overview edit doc new doc remove

Jan 26, 2018

Troubleshoot Linux Server Cheatsheet

Checklist

Logs

/var/log
/var/log/messages
/var/log/syslog
dmesg
journalctl -r

How to check the routing, DNS and open ports

Routing

$ ifconfig
$ ip addr
$ ping 8.8.8.8
$ route
# netstat -plunt
# netstat -plunt | grep nginx
# netstat -plunt | grep mysql
$ ss (to investigate sockets)

DNS

$ host -t A example.com

Open ports

$ nmap -A 127.0.0.1
$ nmap -sV 127.0.0.1

How to check the syntax of your web server

Apache

# apache2ctl configtest

Nginx

# nginx -t

How to check for malware (ClamAV) and rootkits (Rkhunter)

ClamAV

# freshclam

Check for all files recursively and ring a bell when an infection is found:

# clamscan -r --bell -i /

Move infected files to another folder:

# mkdir -p ~/VIRUS && clamscan -r --move=/home/$USER/VIRUS /

Rkhunter

# rkhunter --update
# rkhunter --propupd
# rkhunter -c --enable all --disable none
# cat /var/log/rkhunter.log

How to check for intrusion detection (AIDE)

AIDE

Generates a database where it can compare to for possible intrusions, it's best to have this from start of server.

# aide -i
# aideinit

Copy the new db:

# cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
# cp /var/lib/aide/aide.db.new /var/lib/aide/please-dont-call-aide-without-parameters/aide.db

Creates a new database and compares it to the old one:

# aide -C
1