Your Inner SysAdmin

One thing that most programmers do not take the time to understand is the servers that their application lives on. Most know a smattering of Apache configs, PHP configs, and basic information about the OS. This talk will deal with looking at tools that can help you quickly set up a server and how it can help you be a better developer. We'll look at tools like Puppet for server management, OSSEC for log management, different command line tools, and Nagios/Monit for system monitoring. PageSlides

by Chris Tankersley@dragonmantank

Overall this talk was a pretty good intro to DevOps for developers. I feel like it provided a good starting point for people but didn't go into enough details (time prohibiting) for someone to walk away and be able to run a server. If nothing else it was a glimpse for people to at least understand the scope of what they will need to learn to effectively take on a DevOpps role. I personally found the tools mentioned in the talk to be the most useful part of the talk. Chris was a good presenter and I would attend his talks again.

Below are the notes I captured from the session:

  • PHP programmer for over 10 years
  • SysAdmin/DevOps for around 8 years
  • Using Linux for 15 years
  • On GitHub
  • His talk is mostly his opinions
  • Most of his talk is targeted at Linux
  • Web server (Apache) and database (MySQL) and programming language (PHP)

Common folders on Linux system

  • /bin – essential executables
  • /boot – stuff that makes the OS run
  • /dev – special device stuff you probably won't touch
  • /etc – configuration files
  • /home – user home directories
  • /sbin – system binaries
  • /usr – multi-user Apps and utilities
  • /var – data usually lives here

Installing software

  • compile software from source/scratch
  • use a package manager (yum/apt/brew)
  • Learn to use and love the command line interface
  • production servers shouldn't have a GUI installed
  • interact with servers via SSH
  • learn CLI text editor like vi/vim, emacs, or nano

Authentication and authorization (security)

  • No one should need access to the root password if they need to do root processes users should be given sudo permission
  • If necessary restrict which commands users can run and from where
  • sudo will log who elevated their permissions and what they did.
  • It is safer to give people only the permissions they need rather than remove permissions they don't need.
  • jailing users – keep users from accessing content they don't need access to (protect them from themselves)
  • jailed shells – gives users full shell access but not access to the entire file system. “jailkit” makes this process simple
  • you can also jail ssh and sftp
  • Docker is a container system (another talk about it at the conference)

Learn a scripting language

  • PHP is a scripting language but not the best language for system admin processes
  • Bash is a good option. Most systems use it as their default shell
  • Python is another good option because it is install on a lot of systems already
  • PHP could be an option and there are some libraries such as symfony console component or Aura CLI

Locking down your code

  • run web server as a different user.
  • there are several ways to do it in apache MPM-ITK and MOD_RUID2
  • MOD_RUID2 effectively allows you to “jail” apache and php
  • PHP-FPM can be used to change the user that PHP runs as.


  • logs will fill up the server
  • logrotate rotate log files for organization and other purposes
  • logwatch scans logs at regular intervals and send a summary via email
  • ossec is an intrusion detection system which alerts you when it detects issues

Preventing intruders

  • hosts.deny and hosts.allow file sets access to the machine or certain apps/ports on the machine
  • iptables is a firewall that is generally available on linux machines that can be configured in many different ways to allow, block, or mangle traffic. The syntax is fairly complicated.
  • ossec will watch the log files and automatically interact with deny/allow files and iptables to automatically block intruders and then alert you

Configuration management

  • process of figuring out what goes on your servers and how things are configured.
  • keep track of when files are changed
  • roll back changes
  • push changes to multiple changes
  • configure multiple servers exactly the same way.
  • puppet, chef, ansible (easiest syntax)
  • (puppet stuff is really good)

Server Monitoring

  • Is your sever up? Is everything running? Are there enough resources?
  • Monit is a small monitoring server
  • Icinga is a monitoring server for multiple systems (nicer version of Ngios)
  • If you are running systems in the cloud (AWS) use the tools they provide

Software Tools

  • screen multiplexer (tmux/screen) – keep sessions running
  • tail will allow you to look and follow the end of log files
  • curl for performing HTTP requests
  • iftop displays breakdown of badwidth usage by host
  • htop displays breakdown of system information like memory and CPU usage
  • tcpdump sniffs traffic coming over an interface (do not install on production machines)

Some Resources

  • Chris Fidao @fideoper http://serversforhackers.php
  • Evan Courey