Friday, February 01, 2008

Setup a Future Rescue with the 'at' Comand

With a leased server, you never want to lock yourself out of your box. If you do get locked out, KVM style console access can save you but it's not cheap. It usually costs $30 per use. And that's if your ISP even supports it.

There are 3 risky things that can get you locked out of your server.
1) service iptables restart
2) service network restart
3) changing etc files like /etc/sudoers ... and then rebooting

For me, iptables is the riskiest to edit because one bad rule can lock you out of ssh on port 22.

To protect yourself, use 'at' to revert the file change 5 minutes in the future:
echo 'mv ifcfg-eth0' at now + 5 minute

*this will work even if you are kicked out (as long as the server is running).

--update-- here is another way to prevent getting locked out by iptables during testing:

*/10 * * * * iptables -P INPUT ACCEPT; iptables -P OUTPUT ACCEPT; iptables -P FORWARD ACCEPT; /sbin/iptables -F

This will flush all the rules every 10 minutes, just in case you lock yourself out. When you're happy with the results of your work, remove the line from your crontab, and you're in business.
Post a Comment