Kernel 7

This guide assumes you already have the following:
+ Linux RPM-based system
+ NTP Synchronization
+ Internet Access for “Google Authenticator” API

[1] Install pre-requisites for “Google Authenticator“:
yum install gcc pam-devel subversion python-devel git

[2] Install Google Authenticator PAM module:
mkdir /tmp/google-authenticator
cd /tmp/google-authenticator/
git clone http://code.google.com/p/google-authenticator/
cd google-authenticator/libpam/
make && make install

[3] Setup SSH’s PAM to use Google Authenticator:
vi /etc/pam.d/sshd

vi /etc/ssh/sshd_config

service sshd restart

[4] Setup Google Authenticator for any user that will have access to the system (i.e. jdoe):
su – jdoe
google-authenticator
+ Note your “Secret Key”, “Verification Code”, and “Scratch Codes”.
+ Answer “y”, “y”, “n”, “y”.

[5] Test SSH Login with the user configured (i.e. jdoe):
+ Setup the Google Authenticator on your Smart Phone
+ Launch an SSH session to login with “jdoe”
+ Enter the Verification Code from Google Authenticator (Smart Phone)
+ Enter your Linux password

Nagios is particularly complicated itself in scheduling a downtime, and automating it is a pain.
Here is an easy to use PHP script that will make scheduling a breeze:

[1] Download the “Downtime Scheduling Utility” and extract it to your preferred location:
http://sweetdeliah.com/nagios/downtime/nagios_down-0.2.tar.gz

[2] To schedule a maintenance, here is a template:
./nagios_down.php -h ‘host-server-001′ -f -b ’03:00 23 January 2012′ -e ’03:30 23 January 2012’ -a ‘John Doe’ -c ‘Monthly Maintenance for Windows Patches’

This will put the host “host-server-001” in maintenance mode for 30 minutes on January 23rd, 2012, between 03:00 AM and 03:30 AM, with “John Doe” as the person responsible for logging the downtime, and “Monthly Maintenance for Windows Patches” as a comment.

[3] You can automate the process using Cron or your Custom GUI if any.

As a last resort to fix log space issues, stop “syslog”, delete the logs in question, start “syslog”.
Here is an example for Debian:
/etc/init.d/rsyslog stop && rm -rf /var/log/daemon* && sync && /etc/init.d/rsyslog start

Schedule it when necessary.

As you already know, “mysqldump” is nifty command. The following examle script should be scheduled to run daily via “cron” to backup all your MySQL Databases in a SQL file like “MySQL-Dump—v2009-06-02.sql” and compress it to save on space:

mysqldump –host=YOUR_MYSQL_HOST –port=YOUR_MYSQL_PORT –user=root \
–password=YOUR_ROOT_PASSWORD –add-drop-database –add-drop-table –comments –force \
–all-databases > /YOUR_BACKUP_LOCATION/MySQL-Dump—v`date +”%Y-%m-%d”`.sql ; \
gzip /YOUR_BACKUP_LOCATION/MySQL-Dump—v`date +”%Y-%m-%d”`.sql

A small nifty script that you can schedule to cleanup and free some disk space by removing log directories created 30 days ago from the script’s run time:

find /LOG_DIR/ -not -ctime -30 -type d -exec rm -vrdf ‘{}’ ‘;’ ; sync

If you would like to block an entire country from accessing a service, you can get the entire list from the following IPTables Country BlackList Generator:

http://blacklist.linuxadmin.org/

To reduce the risk of being scanned by script kiddies, tell you system to ignore ICMP ECHO Packets (PINGs):

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all