Questions asking for best practices in a given field. Be aware, that sometimes there might be no generally accepted best practices, in which case the question is likely to be closed for being subjective.
Questions tagged [best-practices]
351 questions
1
vote
0 answers
How to limit users to their home directory SFTP on Ubuntu 20.04
Is there any way to limit users to certain home directories with sftp on Ubuntu OS 20.04 and giving them write access to their directory?'
I was able to keep each user to only see their directory and not browse any other directories. However, they…
Jflores0515
- 11
- 1
1
vote
2 answers
On a single machine, re-use SSL certificate between services, or generate multiple certificates?
Assume a machine has multiple management UIs, like for example Cockpit and Monit. Both can do SSL.
Do best practices dictate using distinct certificates for either service? Or is it OK to reuse a single certificate since both are maintained by the…
wzzrd
- 10,409
- 2
- 35
- 47
1
vote
1 answer
What's the proper way to initially deploy a CloudFormation stack for testing?
I'm writing my first CF stacks and I'm running into failed deploys on the first try of course because I don't know the syntax and available parameters yet fully. I am validating my json and the template itself via the CLI but it can still run into…
Chris
- 318
- 1
- 5
1
vote
0 answers
Best practice installation of Docker on Ubuntu
When installing Docker on an Ubuntu machine, there are several competing ways to install it, that seem to be the best practice according to someone. Specifically, you can install according to the guide on docs.docker.com, which I assume is the best…
Uberhumus
- 213
- 1
- 11
0
votes
1 answer
Allow caching of share - roaming profiles - WS2016
I have a WS2016 that is running roaming profiles for users. Within the SMB file share, the option: "Allow caching of share" is enabled and was enabled by accident upon creation. There are already working profiles running, but I'd like to go back and…
bloonacho
- 35
- 1
- 1
- 10
0
votes
1 answer
How to react on vulnerability scanning?
We noticed that our server is being scanned for standard vulnerabilities like publically exposed myphpadmin and other common security configuration mistakes / failures.
What is best locations to redirect such attackers to?
Options popping in my…
Kote Isaev
- 135
- 3
0
votes
1 answer
puppet best practices: share variables among profiles
I'm using the roles&profiles approach for my current puppet project.
The puppet best practices tell me:
Expose all necessary profile parameters in the main class parameter list.
Perform hiera lookups to fill in those parameters (having default…
C.Scharfenberg
- 63
- 7
0
votes
0 answers
Use default `ubuntu` user to deploy an app or make separate users?
I have a Ruby on Rails app and use Capistrano to deploy it to the server.
The deploy user and the user running the app is the same - the default ubuntu user. (this has sudo access: ubuntu ALL=(ALL) NOPASSWD:ALL)
Maybe this setup is a bit insecure,…
Zabba
- 231
- 2
- 4
0
votes
1 answer
Should I create a new user for each web app?
I have a VPS and I'm trying to gather the best practices in terms of user setup for web services.
I have different services in my server (a cloud app, a streaming app, etc).
What I do know is that I create a user for each service, each one having…
Creak
- 101
- 2
0
votes
2 answers
Bypass Browser Cache with Server Settings in Large Production Environment
We recently applied a patch to our ERP system that updated HTML, JavaScript and CSS files. After applying the patch a large volume of users called the help desk to report loss of functionality on the menu page.
The root cause was due to the user's…
extrata
- 1
- 1
0
votes
1 answer
Git branches for managing machine specific scripts and timers: OK or bad idea?
I have a bash script that I need to run on multiple (personal) machines, using systemd timers. While largely similar, there is some functionality in these scripts that I need enabled on some machines, but not on others.
Right now, I'm using git…
dwrz
- 103
- 4
0
votes
2 answers
FTP Server 'Netiquette'; Are fast and frequent Connect/Transfer/Disconnect session acceptable?
some code of mine is using a queue to upload files to an FTP server.
When files get queued, a connection attempt is made and, if successful, files are uploaded. Once the queue is empty it disconnects the server. Pretty straightforward.
The queue…
r41n
- 103
- 2
0
votes
1 answer
How do multiple devops manage single chef cookbook?
I have created a cookbook and I am using manage.chef.io to host and deploy it. I have hosted the cookbook in GitHub private repo.
Consider a scenario:
If I make some changes in the cookbook and knife cookbook upload it, but I forget to push it to…
Rahul Prasad
- 257
- 3
- 4
- 9
0
votes
0 answers
After system state restore: SBS Baseline Configuration Analyzer 2.0 stopped working
So the system drive of our SBS 2011 server has crashed. We had a backup which we used to perform a systemstate recovery and non-authorative restore of Active Directory. Since the restore, we cannot run the SBS 2011 Best Practices Analyzer, which…
Forza
- 101
- 2
0
votes
1 answer
How to create an account, that can not login?
Our Unix systems rely on corporate AD for authentication and authorization.
We need to create a few "role" accounts, which shall not be able to login themselves, but to which other accounts (belonging to real persons) will be switching (with ksu or…
Mikhail T.
- 2,338
- 1
- 24
- 55