Top Ten Linux Configuration Tools?
jman251 asks: "I am presenting at a conference in September on a couple of Linux-centric topics. One of these is a collection of tips, tricks, and tools for configuring, securing, and maintaining a Linux-based server. I have a short list of tools I use, but would like some community input on the subject. What tools do you use that make your admin responsibilities easier or more automated on the Linux platform?"
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Webmin. Grab Usermin while you're there.
As admin tool.
http://www.cs.unm.edu/~dlchao/flake/doom/
"What tools do you use that make your admin responsibilities easier or more automated on the Linux platform"
Perl is your friend
Bastille after I have the server built. The interactive mode also provides a great security tutorial.
RCS to provide rollback and change control.
No professionally administered Linux box should be without it.
Always value the individual over the system. --Bruce Lee "I don't need a Sig - I have a custom 191" - me
Whatever runs from the bash command line is good enough for me.
No bloated fancy GUI needed, can run remotely over a secure ssh connection, and has all the raw power you need.
I am not a luddite. For some tasks, I will use the GUI tool (e.g. Mandrake Control Center, or Webmin) to do things, when it is faster to do so. But the bulk of what I do is command line.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
I recently discoverd that I can use nohup to start a lengthy process from a remote ssh session, hang up, and check on it later. for example...
nohup emerge sync &
( or nohup make && make install & )
tail -f nohup.out
exit
This is the coolest thing in the world, because I can logout, the process keeps running, and I can check on the progress later from another location.
This is probably no suprise to the graybeards out there, but is sparkly to a n00b like me.
It doesn't require you to run a separate webserver, it comes with its own. There are potential security problems, because in order to modify system configuration files, Webmin must be superuser-equivalent. However, Webmin modules have ACLs, and you can choose to not allow your lesser sysops access to things that might be dangerous.
Webmin has lots of thoughtful touches, like the ability to block certain UIDs and GIDs so that a lesser sysop cannot change the root account (for example). Another bonus is that Webmin users don't have to be regular shell accounts. It's not perfect, but it's still the Swiss Army Knife of configuration utilities.
Fred
"A fool and his freedom are soon parted"
-RMS
Until someone steals your ssh key. Then they will be godlike too.
Sure, ssh keys are convenient, but they don't always replace passwords.
Passwords suck. Oh, and I have a 10 character passphrase on my privatekey that sits on my password protected computer.
I would guestimate that the liklihood that a password has been found or guessed or shown up in a plain text file (my ISP used to have a world readable radius logfile that had passwords in it) or sniffed is much greater than someone logging into my laptop (I have no remote services running) or physically beating me up and getting my key and passphrase from me.
I love the classic:
sj (misstyped su)
followed by the root password in plaintext. Gotta love that!
Admitedly when I started writing my book (Automating UNIX and Linux Administration) I had barely used cfengine and it was going to be just a small part of my book, but it turned out that I liked it so much that it became one of the major focuses in the book.
I think that even with as few as 5 systems it is worth the effort... especially if the systems are largely similar.