Migration to New Server - Upgrade to Cento OS 6 - Best Procedures

11 posts / 0 new
Last post
#1 Sat, 02/04/2012 - 14:16
katir

Migration to New Server - Upgrade to Cento OS 6 - Best Procedures

We want to up grade our box with more RAM, more CPU power and upgrade to the CentOS 6 at the same time.

I plan to hire someone to help me with this (already contracted hours) because one of the issues is security hardening, moving to the latest Apache to meet PCI requirement and other such needs all reaching critical mass. Our present box has been in operation since 2008, (cento OS5) and that a long time in the web world.

I want to draft a road map to do the migration in two weeks time (this is the window ServerPath/GoGrid gives to have two boxes running at no extra charge)... and since we are interested in security I am wondering the best way to proceed to be sure to "lose" any possible trojans or mal ware that might be sitting lurking in hidden directories. We were hacked with the WordPress Pharma Hack which we successfully shut down, but now I'm nervous about what "stuff" might have lying around. (e.g. they were writing to folders in dovecot (mail) that were owned by the same owner for the domain which of course was the owner for WordPress, so php scripts in Word Press could write to any folder in the OS framework that was owned by that owner, even if it was outside the public_html folder...fortunately, nothing too malicious, they were just doing black hat SEO and hi-jacking pages/posts with links to viagra/cialis sites.

i.e we want a "clean" migration; I am pretty certain the content inside each of the /home/Domain/public_html/directories is clean. as I am doing repeated scans on these contents, folders, files.

So, how do we proceed to move 7 web sites from one box to another? But ensure we are installing them on top of a 100% brand new shiny OS? I'm thinking that the Virtual Min migration tools are going to pack up a lot of directories including any garbage inside them... perhaps this is a wrong presumption on my part.

1) set up the new box 2) It comes with pre-installed images of Apache, PHP, MySQL etc... so we need to next run upgrade on all these because support says the images are "old" and just have the base CentOS6 on it. 3) create new /home directory by hand? 4) manually create directories for each domain and then manually move over the public_html folder to the new hard drives. 5) Then, at what point do we install set up VirtualMin and then re-instantiate those same domains again on the new box: which theoretically then goes out to build all the DoveCot (mail) and related directores for each of the users?

Perhaps we need to do it in the other order: 1) set up box 2) install virtualMin 3) Use Virtual Min to run all upgrades on Apache, MySQL, PostGres, PHP etc. 4) create the new domains 5) now move the public_html folder contents over 6) go back to our documentation for all httpd.conf and other customizations (we do keep records of all changes to httpd.conf and any other OS tweaks we do. 7) set up our new crons (I don't know how to migrate those...)

I will very much appreciate guidance here... Thank you!

Sat, 02/04/2012 - 14:45
helpmin

I would use virtualmin's backup feature and the restore your virtual server on your new centos 6 server. At least that is what I did. you have to some manual configuration afterwards (for example adjusting the IP address). you can then reinstall wordpress etc (or you reinstall/clean it before the migration).

Sat, 02/04/2012 - 14:56
katir

So we

ONE a) set up new box b) install virtual min on new box c) upgrade all OS apps on the machine (apache, PHP etc.) for Virtual Min's updater

TWO d) on old box, Use VirtualMin to back up domains

THREE e) on new box, restore from the back ups.

Things that concern me:

1) one of these domains is: -- in size 38 GB of data 2) if you have been hacked, isn't VirtualMin's back up just packing up directories that might have malware in them? Or does it only package the /home/mydomain directories? or only settings?

Sat, 02/04/2012 - 15:31
andreychek

one of these domains is: -- in size 38 GB of data

That will take quite awhile to backup and restore this domain. You might consider using the Virtualmin command line tools to perform that task. You can run "virtualmin restore-domain" to see the various options there.

2) if you have been hacked, isn't VirtualMin's back up just packing up directories that might have malware in them? Or does it only package the /home/mydomain directories? or only settings?

Well, there unfortunately is no "backup everything but malware" option :-)

If you think you can perform a scan for all malware, and remove everything that should not be there -- than you'd want to run such a scan on all the files first.

Another option would be to have Virtualmin do a backup of everything but home directory data, and you could manually copy over anything you feel fairly confident is clean.

However, the only way to be really sure about all that would be to start from scratch with a brand new site. But I'm sure that's not desirable either :-)

-Eric

Sat, 02/04/2012 - 15:51
katir

Ha, send me that "back everything but malware" program asap!

Actually it is the "other way round" it's the public_html directories that I am sure are clean. It's everything outside of those that worry me.

And manually re-building the sites is not that hard... ( I may be putting my foot in the mouth later on this... but....)

So, let's say we do rebuild manually. Then I presume it goes like this:

1) install Virtual/Web min on new box 2) upgrade "generic" apps (apache, php, etc) 3) set up domains from scratch 4) manually copy the /home/domain/public_html" folders to the new server home/domain/directories 5) restore dBases for all the different CMS's ( and pray) 5) Go thru and do the tedious work of setting up certificates, FTP users,protected directories, mail, cron etc. to match the original box. I don't need any of the old mail folders at all... so we can start with clean DoveCot.

Presumably this means our new public_html folders are sitting on a "pure and clean" platform and I will be tearing my hair for a week or two as I run into things that were still need to be configured the "old way" that were not properly documented on our server configuration/changes wiki (very hard to get everyone on the team to comply to the rule that any change to the box to any files outside the home directories must be documented...) but it should all work pretty well...? Yes, No?

Sat, 02/04/2012 - 18:20
ronald
ronald's picture

I would first get the new server up and running with virtualmin ( I just did a new one with Centos 6) and copy over the templates and plans. Then configure some other essential stuff you may need, like Bind, PHP, Zend, IP's, etc.
Then Chroot Bind, secure PHP, install Keys and configure anything else you want to secure the box.

Then I would do a backup and restore via virtualmin features. You can choose what features to back up: say website and mysql database or more feature if you feel confident. If the public_html is clean then I wouldn't worry that much either.

Copy the file from 1 server to the other via scp over the terminal so it will go fairly quick if both servers have 100mb uplink.
It wouldn't matter if it even takes a day to copy
If a lot of different files make up for 32GB then per haps break it down to zipped chunks and scp those.

oh and along the way write down what you do on a piece of paper :D the best part of being an administrator

Thu, 02/09/2012 - 22:09
rogeriobrito

What about the move-system command?

http://www.virtualmin.com/documentation/cloudmin/devel/cli/move_system

Cheers - Rogerio

Thu, 02/09/2012 - 22:12
rogeriobrito

Sorry, my bad.. that's for cloudmin. But it would be great to have something like that for Virtualmin.

[]s - Rogerio

Fri, 02/10/2012 - 08:35
andreychek

There's instructions for using Virtualmin to migrate to a new server here:

http://www.virtualmin.com/documentation/system/migrate

Wed, 02/15/2012 - 14:08
rogeriobrito

Great Eric, thank you.

Wed, 02/15/2012 - 21:31
katir

Thank you indeed! we will be using this in a day or so. Great documentation....

Topic locked