5 Things you should check when you run a Server over years

Many people, including me, run server several years. Sometimes with keeping an eye on them, but sometimes not. In this article, I write about 10 things you should check every so often.

5 Things you should check when you run a Server over years
Photo by Marc PEZIN / Unsplash

Many people, including me, run server several years. Sometimes with keeping an eye on them, but sometimes not. Depending on the deployment and availability requirements of your application, it needs at least a little service over the years. In this article, I write about 10 things you should check every so often.

System & Package Updates

Over the years, vulnerabilities in packages get more and more end need to be fixed. You don't need to keep an eye on Databases like https://www.cvedetails.com/. An easier, more convenient way is to regularly update the system.

How to update

For Linux servers, a regular update routine is essential to keep the system secure, stable, and performing optimally. Here’s a basic update routine for the most common distributions:

1. Ubuntu/Debian

sudo apt update             # Refresh package list
sudo apt upgrade -y         # Install available updates
sudo apt full-upgrade -y    # Install kernel and other major upgrades
sudo apt autoremove -y      # Remove unused packages
sudo apt clean              # Clean up package cache

2. CentOS/RHEL (8 and above)

sudo dnf check-update       # Check for available updates
sudo dnf update -y          # Install updates
sudo dnf autoremove -y      # Remove unnecessary packages
sudo dnf clean all          # Clean up package cache

For CentOS/RHEL 7 and below, replace dnf with yum.

3. Fedora

sudo dnf upgrade -y         # Update all packages
sudo dnf autoremove -y      # Remove unused dependencies
sudo dnf clean all          # Clear package cache

4. Arch Linux

sudo pacman -Syu            # Sync and upgrade packages
sudo pacman -Rns $(pacman -Qtdq)  # Remove unneeded dependencies (optional)
sudo pacman -Sc             # Clean package cache

5. openSUSE

sudo zypper refresh         # Refresh repositories
sudo zypper update -y       # Install all available updates
sudo zypper clean           # Clean up package cache

You could also use cron to make it automatically, but this also could lead to problems. Depending on the importance of the installation and how it is exposed to the internet, it is sometimes better to just log in to the server every 3 months or to make an update routine for every week or day.

Keep an eye on storage

Storage is one of the things that can kill your system right a way when you don't expect it. Depending on your application, you might have logs that can become very large or old docker images that dangle around. You need to make sure to know when it could get full.

Using a server, for example at your home lab or colocated in a datacenter, keeping an eye on the SMART Status of the disks is also very important. Most systems can notify you about issues. Make sure to enable the notification and look sometimes at the current status of the discs.

SSL/TLS Certificates

If your application uses Let's Encrypt you should check your routine sometimes. Some deployments are difficult with using Let's Encrypt or Certbot. Just check if the certificate generation is as expected and the certificate updates as it should. After 3 Months, a certificate is invalid, and you should start noticing if something goes wrong. Certificates should update every month with Certbot so you can check if the update is older than 1 month. If so, probably something went wrong.

Secure Login

Using SSH Key should be safe enough to never worry about it, but if you use a password, you should consider using software like Fail2Ban and control the access log sometimes. Severs with password that maybe also are public accessible can be at a very high risk of being hacked. With using SSH Keys you can disable password login and make it, so nobody even tries to log in. Hacking an SSH Key is very unlikely.

Backups

Backups are the most important thing. Make sure to have a solid backup strategy and have an easy recovery way whenever something happens. This makes sure, that on an event of failure, or you make a mistake on the system, your data is always recoverable.