A howl on the wind…

Edited 2008-10-31: Refinements, further optimizations, Fedora 9.

This week I got a fresh machine from ServerBeach to play with, and thought it would be interesting to jot down what I do with a server before I consider it usable. The preinstalled OS is Fedora Core 6.

The order here is not chronological; more a general overview of steps.

Updating existing packages

• Easy step: yum upgrade

Replacement of some default packages

• Uninstalled the httpd package and all dependencies in favour of compiling the Apache HTTP Daemon myself. I never understood why Red Hat decided on the scattered structure with their package, so I install Apache from source to make sure it is all self-contained in /usr/local/apache2. Also for this machine I added the ITK MPM to run each vhost as a seperate user.
• Replaced the existing version of MySQL with the vendor RPMs.
• Ditto for PostgreSQL.
• Installed PHP from source.
• Installed Subversion from source.
• Replaced the existing version of Webmin with the vendor RPM.

Installation of new packages

• Midnight Commander from FC6 repository. Cannot live without this.
• Enabled Bind and set it up to serve as resolver for the machine by forwarding to existing resolvers. This greatly helps with lookup speeds when doing lots of lookups for the same hostname, such as Sendmail and Apache will be doing.
• Enabled Dovecot for IMAP.

File System

• Disable updating of last access time (option noatime in /etc/fstab).
• “tune2fs -o journal_data_writeback” to speed up even more, at the cost of crash recovery.
• “tune2fs -m1” to lower reserved space from 5% to 1%. On non-system partitions I set it to 0%.

PHP

• Installed the Alternative PHP Cache.
• Set up session and upload folders elsewhere than /tmp.
• Set up sessions to use multi-level folders, normally 3-levels deep. This prevents the single folder from becoming unusably huge.

Sendmail

• Configure to only allow user mail sending via authenticated submission (port 587).
• Add DNS based blacklists:
  SpamCop
  Distributed Sender Blackhole List
  Spamhaus SBL + XBL

Other stuff

• Edited /etc/sysctl.conf to include:
  kernel.shmmax = 536870912
  net.ipv4.tcp_fin_timeout = 10
• Configured logrotate to keep 30 days worth of logs instead of 4, and to compress rotated logs.
• Enabled logrotate for the root mailbox (I always forget to delete mails in it).
• Enabled logrotate for Apache access and error log.
• Added nightly incremental backup of /home, /etc, and /var/spool/mail to a remote server.
• Added nightly time synchronization to pool.ntp.org.
• Added nightly cleanup of old files in /tmp and other temporary folders.
• Enabled the firewall.

That should about cover it…