In the past few weeks, many of us are working remotely due to the coronavirus pandemic. In this post we want to remind you of some useful Zentyal Server monitoring and maintenance tasks. These tips help you to continue guaranteeing the security and correct operation of your server at all times.
Track successful / failed logins
One of the routine task for system administrators is to track who has successfully logged in or failed to log in to your server. The purpose of this to ensure that only authorized remote users are logging in to the server. It also helps to identify unwanted activities in order to take the necessary actions to protect your server.
You can use these following commands to review successful and failed SSH login attempts.
egrep "sshd\[.*\]: Accepted password for" /var/log/auth.log | wc -l
egrep "sshd\[.*\]: Failed password for" /var/log/auth.log | wc -l
And these commands to review successful and failed login attempts on the Zentyal administration panel.
grep 'check - Successfully authenticated user' /var/log/zentyal/zentyal.log | wc -l
grep '_login - Failed login from:' /var/log/zentyal/zentyal.log | wc -l
Depending on the results, you may be interested in taking some of the following measures:
- Check that only users who really need it have SSH access and access to the Zentyal GUI. Check if you have unnecessarily enabled the PAM option.
- Make sure that all users with SSH and Zentyal GUI accesses are using strong passwords. Evaluate prohibiting the use of passwords and using only certificates.
- Change the SSH default port (from 22 to another port).
Monitor server status
Another important administration task is to monitor the status of your server. To accomplish this, you can use Zentyal’s Smart Admin-feature, available since the version 6.1. If you use the commercial version, you can use it directly from the GUI. If you are using the Development version, you can use a script to generate reports manually; the script is available at ‘/usr/share/zentyal/smart-admin-report’.
Smart Admin allows alerts to be sent to a Telegram group regarding the usage of server resources (CPU, RAM and disk), management of old kernels installed on Zentyal and automatic reporting of relevant aspects of your Zentyal Server. The reports include useful data such as:
- Installed Zentyal modules and their status.
- CPU, RAM and SWAP usage.
- Broken packages and packages available for upgrade.
- Number of errors in the Zentyal modules.
- Access attempts to the different services.
- Information about the Domain Controller and File Sharing.
- Information about the e-mails managed by the Electronic Mail Service (SMTP/POP3-IMAP4) module.
If you have doubts or questions, contact us.