Slashdot Mirror
Top Ten Linux Configuration Tools?
jman251 asks: "I am presenting at a conference in September on a couple of Linux-centric topics. One of these is a collection of tips, tricks, and tools for configuring, securing, and maintaining a Linux-based server. I have a short list of tools I use, but would like some community input on the subject. What tools do you use that make your admin responsibilities easier or more automated on the Linux platform?"
rm -rf /home
That'll teach those pesky users....
Webmin. Grab Usermin while you're there.
su
df
du
ls
rm
passwd
chown
vi
more
bash
Hey, you asked for it - No clicky links to read.
man and vi
Seriously.
As admin tool.
http://www.cs.unm.edu/~dlchao/flake/doom/
"What tools do you use that make your admin responsibilities easier or more automated on the Linux platform"
Perl is your friend
Most of the pc's I see are windows, so I'd have to say my most used tool is fdisk.
Knoppix is a nice solution too when I don't have time.
=================
Unix is very user friendly, it's just picky about who its friends are.
I use Computer Management. It's located under Administrative Tools in the Control Panel. It's really great for... wait a minute... looks around... wrong site...
takes a couple steps back...
CVS or your favorite equivalent is vital in any multi-sysadmin environment. Operating without your configurations in CVS is like juggling priceless eggs in variable gravity.
Emacs! No, vi! No, Arrrrrrgh!
Tripwire is a very easy to use intrustion detection system. If you follow the documentation, and implement it properly (storing the statically linked binary + database files on read-only media), it will make things very hard on a potential hacker.
What good are all your commands with no shell? ? ?
Llywelyn Fawr
cfengine (http://www.cfengine.org) is
the best automation tool for unix and unix-like
environments. Hands down.
It's a little hard to configure sometimes, but
worth the effort.
It's easy to use, I just pick up the phone, ask Tim to fix this Linux thing.
Easy-peasy.
Or I just do what Vigor tells me to do.
The Kruger Dunning explains most post on
I'd put Webmin on my #1 list for best Linux admin tools. phpmysql is probably second (or the postgresql equivalent), and all the necessary toolkit apps like nmap, ethereal, netcat, etc.
... the most important tool is the brain :) As an admin, whatever you do, if you don't think enough on it you deserve what could happen.
As "admin suite", i.e. a single program to do a lot of administrative tasks, maybe YaST could be a good start. I'm not use webmin, tried it some years ago and don't liked the idea, but could be useful for a lot of people too.
And about individual tools, well, bash, vi, perl, mc, awk, the gnu text/file/shell utilities (cat, grep, ls, cut, chmod, etc) are essential.
Last but not least, a "tool" is also something that help you to use what you have available already. Man pages, the HOWTO collection, a lot of O'Reilly books, and Google are examples of that kind of tools.
Vi user 1: KILL THE TROLL
....
Vi user 2: Mesmerize this so-called-pico-mesiah
Slashdot winfiend1: I for one....
Slashdot winfiend2: Imagine a
Emacs user 1: Damn, the vimers beat us to the hangin!... we cant say kill him, they already did...
Emacs user 2: Its Gnu-Pic.... oh wait...
NO SIG
That's all I can think of now. I'll think of others later.
I can't believe with all these posts that the only one(s) that actually respond to the question are about Webmin!
Don't get me wrong, Webmin is great, it's at the top of my list fer shure, but that's not the be-all and end-all of systems management!! What about actual convenient tools like MRTG, Novell's eDirectory, RedCarpet, etc. etc.?
Heck, I'm reading this article hoping to pick up a few tips myself and all I'm seeing are scripting languages and text-editor flame wars, (all of which can/should be moderated Off-topic or Funny).
So, anybody actually got anything useful to contribute besides Webmin?
"Ed is the standard text editor."
/bin/ed /usr/ucb/vi /usr/bin/emacs
l o?
And ed doesn't waste space on my Timex Sinclair. Just look:
-rwxr-xr-x 1 root 24 Oct 29 1929
-rwxr-xr-t 4 root 1310720 Jan 1 1970
-rwxr-xr-x 1 root 5.89824e37 Oct 22 1990
Of course, on the system *I* administrate, vi is symlinked to ed.
Emacs has been replaced by a shell script which 1) Generates a syslog
message at level LOG_EMERG; 2) reduces the user's disk quota by 100K;
and 3) RUNS ED!!!!!!
"Ed is the standard text editor."
Let's look at a typical novice's session with the mighty ed:
golem$ ed
?
help
?
?
?
quit
?
exit
?
bye
?
hel
?
eat flaming death
?
^C
?
^C
?
^D
?
---
Note the consistent user interface and error reportage. Ed is
generous enough to flag errors, yet prudent enough not to overwhelm
the novice with verbosity.
"Ed is the standard text editor."
Ed, the greatest WYGIWYG editor of all.
Computer Science is no more about computers than astronomy is about telescopes. --E. W. Dijkstra
Also, it kills me to see *NIX people still using passwords all the damn time. CVS + ssh keys = godlike.
/usr/local over nfs is good too. The only issue is that you may have to configure some packages to use a local filesystem for configuration files, keys, etc.
:)
Things I do. syslog to a common place. I have cloning scripts to dup a machine to a basic setup (poor mans jumpstart but faster and easier).
Perl and sed come in handy. Rsync (again with ssh keys) is good.
Oh yeah,
With these tips and tricks I can do whatever I need to do over a dialup connection anywhere in the world (I've only tested this from coast to coast in the US thought, but I believe it will scale worlwide
There are four of us who do *nix admin for over 600 *nix machines, more than half of which are linux boxes (both workstations and servers.) SSH with X displayback on a 100Mbit switched network is such a godsend I can't even begin to imagine life without it. I probably generate more SSH sessions in a normal workday than I do HTTP sessions. (Yes, that does include
I also think it's well worth your while to understand SSH's more esoteric tunneling capabilities... Recently I had to support a research group who was doing a demo at JPL and they were behind a very restrictive firewall but needed to do control and image transfer from a robot framework here in Massachusetts, and the researchers who'd coded the software hadn't implemented any kind of authentication layer. We were able to do everything using SSH tunneling over one of the three ports allowed through JPL's firewall (and they could IMAP their mail from our servers as a side bonus) without exposing our servers or JPL to unencrypted protocols of any kind.
Need a UNIX/Linux/network guru in the Boulde
Whatever runs from the bash command line is good enough for me.
No bloated fancy GUI needed, can run remotely over a secure ssh connection, and has all the raw power you need.
I am not a luddite. For some tasks, I will use the GUI tool (e.g. Mandrake Control Center, or Webmin) to do things, when it is faster to do so. But the bulk of what I do is command line.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
Seriously, you need to have a drive to constantly learn more. That's more valuable than any pre-written config tool out there.
I know that's not what you wanted; but it's really true. A desire to constantly increase your own knowledge is paramount.
Hot Damn! It's the Soggy Bottom Boys!
1. Nagios: monitors your servers/services, amails, pages, sends a carrier pigeon when one goes down.
2. Logwatch: Logwatch is something that should be used by every Unix/Linux SA everywhere. It gives you a daily snapshot of events in your logs
3. Mon: Nice, simple, easy. If your webserver goes down, your secondary can bring up a virtual ip a couple of seconds later. No more annoying three am phone calls
4. Snort/ACID: lets me know if a virus breaks out, or if there are stupid script kiddies trying to brute force their way in.
5. Nessus: run it early, run it often. Figure out any holes you have in your security, and make sure you fix them.
There's more, but you should really do some of your own homework.
RandomAndInteresting.comdefending the world from stupidity since 1979
Who exactly is your target audience? People who've never seen UNIX, people who've worked on UNIX environment for years? What is it you are attempting to accomplish with them?
Most of my list would be boring to people who know a lot about UNIX, however some of them are Linux specific.
It doesn't require you to run a separate webserver, it comes with its own. There are potential security problems, because in order to modify system configuration files, Webmin must be superuser-equivalent. However, Webmin modules have ACLs, and you can choose to not allow your lesser sysops access to things that might be dangerous.
Webmin has lots of thoughtful touches, like the ability to block certain UIDs and GIDs so that a lesser sysop cannot change the root account (for example). Another bonus is that Webmin users don't have to be regular shell accounts. It's not perfect, but it's still the Swiss Army Knife of configuration utilities.
Fred
"A fool and his freedom are soon parted"
-RMS
Until someone steals your ssh key. Then they will be godlike too.
Sure, ssh keys are convenient, but they don't always replace passwords.
Passwords suck. Oh, and I have a 10 character passphrase on my privatekey that sits on my password protected computer.
I would guestimate that the liklihood that a password has been found or guessed or shown up in a plain text file (my ISP used to have a world readable radius logfile that had passwords in it) or sniffed is much greater than someone logging into my laptop (I have no remote services running) or physically beating me up and getting my key and passphrase from me.
I love the classic:
sj (misstyped su)
followed by the root password in plaintext. Gotta love that!
1) Yast (I know it's SuSE centric, but it's being open sourced!)
2) OpenSSH... Oh yeah baby!
3) GCC and make... DUH!
4) FTP...I know I know SFTP if you prefer
5) Perl...YUM and even better with perl expect
6) Bash...we all need a CLI
7) Jumpstart...If you manage a lot of solaris boxes, this is your friend
8) Sendmail or postfix...pick your poison
9) nmap...oh yeah, let the Windows guys drool
10) Nagios...monitor that network in style!
GeneralKael -- Slacker Extraordinaire
UN*X/Linux doesn't work that way. You are looking for a one size fits all administrative interface and it doesn't exist.
/etc. You can use this to write program to update different pieces as needed. Any problem you do, you can undo. You can then run a program or use "kill -HUP" to get a process to reread that configuration.
But I can sum up some the key points and bits of wisdom I have picked up over the years.
1) Ascii text is your friend. 98% of all the configuration files for UN*X programs live in ascii files and they "usually" live in
2) Pick a programming language. Perl, AWK, Sed, ksh, all of them. You can use that programming language to role out changes as needed, or make a lot of changes really quickly. RSH/SSH allows you to do that across multiple systems. Use it carefully!
3) Design your environment. If you know what you are going to be using the servers, workstations and/or Linux embedded appliances for you can better decide how to automate it.
4)"Crunchy Cookie, Liquid Center".
In the end you will be automating certain administrative tasks over and over, but not all of them. That's why one size fits all won't work. It becomes a bloated security hole, so you only automate what you need and you automate it in an original and secure fashion.
As for some rock solid TLA recommendations.
SSH - SSH is your friend and as a replacement for RSH and its ilk you can use it to securely automate tasks. read up on ssh-agent for automating ssh access across multiple machines.
mon - How do you know it's working if you don't test it? You need to turn on monitoring, the more specific the test and monitor the better. mon is a good PERL framework for performing any test, and it has a lot of prepackaged/contributed test scripts that come in handy.
LDAP - Lots of UN*X environments are moving to LDAP to store enterprise wide information. It depends on how big of a UN*X environment you are setting up but having a centralized directory ala LDAP can be quite handy.
PAM/NIS - Plug In Authentication Modules. You can use these to have a centralized authentication server, cuts down on password updates. NIS+ is a tried and true system for stitching UNIX Systems together but I've only seen it installed in 1 UN*X environment and I've worked in several.
If you are looking for a prebuilt system or paradigm like Microsoft Server then you need to look to Redhat, Debian, else you are going to work from the need/application outwards.
Whatever you do more than once you will automate. When you no longer can budget the amount of UN*X Admins you will need you will start to build "tools" to delegate routine tasks, these will eventually become web pages, the web page will become an application. The application will become an acronym. The acronym will become a skill. The skill will become a job requirement HR will use to backfill a position. That's the way it goes.
Enjoy!
"Don't fear death... fear not living..." -me
Ask for the Top Ten tools, and most of your time spent reading the responses will be wasted, because of the overlap of the answers. If people list what they *genuinely* think are the Top Ten, there will be very few answers which are unusual or surprising (and still useful).
I think it would more useful to ask for the Top Ten MOST OVERLOOKED tools, or the most under-used, the most mis-used, or the ones whose full power is forgotten, unrecognized, or unused.
and the console spits out junk until you close that shell.
Just so you know, when you accidentally cat a binary file and it changes all the letters in your console to garbage characters, just blindly type
reset
and hit Enter. Fixes it every time.
Intelligent Life on Earth
If Perl is God, then nobody would be able to understand the bible.
... oh wait.
When I don't have time to figure out goddamn control chars, and just want to edit a config file without having to resort to IRC, man pages, and poor documentation -
I USE FUCKING PICO.
All the commands are right there. On the screen.
Maybe this elitist attitude is why Linux isn't ready for the desktop. Now mod me Troll, bitches.
I regularly access dozens of *nix systems (mostly linux & solaris). I love the fact that I can enter my privatekey password once on booting my laptop, and then have a tool handle all the ssh-agents in subsequent sessions. Entering one (very long and tangled :) password once is so much nicer than having to enter passwords every time I connect to a new system...
http://www.gentoo.org/proj/en/keychain.xml
Also, (obligatory) perl is great and larry wall is my hero...
-
Task: Add this printer to 200 machines. You have 5 different un*xes (and different versions of each of those around).
- We need to change the sudo file on 200 servers.
- Update
/etc/mail/access on 6 machines in 4 locations (and 3 continents). Oh, we forgot this, do it again.
- Make sure $THIS is in the sybase's crontab on all the sybase server.
- Patch all the Solaris 7 machines with this new patch cluster. It's urgent. (and we have 50 of those machines scattered around the world).
- Change the (locally stored) root password on all the machines we take care of because X just got fired, but we couldn't tell you till now).
- Rebuild the 2 HA database servers (one at a time) and make sure they have the current patches and access to the new partitions on the SAN
vi! webmin. heh.no, nfs is not used
My partner took the Solaris Advanced Certification tests (someone else was paying and what the hell). She screwed up the parts about AdminTool. Someone who'd been using Unix since the 80s. She came home raging: AdminTool!! If I ever hired a senior admin and they kicked up admin tool, I'd fire them before the windows finished opening.
I find these single machine solutions quite quaint.
No, I'm delighted to have my cfengine scripts that go through /etc/ and make sure that inetd.conf is stripped, and that rpcbind and nfs aren't running on standalone servers and that the Right Stuff is in the Right Config files and that permissions are correct.
Best part is that I can run it again anytime later to redo that (or with '-n' to just show me what's changed).
And if it uses CVS to pull down $Today's configs, then so be it.