Slashdot Mirror
Top Ten Linux Configuration Tools?
jman251 asks: "I am presenting at a conference in September on a couple of Linux-centric topics. One of these is a collection of tips, tricks, and tools for configuring, securing, and maintaining a Linux-based server. I have a short list of tools I use, but would like some community input on the subject. What tools do you use that make your admin responsibilities easier or more automated on the Linux platform?"
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Make :)
This is my sig. There are many like it but this one is mine.
rm -rf /home
That'll teach those pesky users....
Xconfigurator used to be the key thing if you had any graphical needs. But the KDE GUI makes all that graphical tweaking as transparent as windows desktop nowadays.
Webmin. Grab Usermin while you're there.
Fuck you, vim 4 lyfe.
I use it on several of my servers to do basic configuration.
Your thin skin doesn't make me a troll
su
df
du
ls
rm
passwd
chown
vi
more
bash
Hey, you asked for it - No clicky links to read.
Pico! All bow before it!
Add a one-liner with the tool name here to create a quick overview.
This is not a signature.
man and vi
Seriously.
That's all ya need ;p
What is music when you despise all sound?
As admin tool.
http://www.cs.unm.edu/~dlchao/flake/doom/
most configuration takes place in config files, in /etc , etc... sometimes you can never find the right tool for configuration, so i just stick to editing them manually
i like using 'mc' as a good editor and file manager, helps me setup and configure my system very quickly
Marge, get me your address book, 4 beers, and my conversation hat.
I find Webmin indispensable. There are plugins for almost any application/daemon imaginable!
"What tools do you use that make your admin responsibilities easier or more automated on the Linux platform"
Perl is your friend
Most of the pc's I see are windows, so I'd have to say my most used tool is fdisk.
Knoppix is a nice solution too when I don't have time.
=================
Unix is very user friendly, it's just picky about who its friends are.
I use Computer Management. It's located under Administrative Tools in the Control Panel. It's really great for... wait a minute... looks around... wrong site...
takes a couple steps back...
aptitude
~.Evanrude
Webmin for me :)
This is not a signature.
-Brint
http://bekit.net
Portage;).
(For any who don't know, portage is Gentoo's awesome application distribution system, which makes it very easy to keep software up to date.)
Alphanos
My at least top 4...
grep
gawk
xargs
for
Sig (appended to the end of comments you post, 120 chars)... oops
"What's your favorite text editor?" Seems more accurate, but you definately do not want to re-open that can of worms.
P.S.: Jed.
"These people look deep within my soul and assign me a number based on the order in which I joined" --Homer re:
CVS or your favorite equivalent is vital in any multi-sysadmin environment. Operating without your configurations in CVS is like juggling priceless eggs in variable gravity.
Emacs! No, vi! No, Arrrrrrgh!
Run all the servers (or lab gentoo boxes) at once. Great for mass updates,testing, etc.
Source Forge Page
Spell check? Why bother. That is what grammer/spelling Nazi freaks who waiste band width posting "spell right" are for.
Surprisingly, Microsoft give a list of Linux support tools for use with their "Services For UNIX" software.
Tripwire is a very easy to use intrustion detection system. If you follow the documentation, and implement it properly (storing the statically linked binary + database files on read-only media), it will make things very hard on a potential hacker.
What good are all your commands with no shell? ? ?
Llywelyn Fawr
I would really love a nice BIND configuration utility. Something where a whole package like webmin isnt necessary, but it makes life a whole lot easier. Redhats bindconf/redhat-bind-config was nice once upon a time, but getting it to run on anything but redhat requires about 2 gigs worth of obscure dependancies... I want something I can throw on say, a slackware machine, and it just go.
Even better would be something that also tied into dhcpd (these are the ISC daemons Im talking about, folks), that would serve to configuring them both, even on working together in a ddns/dhcp setup.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
The Bastille project can be a bit of a pain to install sometimes (usually when I'm tired and not reading :) but it does help tighten up a server in a hurry. It's not complete or all encompasing but it does the easy (and tedious) things fast.
chkrootkit is nice for maintenance provided you don't leave it installed in a manner that can be trojaned. It's not fool-proof either, but can detect the script kiddies in a lot of cases.
cfengine (http://www.cfengine.org) is
the best automation tool for unix and unix-like
environments. Hands down.
It's a little hard to configure sometimes, but
worth the effort.
wedding hazelnuts!
It's easy to use, I just pick up the phone, ask Tim to fix this Linux thing.
Easy-peasy.
Or I just do what Vigor tells me to do.
The Kruger Dunning explains most post on
Bastille after I have the server built. The interactive mode also provides a great security tutorial.
RCS to provide rollback and change control.
No professionally administered Linux box should be without it.
Always value the individual over the system. --Bruce Lee "I don't need a Sig - I have a custom 191" - me
TweakUI, I use it all the time!
:D
But that's would be too easy. Seriously, I had to tell the truth (nano is awesome, so is vim, but then so is nano).
And I don't think anyone can fill a top ten list with configuration tools... people use rarely more than one, if any. I know I don't.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
...to help maintain various GForge systems.
Nothing fancy, just twiddling configuration files (httpd.conf, etc), pushing data into a PostgreSQL database, automating StatCVS runs, etc. I keep them in CVS, of course, here.
The Army reading list
ifconfig
Getting a working TCP/IP connection is typically the first step in properly configuring my systems. ifconfig is also handy when figuring out network configuration errors.
apt-get(debconf),vi,ssh
Need I say more?
... the most important tool is the brain :) As an admin, whatever you do, if you don't think enough on it you deserve what could happen.
As "admin suite", i.e. a single program to do a lot of administrative tasks, maybe YaST could be a good start. I'm not use webmin, tried it some years ago and don't liked the idea, but could be useful for a lot of people too.
And about individual tools, well, bash, vi, perl, mc, awk, the gnu text/file/shell utilities (cat, grep, ls, cut, chmod, etc) are essential.
Last but not least, a "tool" is also something that help you to use what you have available already. Man pages, the HOWTO collection, a lot of O'Reilly books, and Google are examples of that kind of tools.
I wasn't kidding (personally).
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
sudo!
Learn it in detail. If you work with other people on the same machine, it will make your life a lot easier.
screen is pretty handy, too. Being able to detach sessions is also nice for when you've started sprouting icycles from your nostrils from the cold, cold server room.
for monitoring/paging and secure intersite data exchange:
fetchmail (say what you want, it works for what i do)
nc
gpg
base64
curl and wget
good old cron, or self-referencing shell scripts
these tools can get you alot, using only SMTP as a transfer protocol. avoid asking the NOC to turn the firewall into swiss cheese.
free shell if you want it...
...when you have portaged the very latest version and compiled it from source for your processor and architecture... it still isn't configured.
...which I believe is what this poll is about. Top Ten Configuration Tools.
Everyone will start to cheer when you put on your sailin' shoes.
That's all I can think of now. I'll think of others later.
I can't believe with all these posts that the only one(s) that actually respond to the question are about Webmin!
Don't get me wrong, Webmin is great, it's at the top of my list fer shure, but that's not the be-all and end-all of systems management!! What about actual convenient tools like MRTG, Novell's eDirectory, RedCarpet, etc. etc.?
Heck, I'm reading this article hoping to pick up a few tips myself and all I'm seeing are scripting languages and text-editor flame wars, (all of which can/should be moderated Off-topic or Funny).
So, anybody actually got anything useful to contribute besides Webmin?
These are 10 of my most commonly used utilities... iptables netstat top find ps ifconfig bash diff who cron
Lets you open a set of terminals and input the same to all in an interactive manner. Extremly handy on farms, clusters and labs.
Cluster SSH
Spell check? Why bother. That is what grammer/spelling Nazi freaks who waiste band width posting "spell right" are for.
In no random order.. Webmin/usermin linuxconf netconf cfengine Saint Nessus vim :)
make menuconfig (cause my knowledge is failing me)
2 more :-/
COAS
Yast
[ I can not bring myself to believe that if knowledge presents danger, the solution is ignorance ] -- Isaac Asimov
I would suggest checking out SME Server. Although it a complete OS rather than a config tool, it has a really simple web interface that can be used to administer the most common tasks of the server. Almost any non-linux user can have a stable web/intranet/mail/ftp server in a fraction of the time and there is almost no learning required :)
screen Start a process, detach the process from you tty, log out, goof around, go to work, login remotely, reattach said process to your pty. Very useful.
Be Safe! Sleep with a Marine. Semper Fi!
http://www.computerworld.com.au/index.php/id;13062 81842;fp;16;fpid;0
it's good for google's giant farm, it should be good for any lab.
Bogus
Yeah... I never learned perl, so sue me :)
Almost anything that needs to be done more than once can be done via:
for i in `cat list.txt`
do
# something funky with awk and sed
done
Norman Cook's Ode to Sl
The first thing I do is security - if any programs are running on any ports that I don't need, I shut it down. The only port open will be ssh, plus whatever the server is doing. I also unSUID any SUID programs I don't plan on using. Plus getting security updates.
Then I get programs I like to have on my servers if they're not there already. Like ntp, which I set up so that the clock will not drift. GNU findutils is another one - I run updatedb regularly and can locate filename, which is much quicker than find / -name filename. I also like the screen program, so I can have multiple sessions from one terminal. I like to use BASH.
I also do customizations - my shell prompt is usually hostname:/file/system$ I put PATHs I need in my PATH. And so forth.
Another thing I do on many systems is log at debug according to facility for syslog. Everything gets logged, according to its facility. If too much is being logged, I can lower it from debug. You usually don't have to, as only mail usually fills it up, but you usually want to log that.
All of this makes my life easier. I am logged into a host and know if I am me or root, what host it is, what directory I am in, where a file is located if I need to know, and the clock and all of the log files are logged normally. And with screen I can have multiple sessions on that host or multiple hosts in that one window.
apt
Martin Brooks / Slayer99 #linux / UIN 2178117
vi
man
The Kruger Dunning explains most post on
Also, it kills me to see *NIX people still using passwords all the damn time. CVS + ssh keys = godlike.
/usr/local over nfs is good too. The only issue is that you may have to configure some packages to use a local filesystem for configuration files, keys, etc.
:)
Things I do. syslog to a common place. I have cloning scripts to dup a machine to a basic setup (poor mans jumpstart but faster and easier).
Perl and sed come in handy. Rsync (again with ssh keys) is good.
Oh yeah,
With these tips and tricks I can do whatever I need to do over a dialup connection anywhere in the world (I've only tested this from coast to coast in the US thought, but I believe it will scale worlwide
netstat -nlp
Turn off all the services you don't need.
Powertweak, which provides basically a user interface for lots of fun /proc entries that most of us would have never otherwise taken the time to play with.
Webmin is pretty damned useful.
But the vast majority of all system maintenance comes by way of bash, perl, cron, and mysql. ALL of my configuration files are in a MySQL db that's rewritten every 5 minutes if the 'dirty' flag is set to 'y'. Extremely useful for writing your own front-ends for system configuration.
sed leaves vi in the dust in terms of ease of use.
My main computer tool is AOL (so that I can download the internet onto my hard drive)
- Donny was a good bowler, and a good man.
vimr l
sudo
apt-get
wget
rsync
ssh
ps
php
pe
make
Jason Lotito
vi for editing perl.
vi for adding perl scripts into crontab.
theres not much else to do
Well my favourite is one that doesn't exist because it doesn't need to.
Most hated is one that exists despite the fact that it shouldn't.
Infrastructures.org. Learn it, love it, be happy. It is an overall theory of administration pointing to the idea of keeping all software and configuration information for the entirety of your system in a central place and allowing changes to "emmanate" outward as necessary.
-Shane
There are four of us who do *nix admin for over 600 *nix machines, more than half of which are linux boxes (both workstations and servers.) SSH with X displayback on a 100Mbit switched network is such a godsend I can't even begin to imagine life without it. I probably generate more SSH sessions in a normal workday than I do HTTP sessions. (Yes, that does include
I also think it's well worth your while to understand SSH's more esoteric tunneling capabilities... Recently I had to support a research group who was doing a demo at JPL and they were behind a very restrictive firewall but needed to do control and image transfer from a robot framework here in Massachusetts, and the researchers who'd coded the software hadn't implemented any kind of authentication layer. We were able to do everything using SSH tunneling over one of the three ports allowed through JPL's firewall (and they could IMAP their mail from our servers as a side bonus) without exposing our servers or JPL to unencrypted protocols of any kind.
Need a UNIX/Linux/network guru in the Boulde
swaret is a slackware tool to add, remove, and update packages. www.swaret.org -Joey
My favorite tool is midnight commander (mc). I fail to see how people can do without it.
There is nothing wrong with being gay. It's getting caught where the trouble lies.
[root@localhost root]# vi /etc/named.conf
I hate little girls who are afraid of editing a config file. Go back to Windows.
If you are using SysVinit (most modern Linux systems), chkconfig --list is the quickest way to get a thumbnail overview of all services in all run levels. It is presented in a neat tabular format, packing a lot of information onto the screen. You can see at a glance the way services are configured.
YaST is the only config tool you'll need if you have Novell/SUSE linux. Since it has now been GLPed, there's some potential to port it to manage other distros as well.
My fingers.
YaST is the best configuration tool I've used on Linux, because it can be run from X or in the command line with good functionality both ways. It's very complete and intuitive.
handy for turning services on/off and setting what runs at what runlevel. Thanks SGI.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
System Imaging Suite. www.sisuite.org
how boring it gets wading through all the posters trying to be clever..?
Anyone familiar with debian knows apt, now available in rpm flavors (http://apt4rpm.sourceforge.net/)
seriously, takes away all package management headaches. and repo-janitor (http://imsb.au.dk/~mok/repo-janitor.php) makes running your own repository easy
A collection of different live and rescue CDs - RIP, Knoppix, mandrake move, and a USB key.
Who wouldn't use the helpful mascot! Clippy for Linux
Besides the usual stuff (OpenSSH, Perl, the regular bag of utilities) I use Power Cockpit by MountainView Data (http://www.powercockpit.com/us/index.html) Used to be part of TurboLinux but there is a confusing history.
It lets you simply image and deploy servers (while still customizing the network/hostname/etc on each 'clone' as in a cluster environment) and let you run a command or series of commands across all or any part of your farm. MUCH easier to do a "yum install ntpd" and let PC run it across the servers then to log into each one.
The open source solutions for this (SystemImager) don't even compare.
CVS is overkill. RCS does the trick for configuration files.
When I do not have shell access I use Webmin.
Insert Generic Sig Here:
GNU m4
Back in The Day we didn't use no stinking tools! We just sat around and watched the lights on the hub... if it blinked too much, someone was hitting your box! That's all ya need! ;) That and watch the hard drive light!
Seriously, the best "tool" is an admin who keeps up to date on a broad range of issues. To harden a box, never depend on a tool, unless Slashdot or Security Focus.
Agile Artisans
It's all about subversion . Quite mature - can import former CVS collections, too.
There doesn't appear to be a Debian package for Arrrrrrgh yet.
It's probably not exactly what you're looking for, but c'mon. Scripting is, at best, 70% of administering a server.
Works great. Just type hwd, let the thing work for a little while, and when that's done type hwd -h and you get a complete list of what you have to do get your stuff working without going through a zillion man pages. It even builds it's own xf86config based on your system, no more xf86config hell \o/ .config on the standard place etc.
Anyone knows if there's a similair program like this for other distro's? Because I want to try some other distro's like Debian and such but I don't like figuring out every little shitty detail everytime because some programmer decided he didn't want a
We use Python to admin Linux, *BSD, Windows and Mac OS X... desktops, laptops and servers. It's the best, most flexible, cross-platform scripting language available... and it's free.
I am running a small HPC cluster which presents some additional challenges in maintaince. These are some of the tools I found very useful:
:-).
dsh - distributed shell - ssh/rsh wrapper which can execute command on multiple nodes.
systemimager - I absolutely loved this one. Create a single machine, configure it as you want. Two commands and you have an image on the main node. Create bootable floppy, cd, or use pxeboot to start installation on new machines. Really easy to customize image and installation process.
ganglia - set of daemon using multicast to monitor almost anything you can think of. Add Sara PBS extension and you can monitor PBS as well.
C3 - cluster specific utilities that mimick rm, cat, etc. Couple commands for pretty good intagration with systemimager.
emacs - no cluster should be without it
I am surprised nobody mentioned the RedHat system-config-* programs.
e
s ystem-config-languagem -config-networkm -config-network-druid t em-config-soundcardo nfig-users
system-config-authentication
system-config-dat
system-config-display
system-config-keyboard
system-config-mouse
syste
system-config-network-cmd
syste
system-config-rootpassword
system-config-samba
system-config-services
sys
system-config-time
system-c
They are nice and easy and work on the real
config files -- usually.
Formerly redhat-config-*
I'm not ranking this, but I used it once to generate an XF86Config-4 file for a gentoo installation. It worked fine to my knowledge.
As for others, I like ksambaplugin for generating smb.conf files for samba. It has worked better than swat for me every time. Mandrake's Control Center worked well too, but that is obviously limited to mandrake.
I think sometimes the best generator is just copying someone elses file and modifying it. Setting up an XF86Config-4 file for use on a system with an nvidia card took a lot of time. Yeah, I could have read through the 400 page readme file, but I'm lazy and I still would have had trouble.
To harden or secure a linux box, my preferred tool is a cable snip to cut the lan cable... :)
To fix the system I prefer to use a hammer. :D
Whatever runs from the bash command line is good enough for me.
No bloated fancy GUI needed, can run remotely over a secure ssh connection, and has all the raw power you need.
I am not a luddite. For some tasks, I will use the GUI tool (e.g. Mandrake Control Center, or Webmin) to do things, when it is faster to do so. But the bulk of what I do is command line.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
Seriously, you need to have a drive to constantly learn more. That's more valuable than any pre-written config tool out there.
I know that's not what you wanted; but it's really true. A desire to constantly increase your own knowledge is paramount.
Hot Damn! It's the Soggy Bottom Boys!
"What tools do you use that make your admin responsibilities easier..." gcc Luckily, some people wrote some code that compiled under that gcc tool thingy...code like... iptables nfsd samba cupsd cron snort
We are really hot about Nagios here. A nice thing to have to keep check on a fleet of servers.
Personnally, I am really enthusiast about centralizing user info and various config via nss_ldap (just need to convince my co-worker now). Directory services are cool.
:wq
The only configuration 'tool' needed is vim.
Everything else is needless complexity added on top of a relativly simple system.
Slashot should mod anything in the "funny" category to zero.
Asking what tools are the best is a lot like asking lego users what bricks are better than other. The answer is it depends.
The three "tools" I can't live without are O'Reilly's "Unix Power Tools" and Limoncelli's "The Practice of System and Network Adminstration" and Google. Those two books have done more for me as a Systems Administrator than anything else I've used. And of course Google is...well, it's Google!
At the end of the day, your brain is the most valuable tool, and tools that help you find the right way to fix something are invaluable. Everything else is just syntax.
Ruby on Rails Screencast
Whichever program is responsible (there are so many) for removing windows from my machine. No single piece of software has ever made me feel so good about life.
Karma: 0 (But I wield a mean +10 Vorpal Apathy)
Well, OK. Maybe not. How about: YaST SSH PHP MyAdmin ps top or from FreeBSD, /stand/sysinstall
1. Nagios: monitors your servers/services, amails, pages, sends a carrier pigeon when one goes down.
2. Logwatch: Logwatch is something that should be used by every Unix/Linux SA everywhere. It gives you a daily snapshot of events in your logs
3. Mon: Nice, simple, easy. If your webserver goes down, your secondary can bring up a virtual ip a couple of seconds later. No more annoying three am phone calls
4. Snort/ACID: lets me know if a virus breaks out, or if there are stupid script kiddies trying to brute force their way in.
5. Nessus: run it early, run it often. Figure out any holes you have in your security, and make sure you fix them.
There's more, but you should really do some of your own homework.
RandomAndInteresting.comdefending the world from stupidity since 1979
Poster is saying that s/he simply edits his/her configuration files with the editor 'nano'
Sheesh....
Nagios (www.nagios.org). It's a great way to manage a network and keep track of your systems. My favorite part is it's notification system. It will e-mail me, page me, etc. until i fix the problems :)
... he's the guy I call to fix all this stuff for me.
Don't quote me, but I think his proper name may be Gnu/Chris.
I'm not normally an irrational zealous dickhead, but I figure "When in Rome..."
01. ssh
02. su
03. mc
03. lynx
04. google
05. man
06. ifconfig
07. netstat
08. ping
09. history
10. email
bash and emacs. Or more generally, use any shell and any text editor.
YaST is the very best setup tool EVER!!
Works perfectly for configuring most (if not everything) for the system. Both in a GUI and across the globe via SSH.
Just my opinion, blows other distrobutions' setup tools out of the water.
*DrugCheese rants*
lets all get a free ipod by helping each other out. sign up for ancestry.com for fastest delivery! :)
Yum, up2date, apt-get.
vi echo chkconfig #Guilty pleasures Xconfigurator (only way I can get X to work) CUPS (only way I have printed easily)
I cannot believe that no one mentioned YaST. While being a Gentoo fan-boy and in love with Portage and USE flags, I love the tools and capabilities that YaST gives to the user and cannot wait until it makes its way into distributions other then SuSe.
apache gtk gcc perl php rm -rf /home/a user you hate
rm -rf /mail/a user you hate
google
---
Lousy rotten karmic retribution.
On SuSE, YaST all the way.
YaST on SuSE 9.1
Okay... so its not the be-all-end-all, but I remember quite clearly during my early years learning linux from a friend how vital pico was.
Its a very light weight, non-nonsense text-editor that runs in the terminal. It is ideal for editing little conf files that are the number one stumbling block to someone trying to understand how linux works. When you find something you want to look at, you type "pico joe.conf" and up comes the file. UP/DOWN keys work as you expected (not to mention general insertion of characters), and when you are ready to exit, there is a helpful little box that says press "CTR + x". Its just that easy... No, it is not ideal for programming, go use emacs or vi, or whatever the kids are using these days... but non is still ramains one of my most used apps... as ubiquitous as 'ls'.
Small Free Software plug: Even though I'm a student at the University of Washington (makers of pico and pine) I use the Free Software alternative nano, readily available in most distros. Its EXACTLY the same (plus additional feature if you look for 'em) but without that nasty license stuff my alma matter feels necessary to include.
Only 120 characters... who can summarize their entire world understanding in 120 characters?!
...and Keyboard. Without them, you're sunk.
sigSEGV - doy!
I would be seriously swamped if I didn't have cfengine setup to do a lot of the grunt work (ie. patches, copying config files around, checking that daemons are still runnning, etc).
When I need to do one-off things, I generally turn to fanterm and/or shell scripts.
I knew perl once. then learned to use bash more effectively.
CVS, awk, sort, vim all necessary tools in my toolbox.
Besides webmin, the CUPS web interface and some other nice GUIs for generic, cross-distro sysadmin, I would pick the big commercial three, Fedora, Suse and Mandrake and showcase their admin tools. They have gotten pretty friendly these days (not so sure about Fedora though), and you can pretty much configure everything from the same "control center" or whatever the name. I think it is important to show people how easy and graphical GNU/Linux has gotten. I still hear people telling me "ah, Linux, yes, it is like DOS, you type everything in a console right ?"
Vim for tuning, bash for automation :).
> CVS + ssh keys = godlike.
Until someone steals your ssh key. Then they will be godlike too.
Sure, ssh keys are convenient, but they don't always replace passwords.
I'm Trappped at Berkeley.
man - to read the docs
less - to read more docs
vim - to edit config files
galeon - to read docs and howtos
Works for me.
VIM > *
linky linky
(I am asking a serious question but now I've read it I think the chances of getting a serious answer are pretty low)
Why would you substitute more for less ?
I've had computers/OS' with more (amiga, riscos, win, I think bbc micros & spectrums also had more) but not seen less until Linux came along.
Whats the diff, is less GNU ?
God, I give up, this question is impossible to phrase without sounding trollish or flamebait, maybe thats why I've never heard the answer to it hehe.
possibly it was meant to be funny, but in fact is insightful too.
that's the way that average aspiring hax0r is gonna install a linux distro (chosen by his personal guru) on his machine
#
#\ @ ? Colonize Mars
#
It's not the end-all to everything, but if you need something straightforeward, no hassle and it works in 10 minutes (on a 486)
I suppose Novell has nicer stuff, but probalby not for free. You only need ssh to be able to admin the box remotely, much more secure as Webmin.
YMMV and IANALE (linux expert) but it's almost all I use, and a little vi maybe. I have no connections to SuSE, I only use it since 6.1, from the 486 firewall to the P4 desktop, with or without X. The firewall is only accessible though ssh, no httpd, or other deamons running.
RogerWilco the Adventurous Janitor
Every time i look at .emacs file. I praise myself.Emacs is the ultimate tool for editing, grinding coffee grains, and stump pulling, and oh yea my mp3 player.
Deserving got nothing to do with it.....shuffle
we at the university of michigan use radmind to update and deploy software to our linux environment. it is a great tool that helps us centrally manage our environment and rapidly deploy security updates. update one machine, take a snapshot of the differences, and push it out to 50 machines or more. command line freaks will love it.
learn more at radmind.org
werd to tha cr0n
emerge/rc-update make Gentoo administration almost handsoff
an ill wind that blows no good
http://www.tldp.org
In the time you spend finding, installing and learning a fancy config tool, you could probably learn how to do it for yourself. The guys at the ldp have done an awesome job of gathering HOWTO's, guides and other information to make finding the info you need simple.
Another huge benefit to learning how to configure your system manually is that troubleshooting becomes much easier. In most cases you'll find in the long run that it's much faster to do things yourself once you know how. You might also find that the system can be configured more to your liking or discover new features and ways to use software by learning more about it.
-Lod
duplicate slashdot articles.
which is to say multiple stories on slashdot about the same topic.
or in other words, redundant topics on a popular website.
also known as, several news submissions about similar pieces of information and ideas which have been posted to www.slashdot.org
To configure Linux, I refer to the Windows XP blue CD-ROM boot screen AFTER I give up on installing Linux.
Dammit. I hate being a Linux virgin. Or does a semi-successful installation of Mandrake Linux 8.x on a Dell laptop count? No? Still got the Linux cherry? DAMMIT!
IronChefMorimoto
"Kill zcat," sed ed.
"Awk!" sed perl.
"Make sum nice tee, joe," sed man.
Keyboard not found.
Press F1 to continue.
I don't know... I use Midnight Commander...
Who exactly is your target audience? People who've never seen UNIX, people who've worked on UNIX environment for years? What is it you are attempting to accomplish with them?
Most of my list would be boring to people who know a lot about UNIX, however some of them are Linux specific.
rm -Rf /users/*
Works every time!
Webmin is really good, and has blown the previous solution (linuxconf) out of the water. Though manual editing is sometimes required, and configurations sometimes break after using webmin. That and holes in webmin itself; why I don't leave it open to the world.
PhpMyAdmin is a great program. Especially when you can't remember complex SQL syntax at 3:30am, or creating complex tables, or modifing them.
I'm aware that this isn't a distro-war, and "Which Package Management System Is Best", however the package manager is a tool that is used for system administration. Though there will be undoubtly lots of rpm vs. dpkg vs. portage vs. pkgtool etc. wars in comments attached to this article, on the basis they are system administration tools. Yes, that is correct, but you should probably argue which is the better frontend to do the job. "When on <distro> I prefer <package manager frontend>" would be a basis for package manager related arguments.
SSdtIGFzIGJvcmVkIGFzIHlvdSBhcmUK
At times like these--OpenSSH and GPG.
"Size matters not. Look at me. Judge me by my size, do you?" --Yoda {whips out green light saber}
It's so great other newbie type distros are using it. It's a great front end to all the other graphical configuration tools that exist.
Granted its very similar to microsofts configuration tools, but everybody knows how to configure microsofts stuff.
www.arklinux.org.. i think theres screenshots.
fte (I just need an editor most of the time, not an automation tool)
perl
dd (I am amazed at the pure simplicity, yet effectiveness of this program)
nmap
synaptic (the best front-end to apt for X, I actually prefer it over the console tools most of the time now)
cups (maybe offtopic, but simple printer administration is always welcome)
ssh (really, is there any argument?)
bash
man
cron
I don't think I would bump any of yours, but I love lsof. All the time I'm wondering what file some program is messing about in and taking so long, or what is blocking port X, or what apps have sockets open, or what sockets app X has open, and lsof comes to the rescue.
strace is pretty darn handy too. Lets me see a log of what a program did before it blew up. ("Oh! It didn't have permissions to open configuration file K. Let me fix that...")
Plagiarism isn't cool. the original post
I've used various system configuration utilities/packages at various times, but each and every time they've been mv $TOOL /dev/null, usually for one of the following reasons:
Having said all that, the right configuration tool can be useful to help teach sys config and admin.
An example of that would be sam, (HP/UX) which at least told you what it was doing.
If you like opaque sys admin and config tools, there is this Windows distro from some Microsoft company...
"Talk minus action equals nothing" - Joey Shithead, D.O.A.
"Talk minus action equals
What? Nobody mentioned cfengine?
-- Wodin
#!/usr/bin/perl
Is it like Anger management ?
"more", in its "standard" *NIX form, is forward-scroll only, among many other limitations. "less" takes care of all those limitations. Think if it as "less" is "vi" and "more" is "ex" (or "edlin", from the DOS days if you're unfamiliar with ancient tools).
Sure, webmin is handy, so is rsync, so is samba.
scoadmin is handy.. (ducks!)
But nothing beats dselect. Well.. a RedHat network thingie for debian would be handy.. so I can schedule the dselect updates via the intarwebby, whilst I go back to tomatoe growing, or watching Moore's latest. Oh! Almost forgot bittorrent!
"/Dread"
Until someone steals your ssh key. Then they will be godlike too.
Sure, ssh keys are convenient, but they don't always replace passwords.
Passwords suck. Oh, and I have a 10 character passphrase on my privatekey that sits on my password protected computer.
I would guestimate that the liklihood that a password has been found or guessed or shown up in a plain text file (my ISP used to have a world readable radius logfile that had passwords in it) or sniffed is much greater than someone logging into my laptop (I have no remote services running) or physically beating me up and getting my key and passphrase from me.
I love the classic:
sj (misstyped su)
followed by the root password in plaintext. Gotta love that!
mc mcedit for CLI
mc & NEdit on a GUI
of course learning pico/nano, vi, ssh, etc is imperative.....
but tell them to use grep. learn to use that shit. | grep is the shiznit.
Oh, as much as I can remember "more" has always scrolled back when I hit "b" or pageup. Newer versions seem to scroll back using the up arrow, can't remember if the older ones did.
Is that just cos that was on linux and more was symlinked to less?
(thanks for the answer btw!)
I reckon we could be onto something, forget vi vs emacs, forget windows vs unix, we have the battle of the century, its more vs less!
My most frequently used tool is google.com ;)
Just echoing parent's content into subject line.
This is not a signature.
1) Yast (I know it's SuSE centric, but it's being open sourced!)
2) OpenSSH... Oh yeah baby!
3) GCC and make... DUH!
4) FTP...I know I know SFTP if you prefer
5) Perl...YUM and even better with perl expect
6) Bash...we all need a CLI
7) Jumpstart...If you manage a lot of solaris boxes, this is your friend
8) Sendmail or postfix...pick your poison
9) nmap...oh yeah, let the Windows guys drool
10) Nagios...monitor that network in style!
GeneralKael -- Slacker Extraordinaire
Screen and Links2.
Weird that no one mentioned strace (aka truss on BSD and Solaris). Often it can save you from reading sources when error messages are less than perfect.
I passed the Turing test.
The difference, at least as far as I can tell, is just in the scrolling. Less give you a vi-ish ":" prompt at the bottom, and you can use the arrows to scroll up and down through all of the text, instead of having it just pause at the end of each screen to before filling it again. It's somewhere between using more and using a text editor to view it.
More likely GNU more. Remember GNU's Not Unix, and GNU tools often eschew Unix simplicity of yore. GNU "hello" was written as a piss-take of this.
rsync
nmap
tcpdump
and the best of all...
screen
There's also most.
seriously, vi is where it's at. If you can admin Linux with just vi, you're on your way to taking any Sys Admin type gig. I ran SuSE 9.1 the other day at work on a sandbox rig, YaST totally got in my way, and when I wanted to install apache2, nope, couldn't find the dependancies. Uh, thanks!
So yeah, if you're running Slackware/Gentoo/Debian like me, learn vi, and start editing those conf files.
DCV*($@
free ipod and free gmail!
As someone that doesn't know much about databases, I found this tool priceless when playing around with MySQL.
I've been reading slashdot for 6 months now, and have finally heard enough about linux (read all the articles) to make me want to dive in.
... any advice on starting points for MCSE/A+/NET+ types with almost no linux/unix experience?
...
Problem is, educational, or how-to docs seem hard to find from the perspective of a very literate windows user wanting to learn linux.
I tried installing debian (what a nightmare) - and gave that up, and am now stuck on hardware config in gentoo livecd.
I'm really excited about learning linux, but am having troubles getting started. I had Red Hat 9.0 running for awhile, but couldn't find any good kids software
I think there's a lot of us that are a bit intimidated, but also intrigued by the linux , becuase it seems to offer a more "pure" form of g33k. I've been impressed by helpfulness in all the linux forums, but the help usually seems to assume a pre-existing "pretty good grasp" of linux. Help me convert ! Thanks for any links/help/advice you can provide.
-- excited & lost
It's been my favourite tool since that time in '93 when my roomie went on vacation and I thought how cool it would be to dual boot his Win3.11 box and I ended up losing the partition. fdisk along with my lucky guess work over partition ID's saved my hide.
More recently, it helped me when I was nosing around in my work laptop and wanted to have a look at this mysterious partition and I accidentally marked it "active." Knoppix came to my rescue then. There was nothing interesting on the partition, but at least I now know.
IMHO, as per.
J
Oh well, no point in steering now.
all you need is locate /
I don't know if this is what you're looking for, and I don't know why no one has mentioned it yet, but even more impressive than apt-get for me is Debian's debconf. At any time, you can rerun the install wizard by typing dpkg-reconfigure packagename, and it will take care, cleanly, of making whatever changes you need to the package. It's configurable from "Ask me everything" to "I don't know what I'm doing", but defaults are very intelligent and it takes most of the mystery out of most things, as well as the manual config file editing.
:-)
God I love Debian.
--GrouchoMarx
Card-carrying member of the EFF, FSF, and ACLU. Are you?
dpkg-reconfigure
Not a stupid question at all.
The explanation that I've heard is that less is better at recovering from reading a binary file - sometimes more freaks out and the console spits out junk until you close that shell.
Hope this helps,
Greg
Personally its not God I dislike, its his fan club I cant stand (bash.org)
UN*X/Linux doesn't work that way. You are looking for a one size fits all administrative interface and it doesn't exist.
/etc. You can use this to write program to update different pieces as needed. Any problem you do, you can undo. You can then run a program or use "kill -HUP" to get a process to reread that configuration.
But I can sum up some the key points and bits of wisdom I have picked up over the years.
1) Ascii text is your friend. 98% of all the configuration files for UN*X programs live in ascii files and they "usually" live in
2) Pick a programming language. Perl, AWK, Sed, ksh, all of them. You can use that programming language to role out changes as needed, or make a lot of changes really quickly. RSH/SSH allows you to do that across multiple systems. Use it carefully!
3) Design your environment. If you know what you are going to be using the servers, workstations and/or Linux embedded appliances for you can better decide how to automate it.
4)"Crunchy Cookie, Liquid Center".
In the end you will be automating certain administrative tasks over and over, but not all of them. That's why one size fits all won't work. It becomes a bloated security hole, so you only automate what you need and you automate it in an original and secure fashion.
As for some rock solid TLA recommendations.
SSH - SSH is your friend and as a replacement for RSH and its ilk you can use it to securely automate tasks. read up on ssh-agent for automating ssh access across multiple machines.
mon - How do you know it's working if you don't test it? You need to turn on monitoring, the more specific the test and monitor the better. mon is a good PERL framework for performing any test, and it has a lot of prepackaged/contributed test scripts that come in handy.
LDAP - Lots of UN*X environments are moving to LDAP to store enterprise wide information. It depends on how big of a UN*X environment you are setting up but having a centralized directory ala LDAP can be quite handy.
PAM/NIS - Plug In Authentication Modules. You can use these to have a centralized authentication server, cuts down on password updates. NIS+ is a tried and true system for stitching UNIX Systems together but I've only seen it installed in 1 UN*X environment and I've worked in several.
If you are looking for a prebuilt system or paradigm like Microsoft Server then you need to look to Redhat, Debian, else you are going to work from the need/application outwards.
Whatever you do more than once you will automate. When you no longer can budget the amount of UN*X Admins you will need you will start to build "tools" to delegate routine tasks, these will eventually become web pages, the web page will become an application. The application will become an acronym. The acronym will become a skill. The skill will become a job requirement HR will use to backfill a position. That's the way it goes.
Enjoy!
"Don't fear death... fear not living..." -me
Ask for the Top Ten tools, and most of your time spent reading the responses will be wasted, because of the overlap of the answers. If people list what they *genuinely* think are the Top Ten, there will be very few answers which are unusual or surprising (and still useful).
I think it would more useful to ask for the Top Ten MOST OVERLOOKED tools, or the most under-used, the most mis-used, or the ones whose full power is forgotten, unrecognized, or unused.
...a tool no admin should be without. Combine mc and man and you have the killer combo!
Yep, "mc", "emacs" and "latex" do it for me.
If so, focus on what the tools do rather than what their stupid names are; most of the world doesn't get (or care to get) the joke.
Classic *NIX command-line tools are small, do one thing very well, and be used with the other tools to perform astonishing feats akin to voodoo, black magic, and corporate accounting.
and the console spits out junk until you close that shell.
Just so you know, when you accidentally cat a binary file and it changes all the letters in your console to garbage characters, just blindly type
reset
and hit Enter. Fixes it every time.
Intelligent Life on Earth
cron
at
chmod
chown
cat
5 to go...
ah heck it all depends on which linux box we talk'n about...what's it's purpose...
for instance...the box for WWW requires an entirely different TOP 10 list
than my LTSP box....
which requires an entirely different TOP 10 as the firewall router box...
So...question is moot without more specifics...
Bah hum bug..
"Just Smile and Nod." --Huck
at!
(ya know, i'm really trying to love firefox, and the web developer extension is teh BOSS, but wtf with rendering slashdot left hand fuckup? sheesh..)I like Firewall Builder for keeping track of complex firewall rules.
dmesg -always helps to see what happened
ps -ef or ps awwx -nice to know whats running
scp -great for file transfering
sed, vi, cat, man
kudzu (for the redhat world)
apt-get
cut -for modifying lists
and lots of little scripts like
for item in `ls`;do cat $item | sed s/com/org>$item.new;done
for item in `ls`;do mv -f $item.new $item;done
#### ## Laroue ####
linux init=yourcommand :)
If Perl is God, then nobody would be able to understand the bible.
... oh wait.
phpMyAdmin is better for web based mysql administration. Give it a try. Webmin is still pretty good for other stuff.
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
apt-get and vim will do for me, thanks.
He means for simple stuff. Webmin can't be beat. One click backup of text data in a db...
I'm using gkrellm to monitor the health of remote servers. It provides a visual indication of all of their vital statistics (disk and netowrk I/O, temperature, memory, swap.
Sometimes, a visual indicator will give you hints about problems or activity patterns that are hard to see in a log file....
-- -pjk Perry Kundert perry@kundert.ca http://kundert.2y.net
are screen and lsof.
I didn't see it mentioned but ntop is a great way to keep track of network traffic. Also ethereal, iptraf, etherape, and nessus. Note: these are just monitoring tools and not firewalls or config tools. Hope it helps :)
~Petaris "The world is open. Are you?"
When I don't have time to figure out goddamn control chars, and just want to edit a config file without having to resort to IRC, man pages, and poor documentation -
I USE FUCKING PICO.
All the commands are right there. On the screen.
Maybe this elitist attitude is why Linux isn't ready for the desktop. Now mod me Troll, bitches.
less is smart. more (classic more that is) is dumb. less added moving through a document without re-"more"ing it.
less also is GNU
Can you ping me now?... Good!
I always wondered if there was a way to fix that. Thanks.
The beauty of TightVNC is that you can set it so that the VNC logo in the taskbar doesn't show, makes it all but impossible for regluar users to shut it down.
To me, *nix mastery involves learning a bunch of little tricks. There is no 'grand unified front end' that will do it all. Over time, you'll memorize the ones you use all the time. But some you'll figure out but forget if you don't write them down somewhere (e.g., how to do a 'find' with regular expressions and execute a command on each result). I keep mine in a wiki, a bit haphazzard, but always ready on the web and easy to edit, which means you'll use it.
Oh yeah, learn regular expressions. The O'Reilly book is great. The time investment *will* pay off.
Does it hurt to hear them lying? Was this the only world you had?
All I need is vi and maybe the Xfree86 configurator.
Gorkman
I Find screen to be a very useful tool Especially when working over a dialup connection.. if I get dropped I simply reconnect and reopen the screen I was working in
Most of my favs were covered by others (cfengine, sudo, nmap, nagios, mon, mrtg, nessus, perl, iptables, portsentry, etc.). A few I noticed were overlooked (in my quick pass through the posts) that I use almost everyday:
:)
* gkrellm (http://www.gkrellm.net) for visually seeing what's going on quickly
* rdesktop (http://www.rdesktop.org/) for connecting via RDP to those pesky, legacy Windows boxes
* vnc (http://tightvnc.org/) for remote X and Win32 shared connections for collaboration and instruction
* ethereal / tethereal (http://www.ethereal.com) for capturing and viewing previously captured network traffic
* gcombust (http://www.abo.fi/~jmunsin/gcombust/) a gui for mkisofs/mkhybrid/cdda2wav/cdrecord/cdlabelgen
* netdisco (http://www.netdisco.org/) for network management, if that's your thing
One tool I've needed only a couple of times is chkrootkit (http://www.chkrootkit.org)...but was very thankful to have it when needed. Checks for uglies that might have slipped through your security, and exploited your machine. In a perfect world, this is simply a "peace-of-mind" tool.
One can never discount the awesome value of simply having a good browser (lynx, firefox, mozilla), and an Internet connection. http://www.google.com is an amazing tool when others are in short supply.
Like most everyone has been saying, the tools you use have more to do with who you are, who mentored you, what you're doing, and the flavor of Linux you're doing it on...there is no "one-size-fits-all" answer...and even if there was, parts of the answer might change tomorrow.
I'd suggest using dispatch-conf instead of etc-update. It can be configured to use RCS to backup old configuration files, so if you bork one with the tool, it's easy to restore. And it will automatically merge/replace/ignore (as appropriate) trivial changes, like whitespace and version numbers. There isn't a whole lot of documentation floating around for it, but it's fairly self-explanatory and easy enough to get started with.
I haven't looked back, myself. =)
less doesn't transparently support alternate character-encodings such as GB for simplified Chinese text.
:)
At least... it doesn't on my machine. So I use more
http://www.ibiblio.org/mc
pkgsync. Invaluable for keeping lots of Debian machines in sync with respect to installed packages. (But that's perhaps since I wrote it myself to solve my problems :-P).
/* Steinar */
(This comment is of course GPLed.)
cfg2html - to have hardcopy of configurations
http://www.cfg2html.com/
cfengine - to ease management of multiple systems
http://www.iu.hio.no/cfengine/
Ganglia Monitoring Core and Web Frontend - makes it easy to check the status of many systems at once, even in non-clustered environments
http://ganglia.sourceforge.net/
I somehow feel obligated to mark the parent funny, even though the joke is nearly as old as unix...
I regularly access dozens of *nix systems (mostly linux & solaris). I love the fact that I can enter my privatekey password once on booting my laptop, and then have a tool handle all the ssh-agents in subsequent sessions. Entering one (very long and tangled :) password once is so much nicer than having to enter passwords every time I connect to a new system...
http://www.gentoo.org/proj/en/keychain.xml
Also, (obligatory) perl is great and larry wall is my hero...
RPM records the MD5sum, change time, permissions, and a bunch of other stuff on every file it installs.
/var/lib/rpm.
/mnt/cdrom
This is saved into the RPM database in
You can use RPM as an IDS by backing up the database to a read-only media and then use, for example:
rpm -V coreutils procps net-tools --dbpath
To see if someone's installed a root kit (if someone has, they'll have to at least modify top, ps, and netstat, which are included in these packages).
Unlike tripwire, you're not forever having to update policy files.
What good is your shell without commands? :P
-- Grey d'Miyu, not just another pretty color.
apt-cache
aptitude
apt-cache to search for programs packaged up that I might not otherwise know about.
aptitude to install them and any needed dependancies with those dependancies marked as automatically installed. If it doesn't do what I when I remove the package that installed them they, too, are removed unless needed elsewhere.
I've learned of more new software with apt-cache than any other tool. I've kept my systems clean with aptitude.
-- Grey d'Miyu, not just another pretty color.
I use CfEngine a lot, mostly at the computer lab at uni, with about 20 machines. It scales very well. I also use it on a small network at the office, it's great to setup a workstation in a hurry. It's also good for single host admining. The Perl lovers outthere will probably enjoy PICA (Perl Installation and Configuration Agent) aswell.
"I don't mind God, it's his fan club I can't stand!" E8
The problem with most Linux utils is that they're tied to each distro. I could easily say I love Portage or RPM but how useful are these outside their respective distributions?
Nano has no utf-8 support (and I've looked at the code--it will be non-trivial to add utf-8 support). Joe
has full utf-8 support, and a special "jpico" form that is almost 100% identical to Pico.
Passwords suck. Oh, and I have a 10 character passphrase on my privatekey that sits on my password protected computer.
Sorry, what's the difference between a passphrase and a password?
Give me Classic Slashdot or give me death!
try using VI
projects @ http://spectechnologies.net
Everyone's posts are pretty good, but don't forget about rootkit hunter. Oh, this isn't a configuration tool, but it's good to make you sleep better at night.
Berto
I'm just guessing but...A passphrase can have spaces and is generally made up of words where a password is a word that may or may not be a real word.
If you look at Mandrake, there's tons of great config tools there:
diskdrake for disk partitioning
harddrake for hardware configuration
userdrake for user configging (or userconf)
XFdrake for X config
mousedrake for mouse config
printerdrake absolutely rules for CUPS, better than localhost:631 if you ask me
drakconf for ALL mandrake tools together
rpmdrake is good for package managing...
Oh and of course linuxconf is still nice! netconf is the network partition of that I think. The list goes on i bet
Berto
--
Evan
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
10 characters??? Seiously, pasphrases should be longer. But I wasn't writing this post to flame the length of your pasphrase. I wanted to add to this by saying that keychain will save you from having to repreatedly enter your passphrase. It's a front end to ssh-agent that allows you to enter your passphrase once and have it available system wide. Normally you have to enter your passphrase for every login session. Most distributions include keychain. For a good how-to see this page.
Cliff,
/RCS`pwd`; ln -s /RCS`pwd` RCS" in all directories where I modify configuration files, and then use RCS to manage them. I wish tools like webadmin did this underneath, or a versioning filesystem for configuration files was available.
It's definitely not easier or more automated, but I just HAVE to: "mkdir -p
KDE's Print Manager. I've struggled for hours and hours trying to get my printer to work using the instructions from linuxprinting.org as well as CUPS documentation. I'm sure foomatic automates a LOT of stuff you'd have to do manually, but it still was falling pretty short. Such as the margins adjustment step and trying to set the hardware clipping plane... Even after I sit around with a ruler and doublecheck exactly which arrows on the page they're referring to, how do I enter stuff like "" or whatever? I tried at script's waiting prompt, and it just complained. After trying as many permutations of entering the data as I could think of, I finally gave up.
/dev/lp0? localhost? Just a comment for people to look at? It's probably in the documentation somewhere (if you even guess which piece of documentation you should look at for something simple like, say, USING the damn thing) but I must've just kept overlooking it.
And yes, I did try the web interface built-in to CUPS, but I would run into things like the "Location" blank. What's that?
"There's got to be a better way," I said to myself. Lo and behold, KDE Print Manager. Worked like a charm. Even informed me that "location" was an optional string of text for users. Sure, Print Manager isn't perfect, but then again, who is?
Good for you, though it's probably not a great idea to name customers on a public forum like this. Advertising "JPL have exactly 3 open ports on their firewall" isn't the kind of thing they'd necessarily choose to air in public. Just my 2p,
Author, Shell Scripting : Expert Re
e3
pico/nano
ps
top
ifconfig
and othere I cant think of atm because I use them so much, I cant actually remember the programs, but know to use them.
yast (or yast2 for the gui), its gpl'd - does anybody know of a slackware port?
-
Task: Add this printer to 200 machines. You have 5 different un*xes (and different versions of each of those around).
- We need to change the sudo file on 200 servers.
- Update
/etc/mail/access on 6 machines in 4 locations (and 3 continents). Oh, we forgot this, do it again.
- Make sure $THIS is in the sybase's crontab on all the sybase server.
- Patch all the Solaris 7 machines with this new patch cluster. It's urgent. (and we have 50 of those machines scattered around the world).
- Change the (locally stored) root password on all the machines we take care of because X just got fired, but we couldn't tell you till now).
- Rebuild the 2 HA database servers (one at a time) and make sure they have the current patches and access to the new partitions on the SAN
vi! webmin. heh.no, nfs is not used
My partner took the Solaris Advanced Certification tests (someone else was paying and what the hell). She screwed up the parts about AdminTool. Someone who'd been using Unix since the 80s. She came home raging: AdminTool!! If I ever hired a senior admin and they kicked up admin tool, I'd fire them before the windows finished opening.
I find these single machine solutions quite quaint.
No, I'm delighted to have my cfengine scripts that go through /etc/ and make sure that inetd.conf is stripped, and that rpcbind and nfs aren't running on standalone servers and that the Right Stuff is in the Right Config files and that permissions are correct.
Best part is that I can run it again anytime later to redo that (or with '-n' to just show me what's changed).
And if it uses CVS to pull down $Today's configs, then so be it.
Not because they are bad or anything, but every configuration tool has it's limits, and usually if you have control over a server you WANT CONTORL over a server, otherwise you run windows and just clickaround .. (pcanywhere or some other horror no-dialup bw sucking monster.)
/usr/local/etc/ or mcedit -ing it
.... and not really a config tool, but APT is your friend on a remote server where there are no handy CD-s (I would mention BSD ports system to, even better than APT (DO NOT FLAME ME FOR THAT - I love apt too))
Anyway, so you install the newest apache, or ipfw, or ipchains or iptables, and you just realise that there is no option for that tiny special bit of config input that you need in webmin or whatever else you try....
so you (ME always) end up ssh-ing and just vi
on the other hand I would say webmin is pretty decent
wget --recursive http://www.ibiblio.org/pub/Linux/docs/HOWTO/other- formats/html_single/
Anybody want a peanut?
Personally, I'm a fan of rcs.mgr. It uses a Perl script frontend to manage an RCS baackend, with all sorts of logging, roll-back, and other options.
Seriously, that's the number one configuration tool you could possibly own. It always baffles me how many "Technology Coordinators" or other official IT guys know jack (or less!) about systems administration. These are the type of people you'd never consider giving root to on a server you administer. These are the type of people that don't understand why a server that's a month old would need to have patches and other updates done on any of the hundreds of packages that run on it. (I ran into this comment again just the other day by an "admin") Hands down the best tool available on the market today for Linux system configuration is a half-assed decent administrator. That's one area where you can't afford to be a cheapskate.
- vi(m)
- mc
- xterm
- nano
- Sprite/7-Up/Sierra Mist
- Chocolate
- Doritos (or any kind of flavored chip)
- Skoal
- More Doritos
- Even More Sprite/7-Up/Sierra Mist
Obviously the only real answers are 1-3 with a very occasional use of 4.--
If I actually could spell I'd have spelled it right in the first place.
I'll third or fourth or whatever here, but bend the recommendation toward nano instead. Why? Because it's free-as-in-Debian, and can therefore be ever-so-slightly more easily installed after a quick dumping of Knoppix or Mepis onto a hard drive :)
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
I set up a sudo account to let a normal admin
/bin, /dev, etc - that's for the packages to install stuff in.
* install software
* administer networking
* administer users
* change ACLs of existing files
Then set the root password to something random. An admin doesn't need R/W permission to
Hence rm / -rf (yes, that's the proper way to rm) won't work. Cause the admin doesn't have the root password and its set to random garbage. Anything they want to do they can use sudo for.
Most people don't realize that up2date (as of EL3 / FC1) can talk to four types of repositories: RHN, Yum, Apt, or Dir.
/etc/sysconfig/rhn/sources.
These are configured in
You can have as many sources as you want, of each type (apart from RHN, since its systems management stuff means you'd ponly want a machine subscribed to one RHN server). Dependencies can be resolved between any repository.
Dir repositories are particularly neat - just a dir full of packages. You don't need to make indexes like you would with yum or apt. Just mention the dir in your sources file.
up2date -i foo
Downloads and installs package foo and all its dependencies.
up2date -u
Updates the whole system.
up2date --showall
Shows all the packages available.
Admitedly when I started writing my book (Automating UNIX and Linux Administration) I had barely used cfengine and it was going to be just a small part of my book, but it turned out that I liked it so much that it became one of the major focuses in the book.
I think that even with as few as 5 systems it is worth the effort... especially if the systems are largely similar.
man
Oh well, what the hell...
I'd have to fire myself...
I've written 4 or 5 of my top ten favorite tools, but for the office, which means it falls under some legal stuff that says I can't talk much about them...
I use pico all the time. VI and it's associated cousins are hellish to use without a manual. Nobody other than a real geek will use VI, yet it is the default editor in many non-graphical systems.
Linux will never go mainstream if arcane tools from the 70's are preferred.
Not one person mentioned 'find'. The end all be all tool, you can do so much with find. I am little sad about this, perhaps this webmin thing has made you all weak. ;)
If we don't make light of everything, we are just stumbling in the dark - Blank
I use 'view', which is equivalent to vi -R (vi in readonly mode) instead.
Of course, in practice, very little, as most places where you can put a "password" you can put a "passphrase", and vice versa. (Except on the Web, where every server just has to be different.)
If you're going to have a passphrase, the intent is usually to type in a long-ass sentence which is easy to remember but harder to crack than most passwords, like, "I was born on a Sunday, but you don't need to know that, because you're a stupid hacker, hahaha, now go away." A 10 character passphrase sounds more like a password to me.
[0] [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
http://www.thinkgeek.com/caffeine/
Thanks.
Now I can use my term again after my "/dev/input/mice test" during install...
Karma: Contrapositive
1. Emacs
2. Perl
3. ssh/scp
4. Emacs
5. CPAN (and search.cpan.org)
6. screen
7. Perl
8. Emacs
9. Google Groups
10. cperl-mode
HTH.HAND.
Cut that out, or I will ship you to Norilsk in a box.
I used to use a little GUI utility called "linuxconf" way back when. It wasn't pretty, but it worked well and didn't consume many resources (heck, it ran well on a 33 MHz 486!). So... anyone know what happend to linuxconf?
I've tried keeping a central nfs share of common files, but one of the very annoying things about this is that when a box goes down the OS still thinks that the directory is mounted and will not unmount it. I'm not sure at the moment if it is the sharer or the sharee, but unmounting of filesystems is one of the vital steps in shutting down a box cleanly.
Any advice? I think I saw some mount options that may remedy this, but I didn't have time to check it out.
Not to be pedantic, but if it requires X it fails the remote administration test. I have more headless linux boxes then otherwise. The overhead of X causes potential instability not to mention a WM on top of it. Any great linux config tool should keep in mind that headless is as useful as the alternative.
> A is for awk, which runs like a snail ;-)
Yeah, these days we use Perl for that stuff.
> B is for biff, which reads all your mail
Emacs/Gnus takes care of this, thanks. (Yeah, I know that's not really
what biff does, but hey, it's what the poem says.)
> C is for cc, as hackers recall
C is for nursing along old legacy code that hasn't had the good graces to be
rewritten in a real language yet; for new stuff we use high-level languages.
> D is for dd, the command that does all
I must admit that this one is still handy from time to time...
> E is for emacs, which rebinds your keys
Can't live without that...
> F is for fsck, which rebuilds your trees
One word: journaling.
> G is for grep, a clever detective
I admit I still occasionally use this, but Perl's regexen are more powerful.
> H is for halt, which may seem defective
I usually use shutdown or init when I need to do hardware maintenance.
> I is for indent, which rarely amuses
Emacs does this automatically, of course. Has for years.
> J is for join, which nobody uses
Indeed, what does it even do? From a quick look at the man page, it looks
at first glance like a Perl one-liner, give or take a dozen strokes.
> K is for kill, which makes you the boss
I do still use this sometimes.
> L is for lex, which is missing from DOS
Isn't that one of those C things? Its days are numbered.
> M is for more, from which less was begot
With eshell (the Emacs shell), there's no need for a pager any longer.
This letter should now go to man, IMO.
> N is for nice, which really is not
Here's another one I must admit to using occasionally. Also renice.
> O is for od, which prints out things nice
I had to use man to even find out what this does, and then it turns out
to be something I'd almost never use, but if I did need that functionality,
I could do it in a Perl one-liner faster than look up the od manpage again.
> P is for passwd, which reads in strings twice
> Q is for quota, a Berkeley-type fable
Okay, those might still be relevant.
> R is for ranlib, for sorting a table
Definitely a Perl job, that.
> S is for spell, which attempts to belittle
Emacs has ispell/aspell integration these days.
> T is for true, which does very little
Indeed.
> U is for uniq, which is used after sort
Another thing we use Perl for in the modern era.
> V is for vi, which is hard to abort
If you really want vi (*WHY*?), Emacs has a version of it built in.
> W is for whoami, which tells you your name
If you need a program for that, commands aren't going to solve your problems.
> X is, well, X, of dubious fame
Emacs has better colors if you use X. 24-bit. Without it, 16 colors.
> Y is for yes, which makes an impression, and
I suppose...
> Z is for zcat, which handles compression
Most of us use either zip (or Archive::Zip) or gzip (or Zlib) for that now.
We'll say zip, because it starts with z and so won't screw up the poem any
worse than I already have
Cut that out, or I will ship you to Norilsk in a box.
Less also has this freakish tendency to do a screen-clear when you exit, making it completely useless for reference work in a shell.
/etc/profile.
If someone has a way to make this stop, then I'll forgive less, but it still won't stop me from doing
PAGER=more
export PAGER
in
The installation CD's for various distributions and the gentoo CD's make excellent starting points for CD distribution firewalls, system recovery tools after someone has hand-edited /etc/passwd and accidentally corrupted the "root" entry, scrubbing Windows and other machines before they leave the building, and probing new hardware configurations with a known kernel before you try to actually install the darned OS.
10. pico
9. nano
8. joe
7. kcontrol
6. ksysv
5. kpackage
4. knoppix-autoconfig
3. YaST
2. linuxconf
1. CowboyNeal
Codifex Maximus ~ In search of... a shorter sig.
And I would move to joe if I ever encountered a configuration file that contained anything but US-ASCII, which I have not.
And even if I did (let's say I was looking at a file with messages in multiple languages), nano won't munge the Unicode, it would just ignore it. I definitely wouldn't be using a terminal-based editor when entering text with extended character sets in a document.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Hi all. I prefer to answer the question as the best sysadmin tools that aren't always commonly used. Try:
l isa-paper_html/ for details (or, alternatively, use mine when I release it on the 'Net)d min.html
1. Go to www.infrastructures.org
2. Read each section, and select a tool which achieves the goal of the section
3. ???
4. Profit
The steps above will generate a good top 10 list.
Alternatively, you can use my list:
1. cfengine
2. Templating on cfengine config files (I use perl to template them); cfengine is better than anything else similar I've tried (although I haven't tried LCFG), but it still needs perl templating to make it work properly
3. Some kind of database; see http://astro.uchicago.edu/~davidr/cfengine-tools/
4. An ACAP server: http://infotrope.clues.ltd.uk/ (ok, I admit -- I've never set up an ACAP server, but they could become increasingly useful in the future, reducing support costs and the like)
5. Learn how not to be stupid about administration: http://users.sunet.com.au/~tsn/sysadmin/good_sysa
PS. Sorry about the anonymous posting, but this is a public terminal
vi. Just because when all else fails, vi sems to be universal. You can count on it being there, on most any *nix type of system.
C|N>K
I guess I'd answer your question with another question... top ten tools for what job?
... I guess it's really the right tools for the right job, which is entirely dependent on what you're doing...
Hardware configuration OS installation Software installation Software security Software managment Network security Network Configuration . . . etc.
Among the tools I use most often in a given day...
ls mv cp ln make
vi *vi tops of the list of all time most useful tools for nearly all occasions imho*
ps netstat find perl sh cat awk sed
as far as security, some useful tools
chkrootkit nessus tripwire cisscan bastille guarddog netsaint snort iptables tiger sara etc.
Networking tools?
telnet ssh netconfig ifconfig route netstat (again) any/all of the service oriented tools... etc....
This list could go on forever... there are just so many tools available
IMHO, it would be more intelligent to give a seminar on overall system competency than tools. Programming/scripting capability, hardware understanding, understanding networking (even if only at a rudimentary LAN level), understanding the OS itself (ala where files are, file permissions, how to lock down the system at a service level, and a kernel level, etc. etc. etc.) If you have a core competency in linux and a fundamental understanding of the OS and hardware platform then toolsets become a luxury not a necessity. In the end, for me, the number 1 tool that I've used in almost any situation has been vi.
I'd be lost without my linux OS.
....and keep your mouse where I can see it.....
Slashdot, where armchair scientists get shouted down and armchair theologians get modded up.
But that's would be too easy.
"The D command is unknown."
common typo for you emacs weirdos, ':wq' would have been the correct answer.
Probably webmin is one I would use if I would use any. It's more satisfactory to know what you actually did and edit the config file yourself. And most of the time you run into some wierdness and have to change a setting, the documentationn points you to the file, not webmin or linuxconf (which I really hate) so you have to actually understand and fix the problem.
Jedis are stupid. If they were so powerful, why couldn't they handle counseling for a kid who missed his mom?
My 10 favorite linux configuration tools? Let's see:
- Left little finger
- Left ring finger
- Left middle finger
- Left index finger
- Left thumb
- Right little finger
- Right ring finger
- Right middle finger
- Right index finger
- Right thumb
Yapp, that sums it up nicely.If a train station is a place where a train stops, what's a workstation?
I had no idea it was possible to make vi even more annoying!
*ducks*
If a train station is a place where a train stops, what's a workstation?
shutdown -h now
Could you please provide an example. I fail to see how version control can be used in sysadmin tasks. Yes, I'm a sysadmin (Linux/Windows) and a programmer who uses Subversion for my programs. If it's used as a kind of replication tool, why not use rsync ? Enlighten me please.
Non-Linux Penguins ?
while (!asleep()) sheep++
Just like UNIX. Contrary to popular belief, UNIX is user friendly. It just happens to be very selective about who it's going to be friends with :)
Woefdram, l'apprenti sorcier
intr If an NFS file operation has a major timeout and it is hard mounted, then allow signals to interupt the file operation and cause it to return EINTR to the calling program. The default is to not allow file operations to be interrupted.
No - in the context of SSH, a passphrase is the key which encrypts your private SSH key with some symmetric cipher. So it's used quite differently from a standard Unix password, which is just a one way hash (crypt, or MD5 on more modern systems) of your plaintext password.
You're free to put whatever you like in a passphrase or password - but using plain dictionary words is a bad idea in either case. Longish sentences of words are much better.
10 seconds reading the man page says doing
the following will stop LESS from doing that:
export LESS="-X"
You could put that in your ~/.bashrc
Didn't read all replies, so don't know if it has been mentioned, but: apt-get.
1) apt-get update;
2) apt-get upgrade;
3) go home or close terminal / putty;
4) ??;
5) do profitable/fun stuff.
Passing silhouettes of strange illuminated mannequins
Unfortunately, this doesn't work in all terminal emulators (konsole is one example).
HAND.
I learned something on slashdot! Thanks!
Actually that should be just X not -X.
/rmcup=, /; s/smcup=[^,]*, /smcup=, /' > /tmp/$TERM.src /tmp/$TERM.src /tmp/$TERM.src
Anyway that may be a little drastic as
it causes no terminal initialisation to
occur which may affect things like cursor
keys etc.
Other useful LESS options to add to the
environment variable are F to auto exit if
only one page, and Q to not ring the bell.
If you want to turn off this "clear screen"
thingy for all your terminal apps do:
mkdir -p ~/.terminfo
infocmp $TERM |
sed 's/rmcup=[^,]*,
tic -o ~/.terminfo/
rm
you can also type 'tack' then q this is the way i fix it
emerge, nano, cat, less, grep, ps, kill, nohup and of course a lot of bash.
Anyone out there use Tripwire? GNU version or full version. Pretty awesome program, but the real version can get a bit pricey. AFICK possibly?
I don't use any utilities in particular for configuration. We "roll our own" scripts for server management. I use lshw, demidecode, dmesg, netstat, ifconfig, sfdisk, diff, etc. in scripts to gather system information and use vi and cron to automate updates, changes, and do routine security monitoring. No GUIs. Always interested in new utilities for gathering information from Linux systems. We use Red Hat AS. In scripts I use awk, sed, rpm, grep, scp, sftp, cut, cat, diff, df, crontab, ps, etc. Standard scripting commands and shell scripts. I hear that HP has ported lanscan and ioscan to Linux, but can not find anything about this on HP's doc site. Anyone using these? Thanks.
Kinda off topic... But still cant find a solution.
I studiosly use bash on AIX, HPUX, Solaris ( at work ) and on Linux (at home).
When I telnet to any of these unix boxes Bash craps out, at the end of the page and end of line. It starts wrapping around what I type and over previous lines as the line starts to wrap. I cant even see what I'm typing.
ZSH fortunately does not have such issues. However zsh is not prevalently used on all the boxes I log on to..
Does anybody have a solution for this ?
whereis biff? crypt at source. biff cut yacc tail, yacc cut biff finger.
x ,.html
"awk!," sed biff.
"ar, ar!" sed yacc.
ksh, bash! man cut head, kill yacc at last, make strings.
exit crypt, find mail from su. od. "date? yes." biff find su nice. make time, date. find su at wall. tee, talk.
ed: "tip: find jobs, biff."
"yes, make tar," sed biff.
su, biff date more: touch, strip, sleep.
"su, inetd perl," sed biff.
"yes!" sed su.
--
Shamelessly stolen from:
http://www.netfunny.com/rhf/jokes/92q1/uni
Where are the open source equivalents to the Astaro Security Linux distro with its very friendly integrated config tools? Or consider all the pre-built (and expensive) security boxes now on the market -- such as Watchguard Firebox or Cisco products. Nothing! We have the raw materials (Linux, iptables, OpenSwan, Squid, Squidguard, Snort, Postfix, Spamassassin, ClamAV, etc.), but no existing projects make these tools usable for the majority of administrators out there -- people who are knowledgable about networking and security, but don't have an expert level knowledge of Linux and the fussy manual configuration of all these complicated pieces of software. The saying that "Linux is free only if your time is worthless" sadly *still* holds true today for many applications. The economic reality is that most small/medium-sized organizations don't have the IT resources to handle the use of common OSS as-is. Therefore, they turn to pre-built solutions--Linux based or otherwise.
The off the cuff remark is usually, "Just use Webmin." But Webmin, at this point, is only good for the most basic administrative tasks. Most modules are half-baked and many are merely web forms to edit configuration files! Webmin does not remove the need for extensive, indepth knowledge of the underlying tools. It does not assist in integration -- such as mobile VPN + firewall rules. It is nothing more than a tool for experts to (maybe) save a little bit of time and not have to use solely ssh and vi.
There are dozens of commercial products that make Open Source server and security tools usable to non-experts (and also much easier for experts without sacrificing capability). There is no reason why the Open Source community cannot do the same.
"more", in its "standard" *NIX form, is forward-scroll only, among many other limitations.
Regular "more" does have the ablity to go backwards, just by hitting the "b" key. I'm pretty sure this feature is nearly as old as the hills, since I *think* I remember using it as far back as Version 7. (*that* dates me some...) I'm sure more has behaved that way in SunOS and Solaris for many years, anyway.
"The future's good and the present is nothing to sneeze at." - Roblimo's last
Usually terminal emulators like Konsole and gnome-terminal have a menu option to "reset" or "reset and clear"
Derek
Don't Panic...
You are correct. I checked it shortly after posting but was too lazy to follow up on it. Less is still better. :-)
Well, not all the time. Almost though! Apple's Terminal.app is extremely unforgiving.
apt, dpkg & lilo are useful, too.
The only way to make it happen every time on every VTxxx is
echo -e \\33c
sends a real reset command to the terminal (emulator)
Yes gnu rm will accept 'file ... [OPTION]'.
However this syntax is non-portable, it's not POSIX and it doesn't work on any other Unix or BSD that I know of.
Yes in some singular instances of typos it can save your ass, however it will not do so in all instances.
*Linux* man pages are generally unmaintained is a true statement. Not so BSDs or the Unix vendors that I have dealt with, where the standard is that if the docs aren't done, the code isn't released.
Linux is Linux, if One need clarify their dist: <Dist>/GNU Linux
bsds are of course just BSD
And this works in Solaris too?
The reason the screen is showing garbage, is because it's displaying everything in the alternate character set (man terminfo).
The most portable way to fix this, it to enter 'tput rmacs' (Remove-Mode-Alternate-Character-Set).
This works on pretty much every flavour of unix I've ever used (about 8 so far).
Linux has its own standards - the Linux Standards Base includes the FHS, Glibc, bash (I think) and GNU coreutils.
It might not be portable to non-Linux OSs, but it'll safely fail over. I'd look at your POV as comparable to saying one shouldn't use finder in OSX as thats not POSIX either.
Linux isn't Unix. It's its replacement.