Questions tagged [best-practices]
Questions asking for best practices in a given field. Be aware, that sometimes there might be no generally accepted best practices, in which case the question is likely to be closed for being subjective.
352
questions
0
votes
1
answer
45
views
DNS and PTR names for mail servers - best practice?
Should the hostname of the mail server you send mail from always have an rDNS (PTR type) of the same name?
I ask because I notice the name of my mail server doesn't have the same name as the PTR ...
0
votes
1
answer
113
views
Best practices on managing Terraform project repositories
As part of a new job role, I have started learning Terraform recently. Before, my main orchestration/provisioning tool was Ansible, and the best practice at my previous place was to hold the state for ...
0
votes
0
answers
99
views
Disabling unnecessary Apache modules for simplicity and performance
I noticed that my simple LAMP application does not need most of the default modules the official Docker PHP-Apache image bundles by default:
a2dismod -f access_compat auth_basic authn_core authn_file ...
0
votes
1
answer
125
views
Securing a secret key on a linux server to be consumed by a software running on the server
I'm not an expert in server security and I have a question regarding a situation where server is being compromised. I have a nodejs app which is a bot that only have https connection to read from some ...
1
vote
1
answer
624
views
Practice of high frequency scheduled Ansible playbook runs
I'm fairly new to administrating servers with configuration managers such as Ansible. I plan on running playbooks automatically on a schedule (via something like Ansible Semaphore, or even just Cron) ...
0
votes
2
answers
52
views
Why not nuke an machine after malware cleanup? [closed]
So this is a noob question.
Why do we perform a clean up on a machine that has been infected with malware and not nuke it directly instead? I understand that in some situations this would not be ...
0
votes
1
answer
770
views
Best practices for PHP ini settings for large wordpress site?
I own a large wordpress site that gets
500k+ visitors
30+ plugins (some heavy)
server with 128 GB RAM
Wondering if there are "best practices" for php.ini settings for larger sites on Linux?...
0
votes
1
answer
134
views
Is Cloud Best Practice To Still Have Multiple Disks (Volumes) For a Server?
In the old days of physical servers, it was considered good practice (at least at the places I have worked at) for a server to always have at least two disks (volumes) no matter how simple an ...
1
vote
1
answer
49
views
Is it bad form to create an Ansible role just for setting facts?
I've got one of those situations where I could write a three task role to lookup, sort and extract a set of values like:
- name: Lookup available AMI instances
amazon.aws.ec2_ami_info:
filters: ....
1
vote
0
answers
201
views
Add some text to curl's user agent string? (i.e. curl with a UA that includes curl's default UA & my text)
I am writing a shell script which uses curl(1) to download files. By default curl will set a HTTP User-Agent (UA) to something like curl/7.74.0. I want to be a good internet citizen and set the UA to ...
2
votes
1
answer
2k
views
IPv6 connectivity suddenly lost, IPv6 neighbour router status becomes STALE at the same time. How can I avoid it?
I have a VM on a host with bridged networking (hence, with its own MAC address). Both host and VM run CentOS. Their network is managed by simple /etc/sysconfig/network-scripts/ifcfg-enpXsY files ...
1
vote
0
answers
266
views
How to limit users to their home directory SFTP on Ubuntu 20.04
Is there any way to limit users to certain home directories with sftp on Ubuntu OS 20.04 and giving them write access to their directory?'
I was able to keep each user to only see their directory and ...
0
votes
2
answers
2k
views
Active Directory (DNS) BPA: Interface should register its IP addresses in DNS with Server Core
How to solve the following compliance error message when using the Best Practices Analyzer with DNS running on Windows Server Core?
Problem:
The interface Ethernet 2 is not configured to register its ...
3
votes
0
answers
119
views
Why not shorten a single :0000: field in IPv6
rfc5952, section 4.2.2 "Handling One 16-Bit 0 Field" goes:
The symbol "::" must not be used to shorten just one 16-bit 0 field. For example, the representation
2001:db8:0:1:1:1:1:...
1
vote
2
answers
1k
views
On a single machine, re-use SSL certificate between services, or generate multiple certificates?
Assume a machine has multiple management UIs, like for example Cockpit and Monit. Both can do SSL.
Do best practices dictate using distinct certificates for either service? Or is it OK to reuse a ...