Slashdot Mirror
Top Ten Linux Configuration Tools?
jman251 asks: "I am presenting at a conference in September on a couple of Linux-centric topics. One of these is a collection of tips, tricks, and tools for configuring, securing, and maintaining a Linux-based server. I have a short list of tools I use, but would like some community input on the subject. What tools do you use that make your admin responsibilities easier or more automated on the Linux platform?"
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Xconfigurator used to be the key thing if you had any graphical needs. But the KDE GUI makes all that graphical tweaking as transparent as windows desktop nowadays.
Webmin. Grab Usermin while you're there.
As admin tool.
http://www.cs.unm.edu/~dlchao/flake/doom/
"What tools do you use that make your admin responsibilities easier or more automated on the Linux platform"
Perl is your friend
PHPMyAdmin
stikeout man and replace it with google.
No Seriously.
Run all the servers (or lab gentoo boxes) at once. Great for mass updates,testing, etc.
Source Forge Page
Spell check? Why bother. That is what grammer/spelling Nazi freaks who waiste band width posting "spell right" are for.
I would really love a nice BIND configuration utility. Something where a whole package like webmin isnt necessary, but it makes life a whole lot easier. Redhats bindconf/redhat-bind-config was nice once upon a time, but getting it to run on anything but redhat requires about 2 gigs worth of obscure dependancies... I want something I can throw on say, a slackware machine, and it just go.
Even better would be something that also tied into dhcpd (these are the ISC daemons Im talking about, folks), that would serve to configuring them both, even on working together in a ddns/dhcp setup.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
OOwriter :-)
Bastille after I have the server built. The interactive mode also provides a great security tutorial.
RCS to provide rollback and change control.
No professionally administered Linux box should be without it.
Always value the individual over the system. --Bruce Lee "I don't need a Sig - I have a custom 191" - me
:D
But that's would be too easy. Seriously, I had to tell the truth (nano is awesome, so is vim, but then so is nano).
And I don't think anyone can fill a top ten list with configuration tools... people use rarely more than one, if any. I know I don't.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
...to help maintain various GForge systems.
Nothing fancy, just twiddling configuration files (httpd.conf, etc), pushing data into a PostgreSQL database, automating StatCVS runs, etc. I keep them in CVS, of course, here.
The Army reading list
netstat -nlp
Turn off all the services you don't need.
but he said configuration tools.
rm, su and bash don't seem to relate.
ls could, but thats a stretch
Dave Letterman's IT crew's Top 10
9) your distro's install disks
8) that other distro(that is better)install disks
7) fdisk
6) ???
5) Profit!
4) google.com or tldp.org (rtfw!)
3) lspci (plug and pray baby!)
2) man (it helps to know what your doing with it)
1) your text editor (vi|emacs|jed|nano|whatever)
0) man (rtfm!)
1) BASH and that means any program that can be included in a BASH shell, ls, cd, rm, mv, chmod, chown, chattr, etc
2) emacs or if FreeBSD, edit
3) PERL
4) IPTables, or if FreeBSD, ipfw
5) ssh
6) telnet
7) gzip/gunzip
8) any of the c compilers, plus gmake or make
9) If setting up a Unix/Linux server inside a private network, nfs
10) If a database is needed then postgreSQL, plus the DBI stuffies, plus DBD, etc. May as well include an Apache web server with mod_perl
Dawn of the Dead
Whatever runs from the bash command line is good enough for me.
No bloated fancy GUI needed, can run remotely over a secure ssh connection, and has all the raw power you need.
I am not a luddite. For some tasks, I will use the GUI tool (e.g. Mandrake Control Center, or Webmin) to do things, when it is faster to do so. But the bulk of what I do is command line.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
I recently discoverd that I can use nohup to start a lengthy process from a remote ssh session, hang up, and check on it later. for example...
nohup emerge sync &
( or nohup make && make install & )
tail -f nohup.out
exit
This is the coolest thing in the world, because I can logout, the process keeps running, and I can check on the progress later from another location.
This is probably no suprise to the graybeards out there, but is sparkly to a n00b like me.
AIDE is good too. I think tripwire is only open source if you get the academic source release. AIDE is open source.
01100010 01101001 01110100 01100101 00100000 01101101 01100101
(I am asking a serious question but now I've read it I think the chances of getting a serious answer are pretty low)
Why would you substitute more for less ?
I've had computers/OS' with more (amiga, riscos, win, I think bbc micros & spectrums also had more) but not seen less until Linux came along.
Whats the diff, is less GNU ?
God, I give up, this question is impossible to phrase without sounding trollish or flamebait, maybe thats why I've never heard the answer to it hehe.
It doesn't require you to run a separate webserver, it comes with its own. There are potential security problems, because in order to modify system configuration files, Webmin must be superuser-equivalent. However, Webmin modules have ACLs, and you can choose to not allow your lesser sysops access to things that might be dangerous.
Webmin has lots of thoughtful touches, like the ability to block certain UIDs and GIDs so that a lesser sysop cannot change the root account (for example). Another bonus is that Webmin users don't have to be regular shell accounts. It's not perfect, but it's still the Swiss Army Knife of configuration utilities.
Fred
"A fool and his freedom are soon parted"
-RMS
Until someone steals your ssh key. Then they will be godlike too.
Sure, ssh keys are convenient, but they don't always replace passwords.
Passwords suck. Oh, and I have a 10 character passphrase on my privatekey that sits on my password protected computer.
I would guestimate that the liklihood that a password has been found or guessed or shown up in a plain text file (my ISP used to have a world readable radius logfile that had passwords in it) or sniffed is much greater than someone logging into my laptop (I have no remote services running) or physically beating me up and getting my key and passphrase from me.
I love the classic:
sj (misstyped su)
followed by the root password in plaintext. Gotta love that!
To me, *nix mastery involves learning a bunch of little tricks. There is no 'grand unified front end' that will do it all. Over time, you'll memorize the ones you use all the time. But some you'll figure out but forget if you don't write them down somewhere (e.g., how to do a 'find' with regular expressions and execute a command on each result). I keep mine in a wiki, a bit haphazzard, but always ready on the web and easy to edit, which means you'll use it.
Oh yeah, learn regular expressions. The O'Reilly book is great. The time investment *will* pay off.
Does it hurt to hear them lying? Was this the only world you had?
RPM records the MD5sum, change time, permissions, and a bunch of other stuff on every file it installs.
/var/lib/rpm.
/mnt/cdrom
This is saved into the RPM database in
You can use RPM as an IDS by backing up the database to a read-only media and then use, for example:
rpm -V coreutils procps net-tools --dbpath
To see if someone's installed a root kit (if someone has, they'll have to at least modify top, ps, and netstat, which are included in these packages).
Unlike tripwire, you're not forever having to update policy files.
Good for you, though it's probably not a great idea to name customers on a public forum like this. Advertising "JPL have exactly 3 open ports on their firewall" isn't the kind of thing they'd necessarily choose to air in public. Just my 2p,
Author, Shell Scripting : Expert Re
Admitedly when I started writing my book (Automating UNIX and Linux Administration) I had barely used cfengine and it was going to be just a small part of my book, but it turned out that I liked it so much that it became one of the major focuses in the book.
I think that even with as few as 5 systems it is worth the effort... especially if the systems are largely similar.
I use pico all the time. VI and it's associated cousins are hellish to use without a manual. Nobody other than a real geek will use VI, yet it is the default editor in many non-graphical systems.
Linux will never go mainstream if arcane tools from the 70's are preferred.
you can even set it with LESS=X ; export LESS
And I would move to joe if I ever encountered a configuration file that contained anything but US-ASCII, which I have not.
And even if I did (let's say I was looking at a file with messages in multiple languages), nano won't munge the Unicode, it would just ignore it. I definitely wouldn't be using a terminal-based editor when entering text with extended character sets in a document.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Of course I could read other posts before hitting "Reply", as mentioned in another thread:
bash completion
is a good start.
Be nice to people on the way up. You will meet them again on your way down!
you can also type 'tack' then q this is the way i fix it
I don't use any utilities in particular for configuration. We "roll our own" scripts for server management. I use lshw, demidecode, dmesg, netstat, ifconfig, sfdisk, diff, etc. in scripts to gather system information and use vi and cron to automate updates, changes, and do routine security monitoring. No GUIs. Always interested in new utilities for gathering information from Linux systems. We use Red Hat AS. In scripts I use awk, sed, rpm, grep, scp, sftp, cut, cat, diff, df, crontab, ps, etc. Standard scripting commands and shell scripts. I hear that HP has ported lanscan and ioscan to Linux, but can not find anything about this on HP's doc site. Anyone using these? Thanks.