Open Source Tools in Data Centers

An anonymous reader writes "There is a nice presentation on the L.A.S. Linux site entitled "Managing Data Center Functions with Open Source Tools" which was presented at Comdex 2003. It covers everything from IPtables to OpenNMS. As well as covering some less known but nice tools like NeDi, which lets you easily manage Cisco routers and swiches from a web browser."

Samba is King of the Free Software World

[the+man+with+the+pla]

Admit it. With the exception of Apache, Samba is the number one reason that Linux (and BSD, too!) has been able to invade the datacenters of companies the world over.

Without Samba, Linux et al would be in a much less pretty position.

Perhaps we should call it Samba/GNU/Linux? :)

Kudos to the Samba Team, Tridge, and all Samba developers/testers/users!

Re:Samba is King of the Free Software World

[Rick+the+Red]

I'm not so sure. Yes, from an administration standpoint it's far easier to make the server (Linux) conform (Samba) to the client (Windows) than it is to force all the clients to conform (NFS) to the server, but if Samba did not exist I believe NFS would have stepped in and filled the gap. Samba has reduced the need for a good open NFS client for Windows, but I'm sure someone would have written one if Samba did not exist.

Indeed, I predict that someone will write one should Microsoft succeed in shutting down Samba (via patents or whatever -- you know killing Samba is on their to-do list).

Re:vservers

FreeBSD's chroot jails are a much better and more efficent solution

Re:vservers

[DDumitru]

In one sense, hacking a virtual is as good as hacking the real thing. On the other hand, hacking a virtual is quite dangerous on the part of the hacker.

UML virtuals have the ability to log a bunch of stuff "outside" the virtual. This can include keystroke logging on devices (including the pty's that ssh allocates). Plus you have a 100% sniffable network from the outside and the "owner" of the UML can "give" the virtual to the hacker at almost no cost and watch and learn.

If you are concerned about a hacker launching a DDOS using your virtual, this can happen, but you can also stop or mitigate it without tipping your hand against the hacker. You can firewall the virtual from the host side and silently block all (or most) of the attacking packets. You can even rate-limit the damage that they can do with 'tc'.

The amazing thing about getting a UML hacked is that most hackers don't even realize they are being watched. While /proc/cpuinfo and a bunch of device setups are unique to UML, most hackers have no clue and trudge on blindly. If you want to be more "stealthy" and setup a honeypot, the honeypot /proc and /dev filesystems change all the names to match a "normal" physical server. If your purpose is a "honeypot", you will probably need to only run a single UML with enough memory to seem realistic. Even then, if the hacker knows the internals of Linux, he can tell, altough it might require writing/loading a kernel module to see that the address space is not quite right.

Open Source Network Administration

[BobSutan]

I've been reading the Open Source Network Administration book by James Kretchmar (review here in fact) and its been a really good read. Really applicable to the subject in my opinion.

Just my $.02 on the subject.

MRTG? Upgrade to Cricket

The authors of the LAS should have mentioned Cricket.
Which is a much evolved performance trending system. For those looking to trend data from routers, switches, firewalls, servers, sensors, files. Cricket offers a very flexible configuration method. It is all in perl, so very easy to support, extend and integrate. It includes a grapher, a collector and a configuration system.

It does what it does well.

The system also offers easy integration with event management systems open-source or not. It scales well to a great number of devices.

Plus a brand new version just came out! Get it while it is hot.

http://cricket.sourceforge.net