Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [best-practices]

Questions asking for best practices in a given field. Be aware, that sometimes there might be no generally accepted best practices, in which case the question is likely to be closed for being subjective.

351 questions
2
votes
4 answers

Best practice for ONLY allowing MySQL access to a server?

Here's the use case: I have a SaaS system that was built (dev environment) on a single box. I've moved everything to a cloud environment running Ubuntu 10.10. One server runs the application, the other runs the database. The basic idea is that…
Calvin Froedge
  • 538
  • 1
  • 6
  • 16
2
votes
3 answers

Setup Postfix as a null client?

I'm having a bit of trouble setting up postfix as a null client and have some questions. I'll be aiming to use SMTP as this is what most web applications use as a way to connect to the email server. The goal is to use it for email notifications from…
The Pixel Developer
  • 857
  • 3
  • 10
  • 20
2
votes
2 answers

Statistics for iptable best pratices?

Looking for statistics on IPtable best pratices - appears that a server like www.cloudflare.com would parse iptables and look for gaps and trends in iptable configs - but don't think they'd publish their findings. FYI: I just heard about cloudflare,…
blunders
  • 813
  • 7
  • 14
  • 30
2
votes
2 answers

ProFTPD - What is intended use of IdentLookups config option?

I have just recently got annoyed enough at my own dedicated server's FTP connection delay to go hunting for what causes delay. "Perpetrator" was IdentLookups configuration option. It defaults to on, thus causing noticeable delay on connection…
mr.b
  • 583
  • 10
  • 25
2
votes
1 answer

IPv6 connectivity suddenly lost, IPv6 neighbour router status becomes STALE at the same time. How can I avoid it?

I have a VM on a host with bridged networking (hence, with its own MAC address). Both host and VM run CentOS. Their network is managed by simple /etc/sysconfig/network-scripts/ifcfg-enpXsY files which contains the static IP addresses. IPv4 works…
Ned64
  • 303
  • 1
  • 3
  • 12
1
vote
0 answers

Providing Support from Jumphosts using Site-to-Site VPNs

To provide support for our customers, our support staff has to establish VPN connections in order to connect to hardware devices that are located in the networks of our customers. Due to security reasons, all remote access connections are…
gumlozol
  • 11
  • 1
1
vote
2 answers

Migrating application servers to new domain

I work in a corporate environment which has recently been merged with another like business. There is an ongoing project to take our legacy Windows Servers and migrate them to an entirely new Windows Domain. From a logistics standpoint, I'm thinking…
Kasey
  • 111
  • 2
1
vote
0 answers

Backup best practice with lsyncd: delete or not delete

I have set up a backup of some working folders of a server (running with Centos 7) to a remote disk using lsyncd. It's great, however I'm quite undecided about what to do about file deletion: If I disable file deletion (files deleted on the source…
DylanM
  • 113
  • 1
  • 3
1
vote
0 answers

How to install hadoop reusable on a local network?

For a multi-node image cluster on an institute, we have sevaral laptops and machines and we want to create a hadoop cluster with hbase on the top for indexing the data/images. I have tried some VMare and docker solutions, but the most tutorials are…
madik_atma
  • 111
  • 2
1
vote
2 answers

What is the downside of deleting an iptables rule as an attempt to check if it exists?

I want to add a rule using iptables, but only if it does not exist already. There's option -C which will allow us to check if a rule specification exists already. The option is described in this Q&A as well. From that Q&A, this specific answer says…
Adelin
  • 109
  • 10
1
vote
3 answers

Best Practice: What domain admin credentials to use when adding/joining computer to network domain?

Environment: 1 Win2008R2 Network Server (also domain controller) 13 or so Workstations. Traditionally we've always used the server administrator credentials to join a workstation to a business domain network or 13 workstations. However we're now…
PeteB
  • 11
  • 1
  • 4
1
vote
1 answer

Should apex (or zone root) records have a matching PTR/pointer record

I am aware that apex records (records at the zone "root") can have PTR records, but frequently I see that zone root records do not have a matching PTR, or they are pointing to a different place than the associated host record. Example: dig umich.edu…
Watki02
  • 587
  • 2
  • 12
  • 22
1
vote
1 answer

Best practice: Wowza SSL Configuration

Screenshot: Server with Wowza running using a SSL certificate with basis configuration I get this result from the SSLLabs with the default configuration (see screenshot). The only places I can change the configuration is probably the VHost.xml where…
Thomas Ebert
  • 143
  • 5
1
vote
4 answers

Do password expiry rules reducing the security of the system?

The problem I regularly have a debate with my CTO which usually begins something like this ... CTO: My password expired, that should never happen. Me : It's a security risk to never expire passwords. CTO: It's a security risk to force passwords to…
War
  • 113
  • 7
1
vote
7 answers

Employee no longer with the company

When an employee is fired or let go, it is critical to disable their accounts and access to resources immediately. How do you handle this at your organization?
Brett G
  • 2,033
  • 2
  • 28
  • 45
1 2 3
23 24