypervisors can host the solution.

To expand the LVM partition to sizes over 2TB, you should add a new virtual hard disk and resize the partition using the Orbit interface.

Add an AWS S3 bucket for backup

This subsection aims to specify the installation of the AWS S3 client and the administration format for uploading the senhasegura backup files.

For general use, the AWS configure command is the fastest way to configure the AWS CLI installation: aws configure.

Next, enter the Access Key ID, and Secret Access Key, and if necessary, fill in the rest of the information.

Access keys consist of an access key ID and a secret access key, which are used to sign programmatic requests that you make to AWS. If you do not have access keys, you can create them in the AWS Management Console.

To start synchronizing data to the bucket, use the following command:

aws s3 sync /var/orbini/backup/senhasegura s3://mybucket/folder 

Change the //mybucket/folder information according to the bucket configuration used.

Once done, the bucket is configured and ready to receive the backup data from senhasegura.

To automate the backup process via bucket, you need to create a file as follows:

vim /etc/cron.d/aws_sync 

In this file, enter the following information:

*/1 * * * * root /usr/local/bin/aws s3 sync /var/orbini/backup/senhasegura/ s3://mybucket/folder/ 2> /dev/null 1>/dev/null
*/10 * * * * root /usr/local/bin/aws s3 sync /var/senhasegura/arz/ s3://mybucket/folder/ 2> /dev/null 1>/dev/null
*/1 * * * * root /usr/local/bin/aws s3 sync /srv/cache/coba/ s3://mybucket/folder/ 2> /dev/null 1>/dev/null

If you do not want to back up videos, use the following parameters:

*/1 * * * * root /usr/local/bin/aws s3 sync /var/orbini/backup/senhasegura/ s3://mybucket/folder/ 2> /dev/null 1>/dev/null
*/1 * * * * root /usr/local/bin/aws s3 sync /srv/cache/coba/ s3://mybucket/folder/ 2> /dev/null 1>/dev/null

To apply the settings, save the file and run the following command to restart the service used for calling backups: service cron restart.

Basic System Services Control

Through the Orbit Web interface, you can view and control the status of some server services. Through the Orbit Command Line interface, you have access to all services, but for security reasons, through the Web interface, your choices are limited.

Access the Orbit Config Manager ➔ Server ➔ Services menu to view and control the CRON, Zabbix Agent, Open VMWare Tools, Database, and SSH server services.

Change the SSL Certificate of the application

The default senhasegura installation includes a self-signed 512-bit SSL certificate. It is highly recommended that you change this certificate for a valid market certificate.

Access the menu Orbit Config Manager ➔ Server ➔ Certificates to access the screen where you can upload a new pair of certificate files and your key.

Being a valid certificate, it will be listed in the list of certificates installed in the application. To apply it, click on the Install button of the desired certificate. At that moment, Orbit will apply the certificate to the web server and restart the service.

Network Services

DNS

Although it is in the Orbit Wizard process, you can change DNS settings anytime. Just be aware that this action, although not restarting services in the instance, can put the senhasegura in a network situation that will prevent you from reaching devices that were previously accessible.

By accessing the menu Orbit Config Manager ➔ Server ➔ Settings, you have access to the DNS configuration fields, being able to inform up to three DNS server addresses, Domain information, and Search information.

When changing, apply the changes with the Save button and wait for Orbit to perform the necessary operations.

NTP

The NTP server can also be changed after executing the Orbit Wizard steps. By changing the NTP server, you are changing the time zone of the entire system. Users may be logged off the platform.

By accessing the Orbit Config Manager ➔ Server ➔ Settings menu, you can access the configuration fields Primary NTP server and Secondary NTP server.

Firewall information

By accessing the menu Orbit Config Manager ➔ Server ➔ Information, you will have access to all firewall rules in the senhasegura. These rules cannot be modified through the web interface. System updates will always normalize firewall rules by removing non-standard rules.

HIDS blocking (Wazuh)

senhasegura uses an integrated HIDS system based on Wazuh to protect server access. It prevents unsuccessful SSH connection attempts, ensuring resource integrity.

After three failed password attempts, the system blocks the IP/host for an increasing period of time: 1 minute, 10 minutes, 1 hour, and 24 hours. The IP/host is unblocked after the specified time limit.

The blocked IP/host is added to the senhasegura firewall blocklist, preventing future connections. The administrator can manually unblock the IP.

To manually unblock, the administrator needs to access the Grid Menu ⁝⁝⁝, indicated by the box with nine squares and select the Orbit Config Manager ➔ Server ➔ Security menu, locate the IP in the blocklist, and remove the block. The unblocking process may take a few minutes.

Server Tuning

When there is a change in the user profile or the hardware configuration, it is recommended that the load parameters of the web server and database are reconfigured so that the senhasegura always works in the best hardware configuration that is hosted and within the user's usage profile.

You can perform this maintenance from the menu Orbit Config Manager ➔ Server ➔ System tuning. You can choose between different system usage profiles on this screen, which will calculate the best configuration with the available hardware resources.

This calculation may show low or no value variation if the available hardware is insufficient for a change in usage profile.