Troubleshoot Linux Server Cheatsheet
- [ ] Is everything up to date, no log errors?
- [ ] Is the routing correctly?
- [ ] If you are able to monitor, is there anything strange you notice?
- [ ] Is your web server installed?
- [ ] Is the web server running and the right one?
- [ ] Is the syntax of your web server configuration files correct?
- [ ] Are the ports you configured open (not blocked by a firewall)?
- [ ] Is your firewall running correctly?
- [ ] Are there TCP Wrappers active and configured correctly?
- [ ] If you have an anti-virus/MAC is it running correctly, errors?
- [ ] Are your DNS settings directing you to the correct place?
- [ ] Does the document root point to the location of your files?
- [ ] Is your web server serving the correct index files?
- [ ] Permissions and ownership of the file and directory structures correct?
- [ ] Are you restricting access through your configuration files?
- [ ] If you have a database backend, is it running?
- [ ] Can your site connect to the database successfully?
- [ ] Is your web server configured to pass dynamic content to a script processor? (fe. php5-fpm)
- [ ] Are there problems with the disk space?
- [ ] Check for malware, rootkits and intrusion detection.
How to check the routing, DNS and open ports
$ ip addr
$ ping 22.214.171.124
# netstat -plunt
# netstat -plunt | grep nginx
# netstat -plunt | grep mysql
$ ss (to investigate sockets)
$ host -t A example.com
$ nmap -A 127.0.0.1
$ nmap -sV 127.0.0.1
How to check the syntax of your web server
# apache2ctl configtest
# nginx -t
How to check for malware (ClamAV) and rootkits (Rkhunter)
Check for all files recursively and ring a bell when an infection is found:
# clamscan -r --bell -i /
Move infected files to another folder:
# mkdir -p ~/VIRUS && clamscan -r --move=/home/$USER/VIRUS /
# rkhunter --update
# rkhunter --propupd
# rkhunter -c --enable all --disable none
# cat /var/log/rkhunter.log
How to check for intrusion detection (AIDE)
Generates a database where it can compare to for possible intrusions, it's best to have this from start of server.
# aide -i
Copy the new db:
# cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
# cp /var/lib/aide/aide.db.new /var/lib/aide/please-dont-call-aide-without-parameters/aide.db
Creates a new database and compares it to the old one:
# aide -C