Skip to content

[Release Candidate] v0.4.3 #2243

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jan 8, 2019
Merged

[Release Candidate] v0.4.3 #2243

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b10361d
Merge pull request #2240 from leslitagordita/rc-0.4.2
nmelehan Jan 7, 2019
1e1e12b
Update script installation steps (#2241)
leslitagordita Jan 8, 2019
6f345ad
Removed IP White Listing Section from old guides. (#2242)
Guaris Jan 8, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 18 additions & 9 deletions docs/databases/mysql/how-to-optimize-mysql-performance-using-mysqltuner/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ description: 'This step-by-step guide shows you how to assess your MySQL databas
keywords: ["mysql", " mysqltuner", " tune mysql", " resource tuning"]
aliases: ['databases/mysql/tuning-your-mysql-database/','databases/mysql/mysql-performance-tuning-tutorial/']
license: '[CC BY-ND 4.0](https://creativecommons.org/licenses/by-nd/4.0)'
modified: 2017-06-27
modified: 2019-01-08
modified_by:
name: Linode
published: 2015-02-27
Expand Down Expand Up @@ -38,12 +38,21 @@ In order to determine if your MySQL database needs to be reconfigured, it is bes

The [MySQLTuner](http://mysqltuner.com/) script assesses your MySQL installation, and then outputs suggestions for increasing your server's performance and stability.

1. Download and run MySQLTuner:
1. Download the MySQLTuner script:

curl -L http://mysqltuner.pl/ | perl
wget http://mysqltuner.com/mysqltuner.pl

2. It outputs your results:
1. Change the scripts permissions to be executable:

chmod +x mysqltuner.pl

1. Run the `mysqltuner.pl` script. You will be prompted to enter in your MySQL administrative login and password:

./mysqltuner.pl

2. The script will return results similar to the output below:

{{< output >}}
>> MySQLTuner 1.4.0 - Major Hayden <major@mhtx.net>
>> Bug reports, feature requests, and downloads at http://mysqltuner.com/
>> Run with '--help' for additional options and output filtering
Expand Down Expand Up @@ -84,26 +93,26 @@ The [MySQLTuner](http://mysqltuner.com/) script assesses your MySQL installation
Enable the slow query log to troubleshoot bad queries
Variables to adjust:
query_cache_limit (> 1M, or use smaller result sets)

{{</ output >}}
MySQLTuner offers suggestions regarding how to better the database's performance. If you are wary about updating your database on your own, following MySQLTuner's suggestions is one of the safer ways to improve your database performance.

## Tuning MySQL
When altering the MySQL configuration, be alert to the changes and how they affect your database. Even when following the instructions of programs such as [MySQLTuner](#mysqltuner), it is best to have some understanding of the process.

The file you are changing is located at `/etc/mysql/my.cnf`.
The MySQL configuration file stored in the following location: `/etc/mysql/my.cnf`.

{{< note >}}
Prior to updating the MySQL configuration, create a backup of the `my.cnf` file:
Prior to updating your MySQL configuration, create a backup of the `my.cnf` file:

cp /etc/mysql/my.cnf ~/my.cnf.backup

Best practice suggests that you make small changes, one at a time, and then monitor the server after each change. You should restart MySQL after each change:

For systems without systemd:
For distributions using systemd:

systemctl restart mysqld

For distributions which don't use systemd:
For distributions with different init systems:

service mysql restart

Expand Down
80 changes: 19 additions & 61 deletions docs/platform/manager/keep-your-linode-account-safe/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@ author:
name: Linode
email: docs@linode.com
description: 'How to use two-factor authentication and other security controls in the Linode Manager.'
og_description: 'This guide describes the security features of the Linode Manager, including two-factor authentication, IP address whitelisting, API access controls, forced password expiration, and more.'
og_description: 'This guide describes the security features of the Linode Manager, including two-factor authentication, API access controls, forced password expiration, and more.'
keywords: ["two-factor authentication", "password", "security", "Linode Manager", "token"]
license: '[CC BY-ND 4.0](https://creativecommons.org/licenses/by-nd/4.0)'
aliases: ['linode-manager-security/','security/linode-manager-security-controls/']
modified: 2018-09-04
modified: 2019-01-08
modified_by:
name: Linode
published: 2013-05-02
Expand All @@ -17,14 +17,12 @@ cloud_manager_link: security/linode-manager-security-controls-new-manager

![Banner_image](How_to_Keep_Your_Linode_Account_Safe_smg.jpg)

<!-- ![Linode Manager Security Controls](Linode_Manager_Security_Controls_smg.jpg) -->
<!-- ![Classic Manager Security Controls](Linode_Manager_Security_Controls_smg.jpg) -->

The [Linode Manager](https://manager.linode.com) is the gateway to your Linode products and services, and you should take steps to protect it from unauthorized access. Linode supports and recommends implementing the following security measures:
The [Classic Manager](https://manager.linode.com) is the gateway to your Linode products and services, and you should take steps to protect it from unauthorized access. Linode supports and recommends implementing the following security measures:

1. Enable [two-factor authentication](#two-factor-authentication).

1. Enable [IP whitelisting](#ip-address-whitelisting).

1. Configure and monitor [event notifications](#linode-event-notifications).

These measures make it much more difficult for someone else to log in to your account without your knowledge. However, you should also take steps to make sure you don't accidentally lock yourself out of your account, too. Here are a few things you can do to minimize the chance of that happening:
Expand All @@ -38,7 +36,7 @@ These measures make it much more difficult for someone else to log in to your ac
The following sections describe these measures in more detail.

{{< note >}}
These measures describe security controls for the Linode Manager and API, which are distinct from the authorization protocols for your individual servers. If you are collaborating with other people to work on your services, or if you are concerned about unauthorized access to your Linodes, review the [Create an Account for a Developer to Work on Your Linode](/docs/platform/create-limited-developer-account/) guide for more on how to control access to your servers.
These measures describe security controls for the Classic Manager and API, which are distinct from the authorization protocols for your individual servers. If you are collaborating with other people to work on your services, or if you are concerned about unauthorized access to your Linodes, review the [Create an Account for a Developer to Work on Your Linode](/docs/platform/create-limited-developer-account/) guide for more on how to control access to your servers.
{{< /note >}}

## Two-Factor Authentication
Expand All @@ -58,43 +56,43 @@ In this analogy, your card's PIN is akin to your Linode account's password, and
* [Duo Mobile](http://guide.duosecurity.com/third-party-accounts) (Android/iOS)
* [FreeOTP](https://freeotp.github.io/) (Android/iOS)

1. Click the **my profile** link at the top right corner of the Linode Manager.
1. Click the **my profile** link at the top right corner of the Classic Manager.

1. Re-authenticate using your Linode user's password.

1. From the **Password & Authentication** page of the Linode Manager, click **Enable Two-Factor Authentication**.
1. From the **Password & Authentication** page of the Classic Manager, click **Enable Two-Factor Authentication**.

1. You'll then be shown a secret key and a QR code. **The key will be shown only once. Do not refresh this page until you have configured a 2FA app on your phone.** Write down the secret key and store it in a safe place. If you get locked out of your account, [contact support](/docs/support) to regain access.

1. Open your phone's 2FA app and add a new account.

1. Scan the QR code shown in the Linode Manager. Your 2FA app will create a new login token labeled *LinodeManager:user*.
1. Scan the QR code shown in the Classic Manager. Your 2FA app will create a new login token labeled *LinodeManager:user*.

1. Enter the token from your 2FA app in the **Generated Token** field of the page above. Click **Confirm my token, and enable two-factor auth!**

1. Note the scratch code and store it in a secure place. **This is important.** You will use this code if your 2FA device is not available.

### Log in with Two-Factor Authentication

1. Open the [Linode Manager](https://manager.linode.com) in your web browser and log in as normal using your username and password. The authentication code text field will then appear.
1. Open the [Classic Manager](https://manager.linode.com) in your web browser and log in as normal using your username and password. The authentication code text field will then appear.

1. Open the 2FA app on your smartphone, then select your *LinodeManager:user* account.

1. Enter the 2FA token from your phone and click **Authenticate**. Checking the box below the authentication option will add your computer to the trusted computer list for 30 days and generate a confirmation email to the address on file for your account.

### Record Your Scratch Code

In the event that your smartphone is unavailable or your secret key is lost, you can use a one-time scratch code to log back in to the Linode Manager and regenerate the key. Scratch codes are disabled by default. **We highly recommend you generate a scratch code** and store it somewhere accessible and secure.
In the event that your smartphone is unavailable or your secret key is lost, you can use a one-time scratch code to log back in to the Classic Manager and regenerate the key. Scratch codes are disabled by default. **We highly recommend you generate a scratch code** and store it somewhere accessible and secure.

1. Return to the **Password & Authentication** tab in the Linode Manager and click the **generate** link to create a scratch code.
1. Return to the **Password & Authentication** tab in the Classic Manager and click the **generate** link to create a scratch code.

1. A pop-up will appear asking you to confirm the action. Click **OK**.

1. The scratch code will then be shown. **This code will be displayed only once**--copy or write it down and store it somewhere safe.

### Generate a New Key

The Linode Manager allows you to generate a new secret key for your two-factor authentication device. This is useful if you buy a new phone or otherwise need to set up a new 2FA app. To generate a new secret key:
The Classic Manager allows you to generate a new secret key for your two-factor authentication device. This is useful if you buy a new phone or otherwise need to set up a new 2FA app. To generate a new secret key:

1. Return to the **Password & Authentication** tab.

Expand All @@ -104,7 +102,7 @@ The Linode Manager allows you to generate a new secret key for your two-factor a

### Disable Two-Factor Authentication

You can disable two-factor authentication for your Linode Manager account at any time.
You can disable two-factor authentication for your Classic Manager account at any time.

1. Return to the **Password & Authentication** tab.

Expand All @@ -114,58 +112,18 @@ You can disable two-factor authentication for your Linode Manager account at any

### Recovery Procedure

If you lose your token and get locked out of the Linode Manager, email <support@linode.com> to regain access to your account. Should you need us to disable your Two-Factor Authentication, the following information is required:
If you lose your token and get locked out of the Classic Manager, email <support@linode.com> to regain access to your account. Should you need us to disable your Two-Factor Authentication, the following information is required:

1. An image of the front and back of the payment card currently associated with your account, which clearly shows the last 6 digits, expiration date, and cardholder name.
2. An image of the front and back of a matching government-issued photo ID.

## IP Address Whitelisting

IP address whitelisting restricts access to the Linode Manager to a set of IPs that you specify.

### Enable Whitelisting

1. Find and write down the IP address and netmask assigned to you by your ISP. They will usually be given on a statistics or dashboard page of your home router's admin panel.

1. Click the **my profile** link at the top right corner of the Linode Manager.

1. Re-authenticate using your Linode user's password.

1. Go to the **Password & Authentication** tab of the Linode Manager.

1. In the *Account Security* section, select **ENABLED - Alerts will be sent and whitelisting will be enforced** from the **Status** menu.

1. Click **Save security setting**. The IP address whitelist feature will be enabled.

1. Click **Edit Whitelist** to add your IP address.

1. Enter your IP address and netmask, then click **Add IP**. You can add as many IP addresses as you want.

### Add Additional IP Addresses Remotely

If you need to log in to the Manager from a new location:

1. Attempt to log in to the Linode Manager from the new IP address, which will trigger an email notification from Linode which describes this login.

1. This email includes a link which whitelists the new IP. Click the link to add it to your whitelist.

1. Attempt your Linode Manager login again, which should now be successful.

### Disable Whitelisting

1. Return to the **Password & Authentication** tab.

1. In the *Account Security* section, select **DISABLED - No alerts will be sent and whitelisting will not be required** from the **Status** menu.

1. Click **Save security setting**.

## Linode Event Notifications

By default, the Linode Manager automatically sends event notifications via email when any jobs are added to the *Host Job Queue* of one of your Linodes. Monitoring these emails will help you detect potential unusual activity on your servers, which could be a sign of an unauthorized login. You can also subscribe to an RSS feed of these notifications.
By default, the Classic Manager automatically sends event notifications via email when any jobs are added to the *Host Job Queue* of one of your Linodes. Monitoring these emails will help you detect potential unusual activity on your servers, which could be a sign of an unauthorized login. You can also subscribe to an RSS feed of these notifications.

To review your event notification settings:

1. Click the **my profile** link at the top right corner of the Linode Manager.
1. Click the **my profile** link at the top right corner of the Classic Manager.

1. Re-authenticate using your Linode user's password.

Expand All @@ -189,14 +147,14 @@ This backup user should be created with unrestricted permissions so that you can

If you have multiple individuals accessing the same Linode account, you should create separate user accounts for each individual. Once you've created the accounts, you can assign permissions to restrict access to certain areas of the control panel.

This is useful for groups that need to grant all team members access to the Linode Manager, or perhaps if you just want the billing department to have a separate account to receive invoices and billing information. The [Accounts and Passwords](/docs/platform/manager/accounts-and-passwords/) guide provides more information on user creation and permissions. The [Create an Account for a Developer to Work on Your Linode](/docs/platform/create-limited-developer-account/) guide is also available and describes best practices when hiring a developer.
This is useful for groups that need to grant all team members access to the Classic Manager, or perhaps if you just want the billing department to have a separate account to receive invoices and billing information. The [Accounts and Passwords](/docs/platform/manager/accounts-and-passwords/) guide provides more information on user creation and permissions. The [Create an Account for a Developer to Work on Your Linode](/docs/platform/create-limited-developer-account/) guide is also available and describes best practices when hiring a developer.

### API Access

The [Linode API](https://www.linode.com/api/) is a programmatic interface for many of the features available in the Linode Manager. For this reason, the Linode Manager provides two security controls for your account's API key. First, you can generate a new API key if you suspect that your existing key has been compromised. And if you're not using the API key, you can remove access to it altogether.
The [Linode API](https://www.linode.com/api/) is a programmatic interface for many of the features available in the Classic Manager. For this reason, the Classic Manager provides two security controls for your account's API key. First, you can generate a new API key if you suspect that your existing key has been compromised. And if you're not using the API key, you can remove access to it altogether.

See the [API Key](/docs/platform/api/api-key/) article for details.

### Force Password Expirations

Your company's policy may require users to change their passwords after a fixed interval of time. The Linode Manager can be configured to require password resets every 1, 3, 6, or 12 months. For more information, see the documentation on [Passwords in the Linode Manager](/docs/platform/accounts-and-passwords/#passwords).
Your company's policy may require users to change their passwords after a fixed interval of time. The Classic Manager can be configured to require password resets every 1, 3, 6, or 12 months. For more information, see the documentation on [Passwords in the Classic Manager](/docs/platform/accounts-and-passwords/#passwords).
Loading