#1 日常ないしルーチンワーク
まずは、rootでログイン。方法経由は問わない。パスワード有りでも、鍵使用でも可です。筆者は、Teratermでマクロでログインします。鍵を使っているので、パスワードは入れません。セキュリティーの懸念ではなく、面倒くさいだけです。まずは、
apt updateなにはなくても、まずこれね。で、なんかゴチャゴチャ言ってきたら、例えば、
root@ghost:~# apt update
Hit:1 http://deb.debian.org/debian trixie InRelease
Get:2 http://deb.debian.org/debian trixie-updates InRelease [47.3 kB]
Get:3 http://security.debian.org/debian-security trixie-security InRelease [43.4 kB]
Get:4 http://security.debian.org/debian-security trixie-security/main Sources [148 kB]
Get:5 http://security.debian.org/debian-security trixie-security/main amd64 Packages [156 kB]
Get:6 http://security.debian.org/debian-security trixie-security/main Translation-en [95.8 kB]
Fetched 490 kB in 0s (3492 kB/s)
21 packages can be upgraded. Run 'apt list --upgradable' to see them.21個のパッケージがupgrade可能だとおっしゃっています。確認してみましょう。
root@ghost:~# apt list --upgradable
apache2-bin/stable-security 2.4.67-1~deb13u2 amd64 [upgradable from: 2.4.66-1~deb13u2]
apache2-data/stable-security 2.4.67-1~deb13u2 all [upgradable from: 2.4.66-1~deb13u2]
apache2-doc/stable-security 2.4.67-1~deb13u2 all [upgradable from: 2.4.66-1~deb13u2]
apache2-utils/stable-security 2.4.67-1~deb13u2 amd64 [upgradable from: 2.4.66-1~deb13u2]
apache2/stable-security 2.4.67-1~deb13u2 amd64 [upgradable from: 2.4.66-1~deb13u2]
libapache2-mod-php8.4/stable-security 8.4.21-1~deb13u1 amd64 [upgradable from: 8.4.16-1~deb13u1]
linux-image-amd64/stable-security 6.12.86-1 amd64 [upgradable from: 6.12.85-1]
linux-libc-dev/stable-security 6.12.86-1 all [upgradable from: 6.12.85-1]
php8.4-bcmath/stable-security 8.4.21-1~deb13u1 amd64 [upgradable from: 8.4.16-1~deb13u1]
php8.4-bz2/stable-security 8.4.21-1~deb13u1 amd64 [upgradable from: 8.4.16-1~deb13u1]
php8.4-cli/stable-security 8.4.21-1~deb13u1 amd64 [upgradable from: 8.4.16-1~deb13u1]
php8.4-common/stable-security 8.4.21-1~deb13u1 amd64 [upgradable from: 8.4.16-1~deb13u1]
php8.4-curl/stable-security 8.4.21-1~deb13u1 amd64 [upgradable from: 8.4.16-1~deb13u1]
php8.4-gd/stable-security 8.4.21-1~deb13u1 amd64 [upgradable from: 8.4.16-1~deb13u1]
php8.4-mbstring/stable-security 8.4.21-1~deb13u1 amd64 [upgradable from: 8.4.16-1~deb13u1]
php8.4-mysql/stable-security 8.4.21-1~deb13u1 amd64 [upgradable from: 8.4.16-1~deb13u1]
php8.4-opcache/stable-security 8.4.21-1~deb13u1 amd64 [upgradable from: 8.4.16-1~deb13u1]
php8.4-readline/stable-security 8.4.21-1~deb13u1 amd64 [upgradable from: 8.4.16-1~deb13u1]
php8.4-xml/stable-security 8.4.21-1~deb13u1 amd64 [upgradable from: 8.4.16-1~deb13u1]
php8.4-zip/stable-security 8.4.21-1~deb13u1 amd64 [upgradable from: 8.4.16-1~deb13u1]
php8.4/stable-security 8.4.21-1~deb13u1 all [upgradable from: 8.4.16-1~deb13u1]
内容によらずupgradeはするんですが、時間がかかるようならば、screen起動してからにするのが吉です。上の例では気が狂うほど時間かかりそうもないので、そのまま
root@ghost:~# apt upgrade
Upgrading:
apache2 apache2-doc linux-image-amd64 php8.4-bcmath php8.4-common php8.4-mbstring php8.4-readline
apache2-bin apache2-utils linux-libc-dev php8.4-bz2 php8.4-curl php8.4-mysql php8.4-xml
apache2-data libapache2-mod-php8.4 php8.4 php8.4-cli php8.4-gd php8.4-opcache php8.4-zip
Installing dependencies:
linux-image-6.12.86+deb13-amd64
Suggested packages:
firmware-linux-free linux-doc-6.12 debian-kernel-handbook
Summary:
Upgrading: 21, Installing: 1, Removing: 0, Not Upgrading: 0
Download size: 123 MB
Space needed: 166 MB / 1828 GB available
Continue? [Y/n]yを入力します。続行なのでね。
Unpacking php8.4 (8.4.21-1~deb13u1) over (8.4.16-1~deb13u1) ...
Setting up php8.4-common (8.4.21-1~deb13u1) ...
Setting up linux-libc-dev (6.12.86-1) ...
Setting up apache2-bin (2.4.67-1~deb13u2) ...
Setting up php8.4-gd (8.4.21-1~deb13u1) ...
Setting up php8.4-curl (8.4.21-1~deb13u1) ...
Setting up php8.4-bcmath (8.4.21-1~deb13u1) ...
Setting up apache2-doc (2.4.67-1~deb13u2) ...
Setting up php8.4-zip (8.4.21-1~deb13u1) ...
Setting up linux-image-6.12.86+deb13-amd64 (6.12.86-1) ...
I: /vmlinuz.old is now a symlink to boot/vmlinuz-6.12.85+deb13-amd64
I: /initrd.img.old is now a symlink to boot/initrd.img-6.12.85+deb13-amd64
I: /vmlinuz is now a symlink to boot/vmlinuz-6.12.86+deb13-amd64
I: /initrd.img is now a symlink to boot/initrd.img-6.12.86+deb13-amd64
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-6.12.86+deb13-amd64
/etc/kernel/postinst.d/zz-update-grub:
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-6.12.86+deb13-amd64
Found initrd image: /boot/initrd.img-6.12.86+deb13-amd64
Found linux image: /boot/vmlinuz-6.12.85+deb13-amd64
Found initrd image: /boot/initrd.img-6.12.85+deb13-amd64
Found linux image: /boot/vmlinuz-6.12.74+deb13+1-amd64
Found initrd image: /boot/initrd.img-6.12.74+deb13+1-amd64
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
Adding boot menu entry for UEFI Firmware Settings ...
done
Setting up php8.4-bz2 (8.4.21-1~deb13u1) ...
Setting up apache2-data (2.4.67-1~deb13u2) ...
Setting up php8.4-xml (8.4.21-1~deb13u1) ...
Setting up php8.4-opcache (8.4.21-1~deb13u1) ...
Setting up apache2-utils (2.4.67-1~deb13u2) ...
Setting up php8.4-readline (8.4.21-1~deb13u1) ...
Setting up php8.4-mbstring (8.4.21-1~deb13u1) ...
Setting up apache2 (2.4.67-1~deb13u2) ...
どさくさに紛れてカーネルのバイナリもupgradeしていますね。それでGRUBがどうしたとか、他のosのboot partitionがないとか言ってますが、それで良いです。このようにカーネルいじったら、忘れずに、
root@ghost:~# apt autoremove
REMOVING:
linux-image-6.12.85+deb13-amd64
Summary:
Upgrading: 0, Installing: 0, Removing: 1, Not Upgrading: 0
Freed space: 111 MB
Continue? [Y/n] y
(Reading database ... 110020 files and directories currently installed.)
Removing linux-image-6.12.85+deb13-amd64 (6.12.85-1) ...
I: /vmlinuz.old is now a symlink to boot/vmlinuz-6.12.74+deb13+1-amd64
I: /initrd.img.old is now a symlink to boot/initrd.img-6.12.74+deb13+1-amd64
/etc/kernel/postrm.d/initramfs-tools:
update-initramfs: Deleting /boot/initrd.img-6.12.85+deb13-amd64
/etc/kernel/postrm.d/zz-update-grub:
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-6.12.86+deb13-amd64
Found initrd image: /boot/initrd.img-6.12.86+deb13-amd64
Found linux image: /boot/vmlinuz-6.12.74+deb13+1-amd64
Found initrd image: /boot/initrd.img-6.12.74+deb13+1-amd64
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
Adding boot menu entry for UEFI Firmware Settings ...
done
rebootまではしなくてもオケです。というかもう遅いです。(笑)screenは便利ですが、使う場面が出てきたら紹介しましょうね。いつになるか不明ですが。
さて、サーバーの主要な機能が滞りなく動いているかをチェックしましょう。まずは
root@ghost:~# uptime
15:01:36 up 26 days, 5:44, 1 user, load average: 0.00, 0.13, 0.11負荷は低いので一応おけ。気になるのであれば、
root@ghost:~# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 24556 15632 ? Ss Apr13 0:56 /sbin/init
root 2 0.0 0.0 0 0 ? S Apr13 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S Apr13 0:00 [pool_workqueue_release]
root 4 0.0 0.0 0 0 ? I< Apr13 0:00 [kworker/R-kvfree_rcu_reclaim]
root 5 0.0 0.0 0 0 ? I< Apr13 0:00 [kworker/R-rcu_gp]
root 6 0.0 0.0 0 0 ? I< Apr13 0:00 [kworker/R-sync_wq]
root 7 0.0 0.0 0 0 ? I< Apr13 0:00 [kworker/R-slub_flushwq]
root 8 0.0 0.0 0 0 ? I< Apr13 0:00 [kworker/R-netns]
root 10 0.0 0.0 0 0 ? I< Apr13 0:00 [kworker/0:0H-events_highpri]
root 13 0.0 0.0 0 0 ? I< Apr13 0:00 [kworker/R-mm_percpu_wq]
root 14 0.0 0.0 0 0 ? I Apr13 0:00 [rcu_tasks_kthread]
root 15 0.0 0.0 0 0 ? I Apr13 0:00 [rcu_tasks_rude_kthread]
root 16 0.0 0.0 0 0 ? I Apr13 0:00 [rcu_tasks_trace_kthread]
途中省略
root 307289 0.0 0.0 0 0 ? I 14:54 0:00 [kworker/10:1-rcu_gp]
root 307293 0.0 0.1 294816 41232 ? Ss 14:54 0:00 /usr/sbin/apache2 -k start
www-data 307296 0.3 0.2 300624 79572 ? S 14:54 0:01 /usr/sbin/apache2 -k start
www-data 307297 0.1 0.2 298332 72308 ? S 14:54 0:00 /usr/sbin/apache2 -k start
www-data 307298 0.1 0.2 300528 75520 ? S 14:54 0:00 /usr/sbin/apache2 -k start
www-data 307299 0.2 0.2 301352 79536 ? S 14:54 0:01 /usr/sbin/apache2 -k start
www-data 307300 0.1 0.2 300552 75528 ? S 14:54 0:00 /usr/sbin/apache2 -k start
root 307329 0.0 0.0 0 0 ? S 14:54 0:00 [psimon]
www-data 310450 0.1 0.2 300548 75488 ? S 14:54 0:00 /usr/sbin/apache2 -k start
www-data 310501 0.1 0.2 300548 75468 ? S 14:55 0:00 /usr/sbin/apache2 -k start
postfix 310937 1.2 0.0 54176 15484 ? S 15:02 0:00 smtpd -n smtp -t inet -u -c -o stress= -s 2
postfix 310938 0.0 0.0 44464 7656 ? S 15:02 0:00 proxymap -t unix -u
postfix 310939 0.0 0.0 44456 7536 ? S 15:02 0:00 anvil -l -t unix -u -c
dovecot 310940 0.0 0.0 6832 5000 ? S 15:02 0:00 dovecot/auth
root 310941 0.0 0.0 6396 3868 pts/0 R+ 15:02 0:00 ps aux
apache2君やdovecot君が動いていておけです。変なプロセスの負荷が重いと注意ですね。怪しい場合は、
root@ghost:~# last
root pts/0 192.168.0.22 Sat May 9 14:48 - still logged in
root pts/0 192.168.0.22 Sat May 9 14:39 - 14:41 (00:01)
root pts/0 192.168.0.22 Sat May 9 11:20 - 11:36 (00:16)
root pts/0 192.168.0.22 Sat May 9 09:06 - 09:30 (00:24)
root pts/0 192.168.0.1 Fri May 8 06:16 - 06:19 (00:03)
nao pts/0 Wed May 6 09:45 - 09:45 (00:00)
root pts/0 192.168.0.22 Wed May 6 09:44 - 09:45 (00:01)
root pts/0 192.168.0.22 Tue May 5 08:47 - 08:49 (00:02)
root pts/0 192.168.0.10 Fri May 1 09:34 - 09:34 (00:00)
以下略で、身に覚えのないlogin等のアクティビティをチェック。ここまでで特に問題が無ければ、まずメール関係ですかね。まず、
root@ghost:~# mailq
Mail queue is emptyおけ。一応/var/log/mail.logも見ておきましょう。lessを使います、
2026-05-03T00:46:21.954010+09:00 ghost postfix/smtpd[225979]: warning: hostname brightmy.com does not resolve to address 45.94.31.100: Name or service not known
2026-05-03T00:46:21.991642+09:00 ghost postfix/smtpd[225979]: connect from unknown[45.94.31.100]
2026-05-03T00:46:27.123058+09:00 ghost postfix/smtpd[225979]: warning: unknown[45.94.31.100]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=@mydns.jp
2026-05-03T00:46:27.395711+09:00 ghost postfix/smtpd[225979]: disconnect from unknown[45.94.31.100] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
2026-05-03T00:49:47.564719+09:00 ghost postfix/anvil[225981]: statistics: max connection rate 1/60s for (smtp:45.94.31.100) at May 3 00:46:21
2026-05-03T00:49:47.565085+09:00 ghost postfix/anvil[225981]: statistics: max connection count 1 for (smtp:45.94.31.100) at May 3 00:46:21
2026-05-03T00:49:47.565282+09:00 ghost postfix/anvil[225981]: statistics: max cache size 1 at May 3 00:46:21
2026-05-03T00:51:54.050015+09:00 ghost postfix/smtpd[226008]: connect from unknown[62.60.130.31]
2026-05-03T00:52:14.488634+09:00 ghost postfix/smtpd[226008]: warning: unknown[62.60.130.31]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=silvan
2026-05-03T00:52:14.747585+09:00 ghost postfix/smtpd[226008]: NOQUEUE: lost connection after AUTH from unknown[62.60.130.31]
2026-05-03T00:52:14.747661+09:00 ghost postfix/smtpd[226008]: disconnect from unknown[62.60.130.31] ehlo=1 auth=0/1 rset=1 commands=2/3
2026-05-03T00:55:34.950590+09:00 ghost postfix/anvil[226010]: statistics: max connection rate 1/60s for (smtp:62.60.130.31) at May 3 00:51:54
2026-05-03T00:55:34.950947+09:00 ghost postfix/anvil[226010]: statistics: max connection count 1 for (smtp:62.60.130.31) at May 3 00:51:54
2026-05-03T00:55:34.951150+09:00 ghost postfix/anvil[226010]: statistics: max cache size 1 at May 3 00:51:54
この辺はアタック失敗の痕跡ですね。ご苦労様です。次は、apache2のログのチェックですね。最初に、robots.txtを読みに来ているかを調べましょうかね。(検索サイト群の仁義ですね。)
grep robots.txt /var/log/apache2/access.logとかで、
66.249.70.5 - - [09/May/2026:04:18:27 +0900] "GET /robots.txt HTTP/1.1" 404 3121 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
66.249.70.4 - - [09/May/2026:04:49:14 +0900] "GET /robots.txt HTTP/1.1" 404 3122 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
17.246.23.54 - - [09/May/2026:04:53:24 +0900] "GET /robots.txt HTTP/1.1" 404 3082 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15 (Applebot/0.1; +http://www.apple.com/go/applebot)"
66.249.70.5 - - [09/May/2026:04:56:16 +0900] "GET /robots.txt HTTP/1.1" 404 3121 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
74.7.244.41 - - [09/May/2026:04:56:59 +0900] "GET /robots.txt HTTP/1.1" 404 3095 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36; compatible; OAI-SearchBot/1.3; robots.txt; +https://openai.com/searchbot"
ちなみに本サイトにはrobots.txtは存在していないので、404 not foundでおけです。googleさんが見に来ていればおけです。OAI-SearchBotとかは新参ですが、
等を見ましょう。このログではBing君が来てませんでしたが、一つ前で、
root@ghost:/var/log/apache2# grep robots.txt access.log.1 | grep bing
157.55.39.225 - - [08/May/2026:02:20:07 +0900] "GET /robots.txt HTTP/1.1" 404 3278 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/116.0.1938.76 Safari/537.36"
157.55.39.225 - - [08/May/2026:19:20:15 +0900] "GET /robots.txt HTTP/1.1" 404 3278 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/116.0.1938.76 Safari/537.36"
時々は来るようですね。最後に重要な、ディスク容量のチェック。
root@ghost:/var/log/apache2# df -H
Filesystem Size Used Avail Use% Mounted on
udev 17G 0 17G 0% /dev
tmpfs 3.4G 1.3M 3.4G 1% /run
/dev/sda2 2.0T 7.2G 1.9T 1% /
tmpfs 17G 0 17G 0% /dev/shm
efivarfs 263k 93k 165k 37% /sys/firmware/efi/efivars
tmpfs 1.1M 0 1.1M 0% /run/credentials/systemd-journald.service
tmpfs 5.3M 0 5.3M 0% /run/lock
tmpfs 17G 66k 17G 1% /tmp
/dev/sda1 1.1G 9.2M 1.1G 1% /boot/efi
//192.168.0.14/share 6.0T 3.8T 2.2T 65% /mnt/nas
tmpfs 1.1M 0 1.1M 0% /run/credentials/getty@tty1.service
tmpfs 3.4G 13k 3.4G 1% /run/user/0
メインのHDDの容量が2.0TBで、7.2GBしか使っていませんので残り1.9TBでおけです。当分大丈夫ですかね。ついでにWindows他との”架け橋”になっているNASがマウントされているのも確認できています。マシンはHeadlessでコンソールメッセージ見てませんから、重大かつ深刻なメッセージが出ていないことを確認しておきましょう。
root@ghost:/var/log/apache2# dmesg -T
[Mon Apr 13 09:17:16 2026] Linux version 6.12.74+deb13+1-amd64 (debian-kernel@lists.debian.org) (x86_64-linux-gnu-gcc-14 (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44) #1 SMP PREEMPT_DYNAMIC Debian 6.12.74-2 (2026-03-08)
[Mon Apr 13 09:17:16 2026] Command line: BOOT_IMAGE=/boot/vmlinuz-6.12.74+deb13+1-amd64 root=UUID=1c2d5bf7-6200-4031-8757-67027a68fbe1 ro quiet
[Mon Apr 13 09:17:16 2026] BIOS-provided physical RAM map:
[Mon Apr 13 09:17:16 2026] BIOS-e820: [mem 0x0000000000000000-0x000000000009ffff] usable
[Mon Apr 13 09:17:16 2026] BIOS-e820: [mem 0x0000000000100000-0x00000000ba4dbfff] usable
[Mon Apr 13 09:17:16 2026] BIOS-e820: [mem 0x00000000ba4dc000-0x00000000bb23efff] reserved
[Mon Apr 13 09:17:16 2026] BIOS-e820: [mem 0x00000000bb23f000-0x00000000bb29efff] ACPI data
[Mon Apr 13 09:17:16 2026] BIOS-e820: [mem 0x00000000bb29f000-0x00000000bd49ffff] ACPI NVS
[Mon Apr 13 09:17:16 2026] BIOS-e820: [mem 0x00000000bd4a0000-0x00000000bdd02fff] reserved
[Mon Apr 13 09:17:16 2026] BIOS-e820: [mem 0x00000000bdd03000-0x00000000bdd03fff] usable
[Mon Apr 13 09:17:16 2026] BIOS-e820: [mem 0x00000000bdd04000-0x00000000bdd89fff] reserved
[Mon Apr 13 09:17:16 2026] BIOS-e820: [mem 0x00000000bdd8a000-0x00000000bdffffff] usable
[Mon Apr 13 09:17:16 2026] BIOS-e820: [mem 0x00000000be000000-0x00000000beffffff] reserved
[Mon Apr 13 09:17:16 2026] BIOS-e820: [mem 0x00000000e0000000-0x00000000efffffff] reserved
[Mon Apr 13 09:17:16 2026] BIOS-e820: [mem 0x00000000fed1c000-0x00000000fed44fff] reserved
[Mon Apr 13 09:17:16 2026] BIOS-e820: [mem 0x00000000ff000000-0x00000000ffffffff] reserved
[Mon Apr 13 09:17:16 2026] BIOS-e820: [mem 0x0000000100000000-0x000000083fffffff] usable
[Mon Apr 13 09:17:16 2026] NX (Execute Disable) protection: active
[Mon Apr 13 09:17:16 2026] APIC: Static calls initialized
この辺りは、前回の再起動時のシステムメッセージ
以下若干略
[Wed Apr 22 15:26:33 2026] CIFS: VFS: \\192.168.0.14\share Close unmatched open for MID:56742
[Wed Apr 22 15:30:21 2026] CIFS: VFS: \\192.168.0.14\share Close unmatched open for MID:56810
[Sat Apr 25 15:34:14 2026] perf: interrupt took too long (2531 > 2500), lowering kernel.perf_event_max_sample_rate to 79000
[Thu Apr 30 01:05:43 2026] perf: interrupt took too long (3187 > 3163), lowering kernel.perf_event_max_sample_rate to 62750
[Fri May 1 09:15:01 2026] device-mapper: core: CONFIG_IMA_DISABLE_HTABLE is disabled. Duplicate IMA measurements will not be recorded in the IMA log.
[Fri May 1 09:15:01 2026] device-mapper: uevent: version 1.0.3
[Fri May 1 09:15:01 2026] device-mapper: ioctl: 4.48.0-ioctl (2023-03-01) initialised: dm-devel@lists.linux.dev
[Thu May 7 17:22:45 2026] perf: interrupt took too long (3995 > 3983), lowering kernel.perf_event_max_sample_rate to 50000
[Sat May 9 09:08:29 2026] CIFS: VFS: \\192.168.0.14\share Close unmatched open for MID:4654410
この辺りが少し気になりますが、大丈夫でしょう。
コメント