Softpanorama
(slightly skeptical) Open Source Software Educational Society

May the source be with you, but remember the KISS principle ;-)

Google   


Unix System Administration Automation Resources

News Solaris Recommended Books Recommended Links E-books, Courses, Tutorials Articles Reference
Baseliners Certification Unix config management  System monitoring Event Correlation Tivoli Tips
Perl admintools Expect ssh Shell Screen mc Social issues
Printing Shell Classic Unix Tools Performance History Humor Etc

The KISS rule can be expanded as: Keep It Simple, Sysadmin ;-)

This page is about enterprise administration of Unix servers. especially Solaris servers.  Enterprise environment has many requirements that  "admin-in-large" should met addition to usual "sysadmins-in-small" staff  typical for small companies. Among additional requirements the key is support of several flavors of Unix. Other worth mentioning differences might include: 

When you think about simplifying and partially automating administration in the large enterprise environment, then large and expensive systems like Tivoli,  HP OpenView,  Sun Management Center  are naturally come to mind. Among enterprise tools this page provides some info on Tivoli just because this is a system that the author has some experience with.

Still but you should not forget about the mini-tools and open source solutions. IMHO one of the greatest tool that simplify Unix administration is an orthodox file manager. If you do not use it, please take a look at OFMs. Windows top OFMs: FAR and Total Commander can be extremely helpful in multiplatform environment.  Unix OFMs are either more limited (deco) or not completely portable (Midnight Commander), but still Midnight Commander make a lot of sense for Unix administrator. The other useful and largely under appreciated tool is folding editor like THE or at least VIM 6.x. I believe that for sysadmin tools one should stick to tools that use text format in configuration files. They are much more manageable that tools that use binary formats.

ssh and VNC are another two cross platform tools that can simplify many tasks without any additional infrastructure. VNC can provide GUI-based environment for remote administration on almost any platform and is very quick and easy to install if you need one ASAP. 

Actually monitoring of servers with open source tools is rather easy if the network connectivity is good. There are a several open source tools that are scalable up to a thousand servers without major problems. If we are talking about Unix servers only, then ssh, Perl and Apache server are enough for pretty sophisticated remote monitoring :-)

Software distribution and configuration management are much more complex things. Here enterprize calss solution like Tivoli Configuration manager might pay off more quickly.

One of the typical configuration management problems that large organizations often have is how to push config files and software updates into multiple boxes after changes in network topology (for example due to acquisition or divesture).  The simplest solution is to have something like a next loop that ssh's into each box and runs a command for us:

for server in `cat machinelist.txt`; do

    echo "running $command on $server"

    ssh user@$server  $command; echo " "

done

Nortel has a nice program called CLIManager (use to be called CLImax) that runs on Solaris, NT and Linux. It  allows you telnet into multiple servers and run commands in parallel. The program formats data to display. Say you wanted to display "ifconfig/ipconfig" on 50 machines, this would format it, so you have columns of data, easy to read and put in reports. Also, has a "Watch" command that will repeat a command, and format the data. Basically, it logs into multiple machines, parses and displays data, and outputs all errors on another window to keep your main screen clean.

Fermi lab has a  free tool called rgang that does (minus the output formatting) similar things and is written in Python: Here is the Abstract

RGANG is a tool which allows one to execute commands on or distribute files to many nodes (computers). It incorporates an algorithm to build a tree-like structure (or "worm" structure) to allow the distribution processing time to scale very well to 1000 or more nodes.

Because the original "RGANG" executes the commands on the specified nodes serially, execution time was proportional to the number of nodes. A parallel version of "RGANG" has been implemented in Python. This version forks separate rsh/ssh children, which execute in parallel. After successfully waiting on returns from each child or after timing out, this latest version of RGANG displays the node responses in identical fashion to the original "shell" version of RGANG. In addition, the latest RGANG returns the OR of all of the exit status values of the commands executed on each of the nodes. Simple commands can execute via this RGANG on an 80 node cluster in about 3 seconds.

To allow scaling to kiloclusters, the new RGANG can utilize a tree-structure, via an "nway" switch. When so invoked, RGANG uses rsh/ssh to spawn copies of itself on multiple nodes. These copies in turn spawn additional copies.

Dr. Nikolai Bezroukov


Notes:
  • Those pages are written by people for whom English is not a native language. Some amount of grammar and spelling errors should be expected.
  • This is a Spartan WHYFF (We Help You For Free) site. It cannot replace the best teachers and the best books.
  • The site contain some obsolete pages as it develops like a living tree... Some links on older pages are broken. Please try to use Google, Open directory, etc. to find a replacement link (see HOWTO search the WEB for details). We would appreciate if you can mail us a correct link.

Search Amazon by keywords:

Google   
Open directory

Research Index

 

Old News ;-)

[May 6, 2008] Key Scripter 1.4 Andrei Romanov

About: Key Scripter listens to key press/release events from a keyboard or a mouse and sends fake key events to an X display. It supports gaming keypads such as the Nostromo SpeedPad and allows the creation and usage of complicated key scripts for games and other applications.

Changes: This release contains a couple of minor bugfixes and an improved example configuration. The development status of Key Scripter is now stable.

[May 6, 2008] Ortro 1.3.0  by Luca Corbo

PHP based

About: Ortro is a framework for enterprise scheduling and monitoring. It allows you to easily assemble jobs to perform workflows and run existing scripts on remote hosts in a secure way using ssh. It also tests your Web applications, creates simple reports using queries from databases (in HTML, text, CSV, or XLS), emails them, and sends notifications of job results using email, SMS, Tibco Rvd, Tivoli postemsg, or Jabber.

Changes: Key features such as auto-discovery of hosts and import/export tools are now available. The telnet plugin was improved and the mail plugin was updated. The PEAR libraries were updated.

[Jan 24, 2008] freshmeat.net Project details for cgipaf

The package also contain Solaris binary of chpasswd clone, which is extremely useful for mass changes of passwords in mixed corporate environments which along with Linux and AIX (both have native chpasswd  implementation) include Solaris or other Unixes that does not have chpasswd utility (HP-UX is another example in this category).   Version 1.3.2 now includes Solaris binary of chpasswd which works on Solaris 9 and 10.

cgipaf is a combination of three CGI programs.

All programs use PAM for user authentication. It is possible to run a script to update SAMBA passwords or NIS configuration when a password is changed. mailcfg.cgi creates a .procmailrc in the user's home directory. A user with too many invalid logins can be locked. The minimum and maximum UID can be set in the configuration file, so you can specify a range of UIDs that are allowed to use cgipaf.

[Nov 27, 2007] Classification of Corporate Psychopaths

Unix administrators need to be aware of this pretty widespread danger.

[Jun 11, 2007] developerWorks AIX and UNIX Technical library view

System Administration Toolkit: Standardizing your UNIX command-line tools
Examine methods for standardizing your interface to simplify movements between different UNIX(R) systems. If you manage multiple UNIX systems, particularly in a heterogeneous environment, then the hardest task can be switching between the different environments and performing the different tasks while having to consider all of the differences between the systems. This article does not cover specific differences, but you'll look at ways that can provide compatible layers, or wrappers, to support a consistent environment.
   
 
System Administration Toolkit: Backing up key information
Most UNIX(R) administrators have processes in place to back up the data and information on their UNIX machines, but what about the configuration files and other elements that provide the configuration data your machines need to operate? This article provides detailed information on techniques for achieving an effective and efficient backup system for these key files.
   
 
Take a closer look at OpenBSD
OpenBSD is quite possibly the most secure operating system on the planet. Every step of the development process focuses on building a secure, open, and free platform. UNIX(R) and Linux(R) administrators take note: Without realizing it, you probably use tools ported from OpenBSD every day. Maybe it's time to give the whole operating system a closer look.
   
 
System Administration Toolkit: Managing NIS services for authorizations
Examine how to set up, configure, and update a Network Information System (NIS) installation for sharing information, and learn how NIS can be merged with other solutions, such as files and Domain Name System (DNS), to provide subnet, network, and worldwide data sharing facilities. In a large UNIX(R) network, the ability to share information among the many systems helps to alleviate many problems, such as sharing permissions across different systems with Network File System (NFS), or simply providing a single login for the entire network.
   
 
System Administration Toolkit: Migrating and moving UNIX directory trees
Occasionally, you need to copy around an entire UNIX(R) directory tree, either between areas on the same system or between different systems. There are many different methods of achieving this, but not all preserve the right amount of information or are compatible across different systems. This article discusses the various options available for UNIX and how best to make them work.
   
 
System Administration Toolkit: Migrating and moving UNIX filesystems
Learn how to transfer an entire file system on a live system, including how to create, copy, and re-enable the new file system. If you have a UNIX(R) disk or system failure or simply fill up your file system, then you need to create a new partition and file system and copy over the contents. You might even need to mount the new partition in place to preserve the location of vital files and components. To add further complications, you need to do this on a live system, where you'd need to preserve file permissions, ownership, and possibly named pipes and other components. Effectively transferring these components and retaining all of this information is a vital part of the migration process.
   
 
System Administration Toolkit: Monitoring disk space and usage
Look at methods for determining disk usage across multiple UNIX(R) systems and how to create a simple warning system to alert you of potential problems. Keeping an eye on your file systems and ensuring they don't fill up is a trivial, but vital, process in the day-to-day management of your UNIX systems. In this article, you'll look at methods for keeping an eye on disk space, discovering which files, users, or applications are using up the most space, and how to make use of quotas and other solutions to find the information you need.

[Sep 5, 2006] LISA '06 Technical Sessions

Is Entropy Winning? Drowning in the Data Tsunami
Lee Damon, Sr. Computing Specialist, University of Washington; Evan Marcus, CTO and Founder, Aardvark Technologies, Ltd

We're drowning under a wave of data and are oblivious to it. As data space expands we will start losing track of—and thus losing—our data. Archival backups add complexity to this already confusing situation. Then we toss in security and availability issues for some spice. Where is this going, and how can we handle it in the face of millions of gigabytes of "old cruft"?

Lee Damon has been a UNIX system administrator since 1985 and has been active in SAGE since its inception. He assisted in developing a mixed AIX/SunOS environment at IBM Watson Research and has developed mixed environments for Gulfstream Aerospace and QUALCOMM. He is currently leading the development effort for the Nikola project at the University of Washington. He is past chair of the SAGE Ethics and Policies working groups and he chaired LISA '04.

Improv for Sysadmins
Bob Apthorpe, St. Edward's University; Dan Klein, Consultant

Have you ever seen "Whose Line Is It Anyway?" and marveled at the actors? Although it may not be obvious, improvisors and sysadmins have a lot in common! We both have to think on our feet, often "winging it," and both groups actively practice ad hoc problem-solving. Management calls it "thinking outside of the box," and we say "welcome to our world."

From the outside, good improv looks like a lot of fun (it is!), and good system administration looks easy and fun (why else do we have toys in our cubes?). Both groups have fun because they both create environments to bring people together and make good things happen. At its core, improvisation is not about being funny so much as it is about carefully listening, clearly expressing oneself, and confidently making decisions and taking action. So is system administration. Our goal is to get paid to play.

This session will relate improvisational acting concepts to system administration. Improv can show us how our responses to others can be misinterpreted and, more important, how to change that by producing a constructive dialogue. Understanding your audience and their context can make everything move much more smoothly! Other topics will include the role body language plays in communication, especially in the communication of status, and the importance of observation and attention to detail, with an emphasis on "active listening," saying "yes, and . . . ," and other observation/communication techniques.

The session concludes with a question-and-answer period and additional improv demonstrations as time permits. We won't try to be funny, but we know that you'll enjoy learning some incredibly valuable improvisational techniques.

Bob Apthorpe is a system administrator at St. Edward's University in Austin, Texas. He first attended LISA in 1998 and transferred from Web development to international operations at Excite.com shortly thereafter. His current interests include risk assessment, operations-friendly software development, and improvisational theatre. Bob is a proud member of the troupe "Improv for Evil" but his wife loves him anyway.

Dan Klein began his life of crime in 2nd grade, when he was caught with a pack of firecrackers. Since then his brushes with authority have been sporadic but relentless, but have not managed to deny him a security clearance, a job, or his well deserved reputation as an off-the-wall maverick. His computer experience has included simulation and process control, the internals of almost every UNIX kernel released in the past 28 years, and graphical user interface management systems

The Future of System Administration: How to Stop Worrying and Learn to Love Self-Managing Systems
Alva L. Couch, Associate Professor of Computer Science, Tufts University

The profession of system administration is currently threatened by many forces, including self-managing products that seem to obsolete the system administrator, a lack of upward mobility paths for professional system administrators, and a growing trend toward outsourcing system administration and related tasks. In this talk, I explore how ongoing changes in the systems we manage can drive positive changes in the profession. The bad news is that the way we prepare system administrators today is woefully inadequate for managing the systems of the future, and we must also rise to the challenge by learning to interact with the systems we manage at a very different level than we are currently trained to do.

System Administration: Drowning in Management Complexity
Chad Verbowski, Software Architect, Microsoft Research

Systems management is challenging because it requires administrators to understand and specify the desired state of each system based on their knowledge of the network, hardware, security, distributed applications, and workloads in their environment. Yearly increases in the variation, complexity, and volume of systems management tasks are outpacing our ability to hire qualified administrators to maintain our IT environments.

This talk presents a new black-box approach for reducing the complexity of systems and security management faced by administrators. The goal is to show this as a scalable alternative compared with current signature and declarative management approaches. Real world data, examples, and solutions are used to illustrate the scope and impact of troubleshooting, malware detection, and change management problems, as faced by today's systems administrators.

Chad's research on network management led to a job offer from MFS Datanet (eventually swallowed by Worldcom) in Silicon Valley. After that, a stint at Cisco Systems followed and then he took a leap (of faith) to a network management start-up-->. He eventually arrived at Microsoft in 1998.

Originally hired to work on the notorious Java VM, he worked on the headless support in Windows 2000, then ran the development team for the first release of Microsoft Operations Manager before finding his niche at Microsoft Research. At MSR Chad cofounded the Cybersecurity and Systems Management research group, where he focuses on his area of interest: reducing complexity in software.

alphaWorks IBM Autonomic Task Manager for Administrators Overview

IBM Autonomic Task Manager for Administrators (ATMA) is a spreadsheet-based scripting environment for quickly composing and automating system management tasks. With this environment, administrators can execute management commands and combine these commands to create ad hoc scripts and visualizations of system management information. The basic building blocks for these tasks are spreadsheet templates that are customized with a simple drag-and-drop interface. Autonomic Task Manager for Administrators enables the insertion of GUI, visualization, or system management components into cells of a spreadsheet and customization of the cells in order to insert control logic for a system management solution. Just as in spreadsheets, data in the cells are automatically processed and updated; this feature allows real-time system data feeds.

Currently, Autonomic Task Manager for Administrators supports a variety of system management plug-ins, including Simple Network Management Protocol (SNMP), Secure Shell (SSH), and Java™ Management Extension (JMX). Using ATMA's component plug-in API, developers can build custom components that can be used to develop tools using different management APIs; one such API interfaces to IBM Autonomic Integrated Runtime Environment, which allows communication with resources based on Web Services Distributed Management (WSDM). ATMA can also interact with any Java object.

Autonomic Task Manager for Administrators significantly reduces script creation time with its familiar spreadsheet interface and building blocks made from templates. The package includes the executable, relevant plug-ins, installation instructions, and user documentation.

How does it work?

System administrators or value-added re-sellers (VARs) can use the spreadsheet-based scripting environment to build scripts incrementally, potentially starting from templates and using standard components. After a script is developed, it can immediately become available for use or further customization.

Depending on the specific administrative function being addressed, this technology helps to tie together the various underlying components. The cells may contain numbers and text, as in most spreadsheets, as well as GUI objects such as buttons and checkboxes, visualization objects such as plots and pie charts, programming objects such as collections and timers, and system objects such as JMX, SNMP, etc. These objects can be either created by the user or assigned to cells as a result of evaluating expressions that define the functional relationship between objects in various cells.

Examples are included in the documentation provided with this package.

alphaWorks Remote System Management Tool Overview

Remote Server Management Tool is an Eclipse plug-in that provides an integrated graphical user interface (GUI) environment and enables testers to manage multiple remote servers simultaneously. The tool is designed as a management tool for those who would otherwise telnet to more than one server to manage the servers and who must look at different docs and man pages to find commands for different platforms in order to create or manage users and groups and to initiate and monitor processes. This tool handles these operations on remote servers by using a user-friendly GUI; in addition, it displays configuration of the test server (number of processors, RAM, etc.). The activities that can be managed by this tool on the remote and local server are divided as follows:

How does it work?

This Eclipse plug-in was written with the Standard Widget Toolkit (SWT). The tool has a perspective named Remote System Management; the perspective consists of test servers and a console view. The remote test servers are mounted in the Test Servers view for management of their resources (process, file system, and users or groups).

At the back end, this Eclipse plug-in uses the Software Test Automation Framework (STAF). STAF is an open-source framework that masks the operating system-specific details and provides common services and APIs in order to manage system resources. The APIs are provided for a majority of the languages. Along with the built-in services, STAF also supports external services. The Remote Server Management Tool comes with two STAF external services: one for user management and another for proving system details.

[Mar 20, 2006] Linux Today - Dell, Novell to Manage Red Hat, SUSE Dell, Novell to Manage Red Hat, SUSE by Jacqueline Emigh

At Novell BrainShare today, Novell and Dell joined hands in launching a software product for remote management of servers running either Novell's own SUSE Linux or a competing Linux distribution put out by Red Hat, Novell's long-time archrival.

Pegged for availability on April 19, the jointly developed software for Dell PowerEdge servers will be dubbed Novell Zenworks 7 Linux Management - Dell Edition, said Jason Werner, a Novell product marketing manager, during a pre-briefing with Linux Today.

The upcoming software package "takes our Zenworks Linux management product and adds a layer of Dell-specific management," according to Werner.

The new Dell Edition of Zenworks will be geared mainly to organizations with multiple remote PowerEdge servers, "where you wouldn't necessarily have Linux expertise (on site) at all locations," Werner said.

Target customers include organizations engaged in server consolidation as well as those that are migrating servers from Microsoft Windows to either SUSE or Red Hat.

The Dell Edition will be the first iteration of Zenworks tailored to managing both of these two major distributions of Linux. Novell did not work directly with Red Hat in creating the product, he said.

But together with Dell, a long-time Red Hat ally, Novell has been tweaking Zenworks to support Red Hat environments.

Already tested by Novell on both SUSE and Red Hat Linux, the product will bring together Zenworks features such as remote provisioning and inventory management with capabilities specific to Dell's PowerEdge platform. The Dell-specific tools will deal with areas ranging from bios administration to remote access management.

Novell Zenworks 7, Linux Management - Dell Edition will not replace the Dell OpenManage software that has shipped for some time with PowerEdge servers, Werner said.

"But [the Zenworks] software will cover the entire [server] lifecycle, including pre-OS and RAID," he told Linux Today.

Through the new Dell edition, administrators in remote locations will have access to detailed bios and firmware information. "You'll be able to run queries to find out what has been deployed on a server," he added.

Administrators will also be able to make configuration changes remotely, repurposing a system "simply by changing it from a Web server to a storage server, for example," according to the Novell executive.

Configuration changes made on one server can be quickly promulgated among other servers that perform the same roles, reside in the same geographies, or have the same models and makes.

"You can even adjust the utility partition on the hard drive when no OS is present," Werner said. Consequently, he suggested, organizations can be more certain that configuration settings will remain consistent among a group of servers.

On the other hand, the product will also support capabilities built into Zenworks for assigning administrative rights only to authorized individuals, Werner said.

The Dell edition of Zenworks will be sold separately from PowerEdge servers. The product will not be available through Novell or its resellers.

Instead, sales will be performed exclusively through Dell, according to Werner.

As some analysts see it, today's announcement by Novell and Dell reflects an increasingly visible industry-wide trend toward better Linux management tools.

"It's really obvious that [Linux management] tools are getting broader, more sophisticated, and better able to integrate with outside systems," said Andy Mann, a senior analyst at Enterprise Management Associates (EMA), during another interview.

But although Hewlett-Packard and IBM Tivoli have accomplished some penetration of the Linux management market, much of the innovation so far has come from smaller vendors such as Levanta, Velocity Software, and Opsware, according to Mann.

But many Linux administrators have relied mainly on tools from Novell and Red Hat. "So it's good to see a company such as Novell getting behind some new management software," added the analyst, who is also the author of a recently released report from EMA called "Get the Truth on Linux Management."

Co-sponsored by Open Source Development Labs (OSDL) and Levanta, one of the OSDL's members, the study of over 200 Linux companies dismisses earlier claims that Linux has a higher Total Cost of Ownership (TCO) as "no longer true."

Mann also told Linux Today that support for other Linux distributions could prove useful to Novell. "Zen is [basically] open source software, [but] with some proprietary components. It should be in Novell's best interests to support as many other distributions of Linux as it can, to further the growth of Linux," he said.

"Support for other distros could only help Novell. It certainly couldn't hurt," concurred David Dennis, Levanta's director of marketing.

Dennis noted that many Linux customers are now seeking multi-distro support as a way of avoiding "vendor lock-in."

Levanta's management tools support both SUSE and Red Hat Linux, along with a "second tier" of distros such as CentOS and Asianux, according to the marketing director.

But Dennis also maintained that Linux management tools vary along a number of other lines, based on the administrative capabilities needed in particular types of deployments.

Novell has already been providing hefty Linux management support through its multiplatform Zenworks lineup, observed Fred Broussard, an IDC analyst, in another interview with Linux Today.

Broussard also pointed out that it isn't at all unusual for competitors in the computer industry to cooperate on some levels.

"We've heard a lot over the years about Novell and Red Hat having an adversarial relationship," according to the IDC analyst.

"But at the end of the day, Novell is going to do what its customers want. Novell is a very customer-centric company," Broussard told Linux Today.

Novell's Werner declined to comment one way or the other on whether other products supporting multiple Linux distributions are also in the works at Novell. "Not that we've made public comments on," Werner told Linux Today.

The upcoming Novell Zenworks 7 Linux Management - Dell Edition will be priced at $69 per license.

[May 23, 2005] NewsForge The Fifth Commandment of system administration By: Brian Warshawsky

If you're a good administrator, you pride yourself on developing a fundamental understanding of the systems you build. After a while, as you begin to comprehend the complete complexity that goes along with building and maintaining your infrastructure, the commands and procedures to control them become second nature. You have to look at the documentation less and less, until eventually people refer to you as a guru. Having this kind of understanding of your servers is important, but it does no good if you aren't available when something crashes. By creating detailed written policies detailing the ins and outs of your systems in advance, you can provide critical background information to your backup admin who can use it to restore functionality in your absence.

V. Thou shalt document complete and effective policies and procedures

In the past I found documented policies useful especially at two different times. The first is at the inception of a project. Before the system goes into production, sometimes even before the hardware is bought, detail in writing exactly what you need the server to accomplish, where its performance bottlenecks will be, and what your intentions are to correct these issues. This will allow you (and upper management!) to know that your time is not being spent chasing a fantasy implementation that will never work. It also helps you to better understand the nature of the beast you're building. If anything goes wrong during the installation and configuration process (and something always does) you'll be better prepared to deal with it simply due to the better understanding you've obtained by mapping everything out beforehand. At this point you don't need anything more than an outline (sometimes in the form of a project plan) and a few diagrams to guide you. If it's a much larger-scale implementation though, you'll need a detailed project plan dividing the entire process into phases. For instance, a large-scale Beowulf cluster would require a detailed project plan, while a new intranet Web server might only require a brief outline of configuration tasks and a diagram showing how it's integrated into network.

The second time that these policies are important is after the server has finished configuration and is ready to go into a production environment. At this point, before it is rolled out, you should take some time to create some detailed step-by-step documents explaining the backup restoration process, the steps necessary to restart a service (or just make a list of important services that might need to be restarted, depending upon the experience of your back admins) and anything else that might be helpful. Just remember that you won't always be available to fix something; having detailed instructions for common problems or routine exercises can make the difference between 10 minutes of downtime and a week and a half if you are unavailable.

The commandments so far:
I. Thou shalt make regular and complete backups
II. Thou shalt establish absolute trust in thy servers
III. Thou shalt be the first to know when something goes down
IV. Thou shalt keep server logs on everything
V. Thou shalt document complete and effective policies and procedures

[Nov 02, 2005] MValent to release updated apps management software - Computerworld Two companies offer products that are similar to mValent's offering: Relicore Inc. in Burlington, Mass., and Collation Inc. in Redwood City, Calif. But mValent seems to be unique because it focuses on the entire life cycle of managing applications, from predeployment into deployment, Drogseth said.

 (COMPUTERWORLD) - MValent Inc. next week plans to take the wraps off the latest version of mValent Integrity, software that's designed to automate the configuration and management of application and Web servers and other application components.

The software, which will be available on Monday, starts at $60,000 and will be deployed by several existing mValent customers, including WorldWinner Inc., an online gaming company in Newton, Mass., and State Street Corp., a financial services company in Boston, according to executives at the companies.

... ... ...

State Street expects to upgrade to mValent Integrity soon, said Joseph Kennedy, State Street's vice president of IT. State Street wants to stay current with the product, since prior versions have reduced the time needed to debug new application configurations. State Street uses MValent software to monitor a variety of systems that affect its 19,000 employees, he said.

Kennedy said mValent has helped the financial services firm add scalability to its application infrastructure and resolve problems with configurations, something he called "invaluable." State Street has been able to expand the application environments it maintains without adding system administrators, he said.

MValent Integrity appears to be unique in the market, said two analysts, Jean-Pierre Garbanim at Forrester Research Inc. and Dennis Drogseth at Enterprise Management Associates.

[Oct 7, 2005] mValent ¦ Powerful Change Control

mValent Integrity tracks changes to deployed servers and monitors configuration drift alerting IT teams to potentially critical problems. By comparing application environments in mValent Integrity for differences in granular configuration items, IT teams rapidly isolate root causes of production incidents. These teams can then model fixes to problems to validate their impact and automatically deploy them.

The Book of Webmin

Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms (and Java for the File Manager module), you can setup user accounts, Apache, DNS, file sharing and so on.

Webmin consists of a simple web server, and a number of CGI programs which directly update system files like /etc/inetd.conf and /etc/passwd. The web server and all CGI programs are written in Perl version 5, and use no non-standard Perl modules.

Linux.com Automounter madness

"The world of automounters is a confusing one. For one thing, a single automounter wasn't enough, so there are two of them for Linux, called 'amd' and 'autofs'. While it's easy to say 'well, just pick one and go on your way', many environments have demands that will require both, and both serve different purposes and have different strengths and weaknesses. The automounter world is not so cut and dry. In this article, I'll give a light overview of what amd and autofs look like, what their respective purposes are in life, and go over some of the common configuration options for each. Later, I'll spice things up by including use cases where one will work better than the other and more advanced features available to you as an administrator.

"Automounters can be a real pain in the neck. Admins don't like things that are a pain in the neck, so one should be able to gather that if we're putting up with these things, they must be pretty darn useful--and they are. For one thing, automounters can get their mounting information from centralized 'maps', which can be flat files, or even NIS maps or sections of an LDAP directory. This is far easier than editing 300 /etc/fstab files for different static NFS mounts..."

Related Stories:
LinuxWorld.com.au: Mounting file systems(Feb 17, 2001)
LinuxFocus.org: automount and autofs (Feb 11, 2001)

[Dec 17, 2003] Slashdot Automating Unix and Linux Administration

Learn to script (Score:4, Interesting)
by holden_t (444907) <holden_t@NOspAm.yahoo.com> on Thursday October 09, @03:09PM (#7175570)
Certainly I haven't read the book but it looks as if Kirk is offering examples of how to write scripts to handle everyday gruntwork. Good idea.

But I say to those that call themselves sys.admins, Learn how to script!!!

I work at a large bankrupt telcom :) and it's amazing the amount of admins that don't have the slightest idea how to write the simplest loop. Or use ksh, bash, or csh's cmd history. Or vi.

Maybe this is just a corporate thing. They were raised, in a sense, in a setting where all they had to do was add users and replace disks. Maybe they never learned how to do anything else.

Back in '83 I took manuals home and poured over every page, every weekend for months. That didn't make me a good admin but it gave me a good foundation. From there I had to just halfway use my head (imagination?) and start writing scripts. Ugly? Sure. Did they get better? Of course!

Now I play admin on 110+ machines, and I stay bored. Why? Because I've written a response engine in Expect that handles most of my everyday problems. I call it AGE, Automated Gruntwork Eliminator.

There's no way I could have done this if I had just sat back and floated, not put in a bit of effort to learn new things.
Multiple Machines (Score:5, Interesting)
by BrookHarty (9119) on Thursday October 09, @01:48PM (#7175005)
(http://www.ironwolve.com/)
One of the problems we have, is when you have clusters with 100+ machines, and need to push configs, or gather stats off each box.

On solaris, we run a script called "shout" that does a for/next loop that ssh's into each box and runs a command for us. We also have one called "Scream" which does some root privilege ssh enabled commands.

Nortel has a nice program called CLIManager (use to be called CLImax), that allows you telnet into multiple passports and run commands. Same idea, but the program formats data to display. Say you wanted to display "ipconfig" on 50 machines, this would format it, so you have columns of data, easy to read and put in reports.

Also, has a "Watch" command that will repeat a command, and format the data. Say you want to display counters.

I have not seen an opensource program that does the same as "CliManager" but its has to be one of the best idea's that should be implemented in opensource. Basically, it logs into multiple machines, parses and displays data, and outputs all errors on another window to keep your main screen clean.

Think of logging into 10 machines, and doing a tail -f on an active log file. Then the program would parse the data, display it in a table, and all updates would be highlighted.

I havnt spoken to the author of CliManager, but I guess he also hated logging into multiple machines, and running the same command. This program has been updated over the years, and is now the standard interface to the nodes. It just uses telnet and a command line, but you can log into 100's of nodes at once.

Wish I could post pics and the tgz file, maybe someone from Nortel can comment. (Runs on Solaris, NT and linux)
Re:Multiple Machines (Score:2)
by Xzzy (111297) <sether@ t r u 7 h.org> on Thursday October 09, @04:21PM (#7176481)
(http://tru7h.org)
> Nortel has a nice program called CLIManager (use
> to be called CLImax), that allows you telnet into
> multiple passports and run commands.

Fermilab has available a tool called rgang that does (minus the output formatting) something like this:

http://fermitools.fnal.gov/abstracts/rgang/abstrac t.html

We use it regularily on a cluster of 176 machines. It's biggest flaw is it tends to hang when one of the machines it encounters is down.

But it is free so I won't complain. :)
Multiple Machines in Parallel (Score:1)
by cquark (246669) on Thursday October 09, @04:29PM (#7176572)
One of the problems we have, is when you have clusters with 100+ machines, and need to push configs, or gather stats off each box. On solaris, we run a script called "shout" that does a for/next loop that ssh's into each box and runs a command for us. We also have one called "Scream" which does some root privilege ssh enabled commands.
While the serial approach of looping through machines is a huge improvement over making changes by hand, for large scale environments, you need to use a parallel approach, with 16 processes or so contacting machines in parallel. I wrote my own script, but these days the Parallel::ForkManager [cpan.org] module for perl does the process management part for you.
Re:Multiple Machines (Score:2)
by Sevn (12012) on Thursday October 09, @04:57PM (#7176807)
(http://www.dangpow.com/~sevn | Last Journal: Tuesday April 01, @07:18PM)
I do pretty much the same thing this way:

Generate ssh key file.
Put pub key file in $HOME/.ssh/authorized_keys2 on the remote machines.

Have a text file with a list of all the names the machines resolve to.

for i in `cat machinelist.txt`; do echo "running blah on $i"; ssh user@$i 'some command I want to run on all machines'; echo " "; done

It comes in handy for stuff like checking the mail queues or doing a tail -50 on a log file. Mundane stuff like that. Everyone once in a while I'll do basically the same thing with scp instead. It can get as complicated as you want. I used a for loop like this to remount 150 /tmp dirs noexec and make the edits to fstab.
Re:Multiple Machines (Score:2)
by drinkypoo (153816) <drink@hypeDEBIANrlogos.org minus distro> on Thursday October 09, @10:00PM (#7179637)
(http://slashdot.org/ | Last Journal: Friday November 21, @04:31PM)
IBM also owns Tivoli Systems, which made something called TME10, the current name of which escapes me at the moment. TME10 uses CORBA (their ORB is now Java, but it used to be basically ANSI C plus classes, compiled with the microsoft compiler on windows and gcc on most other platforms. Lots of it was perl, some of it was shell, plenty of it was C. Methods called Perl scripts pretty damn frequently. The interface was completely configurable and not only could you customize them without purchasing any additional products (if you felt froggy) but they also sold products to make this easier to do.

Last I checked this package ran with varying degrees of ability (but most operating systems were very well suppored) on all major Commercial Unices, BSDi, Linux, OS/2, NT, Novell, and a bunch of random Unices that most people have never heard of, and never had to. It was sometimes problematic but the fact is that it was incredibly cross-platform.

It was a neat way to do system monitoring. It would be nice to develop something open source like that. I think that today it would not be all that difficult a task. I'd like to see all communications be encrypted, with arbitrary shapes allowed in the network in terms of who talks to who, and who has control over who, to reflect the realities of organizations.

Re:Multiple Machines (Score:0)
by Anonymous Coward on Thursday October 09, @04:14PM (#7176396)
IBM has two solutions depending on the environment. PSSP under AIX will allow you to run distrbuted command across nodes with either a correct RSH config or SSH Keys with no passphrase. PSSP, also, allow for parrallel copy. Under Linux( and AIX actually) there is CSM which also allows for DSH with the same config requirements. You can do Parallel copy under CSM, but you have to be tricky with something like, "dsh headnode:/file /file" .
Re:Learn to script (Score:2)
by Wolfrider (856) <kingneutron@yahoTOKYOo.com minus city> on Friday October 10, @08:10PM (#7187085)
(http://wolfrdr.tripod.com/linuxtips.html)
O'Reilly's book helped me quite a bit.

http://www.oreilly.com/catalog/bash2/

In addition, Debian has a new package called abs-guide that I haven't checked out yet.

http://packages.debian.org/unstable/doc/abs-guide. html

--I've written a bunch of helpful bash scripts to help me with everyday stuff, as well as aliases and functions. If you want, email me - kingneutron at yahoo NOSPAM dot com and put "Request for bash scripts" in the subject line, and I'll send you a tarball.
Might be useful... (Score:2)
by Vrallis (33290) on Friday October 10, @12:22AM (#7180451)
(http://krynn.penguinpowered.com)
This might very well be a book I'll pick up sometime. I'm always looking for more ideas.

I maintain about ~170 remote Linux boxes (in our company's retail stores and warehouses), as well as our ~30 or so inhouse servers.

I went through a lot of work to enable our rollout and conversion to go more smoothly. The network and methodology for users, printers, etc. is extremely simplified and patterened.

For each of the 3 'models' of PCs we use, I have a master system that I produced. I used Mondo Rescue [mondorescue.com] to produce CD backups of these systems. These systems act as serial terminal controllers, print spoolers, routers, desktop system usage (OpenOffice, Mozilla, Kmail under KDE), and other functions as needed.

When we need to replace a system, or rollout a new location, we grab a system, pop in the Mondo CD, and do a nuke restore. When done, we have a standard configuration user that we log in as. It runs a quick implementation script where you answer anywhere from 3-8 questions (depending on the system type and options), and it configures everything. All networking, users, sets up Kmail, configures all printers and terminals (we use Comtrol Rocketport serial boards), and so on.

If the system is physically ready, we can have it ready software-wise in about 20 minutes (2 CDs to restore).

Updates are done via a couple different methods. I use SSH (over our internal VPN, using key authentication) in scripts to do most updates. If I need to do anything major, such as recently updating Mozilla, we do a CD distribution. The users have a simple menu to take care of running the update for them, even with autorun under KDE. Just pop in the CD, and it automatically takes them into the menu they need.

All logs are duplicated across the network to a central server, but intrusion is less likely as these systems sit on a private frame network. They do, however, have fully secured network setups, as we use cheap dial-up internet access as a backup in case the frame circuit goes down.

I can't help but feel every day like this is just one big hack/kludge, but it works, works damned well, and was about half the cost of any other solution (i.e. higher end Cisco routers to handle various functions, and using Equinox ELS-IIs or the like...those pieces of crap never would work right, we finally pulled only 2 we had in use, and they are currently collecting dust in a storage cabinet).

Needless to say, I am *always* looking for ideas to improve upon this.

[Oct  25, 2003] Cultured Perl Application configuration with Perl

The simple approach: Do it yourself (DIY)
Theoretically (and with the right tools!) anyone can build a configuration parser, right? The Perl Cookbook, for one, shows a quick implementation that provides a good start. So how hard can it be to write a configuration file parser if you begin with this kind of implementation?

Quite hard, actually, because this kind of project raises several more complex issues like these:

Scared yet? That's why we have AppConfig. It can handle all these concerns. It's more than likely that DIY is not what you should be using.

 

[Sept 15, 2003] The road to better programming Chapter 6. Developing cfperl, from the beginning

[Sept 15, 2003] Fix-It Fatigue  By John Foley, George V. Hulme. Patched became a problem and not only on Microsoft operating systems ;-)

With the Blaster worm seeming to be under control, alleged virus-author Jeffrey Parson under house arrest in Minnesota, and hacker Adrian Lamo under the watchful eye of the feds, business-technology managers may have enjoyed a few hours of peace and quiet last week. But it was short-lived. On Sept. 10, Microsoft issued a security bulletin warning of three new critical vulnerabilities in the Windows operating system, sending systems administrators rushing to patch their computers. It's become an all-too-common scenario--and one that's causing some businesses to re-evaluate their heavy reliance on Microsoft products.

A year-and-a-half after Bill Gates declared that trustworthy computing had become Microsoft's No. 1 priority, the software bugs keep coming. The latest vulnerabilities involve the Remote Procedure Call service in Windows, making it possible for a malicious hacker to take control of a target system, introduce an infectious worm, or launch a denial-of-service attack. A week earlier, Microsoft issued five other warnings, four involving the omnipresent Office applications suite. For the year, the tally stands at 39.

And those are just the holes that have been uncovered by others and reported to Microsoft. In addition, the software vendor is combing through its code, finding holes, and issuing patches without publicizing the flaws. No one knows how many more are yet to be uncovered. "There's no way to wrap your hands around that," says Dan Ingevaldson, engineering manager with security vendor Internet Security Systems Inc.

Some business and technology professionals are running out of patience. "The issues around these vulnerabilities are escalating to the point where it's not just CIOs or CTOs, it's corporate officers, it's boards of directors asking: 'What are we going to do?'" says Ruth Harenchar, CIO of Bowne & Co., which last week scrambled to patch 4,500 Windows PCs and 500 servers in the United States and more overseas. "The situation appears to be getting worse, not better."

The patching work has thrown Bowne & Co.'s technology projects off schedule. Now, the specialty-printing-services company is assessing its options. Among them: redesigning its network around a thin-client model to reduce the number of PCs running Windows and, on other machines, migrating to Linux. "It's getting to be enough of a burden that you have to seriously start thinking about alternatives," Harenchar says.

Raymond James & Associates has assembled a team of IT staffers to manage the constant patching. "Organizations have to mobilize and realize this is going to be a way of life for the foreseeable future," says VP of IS Gene Fredriksen.

The financial-services firm, with offices around the world, last week began the arduous task of patching 10,000 PCs and 1,000 servers. "The pressure is on," Fredriksen says. "Anybody that isn't patched by the weekend is going to have trouble." The fear is that the latest vulnerability leaves Windows computers open to a Blaster-like worm. "There's a very good chance that a worm is going to be developed" to take advantage of the latest security holes, says ISS's Ingevaldson.

"People are getting fed up," says Lloyd Hession, chief information security officer at financial-network provider Radianz, adding that the number of Windows patches is reaching "epic proportions." The situation is causing more than just a few disgruntled customers to re-evaluate how much they use Microsoft products. Says Gartner security analyst John Pescatore, "There's definitely a very large trend towards that."

O'Reilly Network Top Five Open Source Packages for System Administrators I do not like Cfengine. IMHO although the idea is good implementation does not substantially improves sysadmin productivity in comparison with rsh and regular scripts in Ksh93 and Perl. 

 

Sysadmin Tales of Terror

Cover One's Behind With Glory

Now let's be honest, documentation is boring and no fun. I don't care; just do it. Keep a project diary. Record everything you find. You don't want to shoulder the blame for someone else's mistakes or malfeasance. It is unlikely you'll get into legal trouble, but the possibility always exists. Record progress and milestones as well. Those in management tend to have short memories and limited attention spans when it comes to technical matters, so put everything in writing and make a point of reviewing your progress periodically. No need to put on long, windy presentations -- take ten minutes once a week to hit the high points. Emphasize the good news; after all, as the ace sysadmin, it is your job to make things work. Any dork can make a mess; it takes a real star to deliver the goods.

Be sure to couch your progress in terms meaningful to the person(s) you're talking to. A non-technical manager doesn't want to hear how many scripts you rewrote or how many routers you re-programmed. She wants to hear "Group A's email works flawlessly now, and I fixed their database server so it doesn't crash anymore. No more downtime for Group A." That kind of talk is music to a manager's ears.

Managing Users

In every business there are certain key people who wield great influence. They can make or break you. Don't focus exclusively on management -- the people who really run the show are the secretaries and administrative assistants. They know more than anyone about how things work, what's really important, and who is really important. Consult them. Listen to them. Suck up to them. Trust me, this will pay off handsomely. Also worth cultivating are relationships with the cleaning and maintenance people -- they see things no one else even knows about.

When you're new on the job and still figuring things out, the last thing you need is to field endless phone calls from users with problems. Make them put it in writing -- email, yellow pad, elaborate trouble-ticket system, whatever suits you. This gives you useful information and time to do some triage.

Managing Remote Users

If you have remote offices under your care, the phone can save a lot of travel. There's almost always one computer-savvy person in every office; make this person your ally and helper. At very least, this person will be able to give you coherent, understandable explanations. At best, they will be your remote hands and eyes, and will save you much trouble.

Such a person may be a candidate for training and possibly transferring to IT. Some people are afraid of helping someone like this for fear of losing out to them in some way. The truth, though, is that you never lose by helping people, so don't let that idea scare you off from giving a boost to a worthy person.

Getting Help

We all know how to use Google, Usenet, and other online resources to get assistance. By all means, don't be too proud -- ask! And by all means, don't be stupide either -- use a fake name and don't mention the company you work for. There's absolutely no upside to making such information public; there are, however, many downsides to doing so, like inviting security breaches, giving away too much information, making your company look bad, and besmirching your own reputation.

As I said at the beginning, these are strategies that have served me well. Feel free to send me your own ideas; I especially love to hear about true-life horror stories that have happy endings.

Resources

Life in the Trenches: A Sysadmin Speaks
10 Tips for Getting Along with People at Work
Linux Administration Books

 

Solaris 8 Administrator's Guide Chapter 4 Network Configuration By Paul Watters January 2002 ISBN 0-596-00073-1,400 pages

After undertaking the complex tasks required to configure a single host, planning and setting up an entire network can be daunting. In this chapter, you'll learn how to configure a Solaris-based network, including the configuration of single or multiple network interfaces, static and dynamic routing, and network troubleshooting. In addition, examples for enabling devices and testing interfaces will be provided.

Developer Todo

Developer Todo 0.1.14 (Stable)
 by Alec Thomas - Tuesday, July 23rd 2002 02:41 EDT

About: Developer Todo is a program to assist developers in maintaining a list of outstanding tasks in a heirarchical, colourised, and prioritised list. Additionally, it can automatically list outstanding items when you change into a directory.

Changes: Fixed more GCC 3.x compilation problems, and a problem when running without the TERM environment variable set.

f2w Helpdesk at Sourceforge

f2w helpdesk 1.4.3
 by scav - Tuesday, July 23rd 2002 04:18 EDT

 

About: f2w helpdesk is a Web-based helpdesk package. It allows requests to be categorised to an arbitrary level of detail using a expert-system-like question and answer method. Advice and problem-specific information can be associated with the request categories, thus building up a knowledge base to speed the resolution of frequently occurring problems. Users can also add their own tasks, thus using it as a todo list or for workflow within teams, and notes can be added to each request at any time.

Changes: Minor user interface improvements, bugfixes in the Oracle configuration script, a new MS SQL configuration, and the automatic addition of new help desk operators to at least one team (without this, they can't do much).

 

atop system and process monitor 1.4
 by Gerlof Langeveld - Tuesday, July 23rd 2002 04:20 EDT

 

About: Atop is an ASCII full-screen performance monitor similar to the command top. For every interval (default 10 seconds), it shows system-level activity related to the CPU, memory, swap, disks and network layers, and it shows for every active process the CPU utilization in system and user mode, the virtual and resident memory growth, priority, username, state, and exit code. The process level activity is also shown for processes which finished during the last interval (for this reason process accounting is switched on), to get a complete overview about the consumers of things such as CPU time. Atop only shows the active system-resources and processes, and only shows the deviations since the previous interval (e.g., the memory growth rather than total memory usage per process). Unfortunately, the standard kernel does not maintain counters about the number of disk and network accesses issued per process. Later on, kernel patches will be made available to add these process level counters. The current version of atop is already prepared to display these counters.

Changes: Process accounting is now handled securely by creating a separate subdirectory in /tmp. Disk types other than sda and hda are now recognized. Other bugfixes and modifications include allowing users to run without process accounting, avoiding flag list and buffer overflows, and correct access times for disks in SMP systems.

 

 Categories Focus License URLs

 

 

SSGDOC - System Administration at cs.unm.edu

This document contains documentation, procedure, and policy for the Systems Support group. Reading and maintaining it is a required element to employment in the Systems Support Group - it is vital in order for us to provide consistent (hopefully excellent) service to the CS department. It should be kept as terse as possible (otherwise no one will read it) while providing sufficient documentation so that all (especially new) members will have a good running start at understanding the technical composition of the site, and the group's procedures and policies of operation. CS.UNM.EDU's technical composition has been largely modelled after the LISA paper available at http://www.infrastructures.org. If you hope to understand the document you are currently reading, you really must first read the Infrastructures paper upon which this practical document is modelled after.

[Jan 28, 2002] Sun BluePrints[tm] OnLine - Articles January 2002Data Center Design Philosophy

Editor's Note - This article is the complete first chapter of the Sun BluePrints[tm] book, Enterprise Data Center Design and Methodology, by Rob Snevely (ISBN 0-13-047393-6), which is available through www.sun.com/books, amazon.com, fatbrain.com and Barnes & Noble bookstores.

The detailed process of data center design appears on the outset to be a purely mechanical process involving the layout of the area, computations to determine equipment capacities, and innumerable other engineering details. They are, of course, essential to the design and creation of a data center, however, the mechanics alone do not a data center make. The use of pure mechanics rarely creates anything that is useful, except perhaps by chance.

There are, in fact, some philosophical guidelines that should be kept in mind during the data center design process. These are based on the relatively short history of designing and building practical data centers, but are also based on design concepts going way back. This chapter looks at some of these philosophies.

This chapter contains the following sections:

[Aug 8, 2001] Several useful papers from SysAdmin Magazine

[July 27, 2001] System Administrator Appreciation Day -- help yourself ;-)

Advice to employees the proper use of the System Administrator's valuable time

Why You Can't Find Your System Administrator
http://www.cybernothing.org/cno/sysadmin.html

A Week in the Life of a System Administrator
http://www.avdf.com/jan98/hum_h003.html

101 Things You Do Not Want Your System Administrator To Say
http://www.brenna.net/notes/sys-adm.html

Tech Tales - The funniest tech support stories on the Internet
http://www.techtales.com

Understanding and Preventing System Slowdowns

Submitted by <Jamie Wilson> on Friday at 08:44:55 (EDT))

A Sunworld article analyzes performance issues on Sun systems and gives advice on how to track them down. The article discusses the use of tools, such as sar, netstat and top to analyze the location of a bottleneck.

[Aug 20, 2000] Linux Today - IBM developerWorks Tutorial Compiling and installing software from sources -- small tutorials for newbies who want to learn how to download, unpack, compile, and troubleshoot apps.

LinuxLookup.com: Ownership & Permissions Guide(Jul 08, 2000)
LinuxPapers.org: File Permissions in Unix and Linux(Apr 14, 2000)
LinuxPowered.com: Linux file permissions & ownership(Dec 19, 1999)
Ext2: File Permissions Made Easy(Nov 20, 1999)
apcmag: Linux File Permissions(Jun 24, 1999)
LinuxPower: Permissions and the ext2 Filesystem(Jan 05, 1999)

LinuxFreak Monitoring your desktop machine

Monitoring your desktop machine
Cat: Feature, Posted June 04, 2000 by gh0ul

Many people who start out with Linux using just X, never notice a lot of the things that can go on with a Linux system. Some of those things should be monitored or atleast kept an eye on.In this article we will go over a couple methods of watching over your Linux box from the X windowing System.First off, we will go over a traffic monitor called 'trafshow'. trafshow is a light and easy traffic monitor that displays information about connections to your system, for example, if someone telnets to you, it will display their ip, the protocol, and port.. very simple information for just keeping an eye open. You can get it from here. Grab trafshow-1.3.tar.gz, un-tar and compile it, you should be able to simply untar it and issue a make && make install in the directory (must be root for the make install) After that, go ahead and open an xterm, I suggest using the flags:
xterm -bg black -fg white Then you can su and start trafshow, or some may prefer to give it root permissions so they would not need to su anymore, but others might prefer to keep it root only, so that if you have users on your system whom you don't want to see your connections, you'll still be good to go.
It's suggested that you keep the terminal open with trafshow running at all times, so if you are ever curious about a connection, you can simply take a look and see what's going where.

Another pretty popular traffic monitor is iptraf, it does a lot of the same as trafshow, yet can be configured more, and also will log data. You can find it here: ftp://ftp.cebu.mozcom.com/pub/linux/net/iptraf-2.2.1.tar.gz

Some other helpful network monitoring tools:

These are NOT full proof anti-hack methods to take on your system, but these should help you out a bit, and they are always handy to go along with normal system administration.

Linux Magazine January 2000 GURU GUIDANCE Big Brother Is Watching

Fortunately, this Big Brother is truly your friend. However, like its Orwellian namesake, it is constantly on the lookout for things it doesn't like, waiting to sound an alarm. I am talking about a systems-monitoring tool developed by Sean MacGuire of The MacLawran Group (http//www.maclawran.ca/bb-dnld/) called Big Brother.

Big Brother does most things that you'll find in commercial monitoring tools; it can let you know when a machine on your network is down or becoming overloaded or when a filesystem is getting too full; it can tell you when specific processes are or are not running on clients; it can even page you when a specific event occurs. It can be used to monitor Unix, Linux, Windows NT, and NetWare clients.

One of the main reasons you'll want to try out Big Brother is because of its simplicity. It is composed of just a handful of scripts and programs, which collect information and report it to a central server, which displays everything in an accessible HTML format. Big Brother's scripts are easy to change and reconfigure, allowing you to customize the software to suit your network.

Although it is not covered directly by the GNU General Public License, you can download Big Brother for free from the MacLawran Group's Web site. It is covered by a "fair use" license, which requires written permission from the MacLawran Group to redistribute it.

[Jul 29, 2000] Slashdot Are Buffer Overflow Sploits Intel's Fault -- interesting discussion about problems with C

[Jul 29, 2000] Slashdot Preventing Vendors From Playing The Blame Game -- several insightful posts about AIX, Websphere, etc.

Issue #92 Mailing From Scripts - Focus On Linux - 07-23-00

The old Unix mailer at /bin/mail is one of the programs that really helped to launch the Internet as we know it today. In days gone by, it

was one of the most used binaries on any Unix workstation. Today, the /bin/mail binary can still be used, but is horribly outdated -- it's a text-only mailer with almost no features at all.

It is good, however for one thing: automated mailing, such as sending e-mail from a shell script. To send mail with the /bin/mail program, use this syntax:

  mail -s "subject" touser@address < body_text

For example, if your e-mail address is joehalliway@nowhere.com, and you needed to have the login information from the last command on a given system sent to you every night at a given time, you could create a cron job which called this command:

  last | mail -s "Login information" joehalliway@nowhere.com

When executed, this command would send the output from the last command to your e-mail box with the subject given. There are many uses for the /bin/mail program when employed this way in scripts; use your imagination.

Focus on Linux Forum /bin/mail other than text

You can use bin mail to also mail attachments. This was not mentioned
in the article so I thought I might help out a few hapless souls.

To use /bin/mail to mail a attachment you must also have uuencode
installed. Not to worry though, most distributions include this by
default. Anyhow on to the good stuff.

So I'm in my home directory /home/possum and there is a file in there
called attachment.txt. I can send this file two ways:

The first makes the attachment.txt show in the mail, in other words the mail will contain the contents of attachment.txt. To do this I enter the command "mail whoever@wherever.com < attachment.txt".

The second way send attachment.txt as an attachment. I had wanted to
do this many times and was unable to until I found uuencode could make this happen. To send it as an attachment I would enter the command "uuencode attachment.txt attachment.txt | mail whoever@wherever.com". In the command line the first attachment.txt is the name of the file I want to send. The second attachment.txt is the name of the attachment the recipient will get. Pipe that to mail and Viola you have sent an attachment from a command line or shell script.
Happy scripting, Paul

Issue #92 Calling Commands When Booting - Focus On Linux - 07-23-00

Linux Today - Linuxuser.co.za Tricks with -etc-issue

When your Linux System boots it starts "getty" processes on a number of virtual terminals on your system. When getty starts, it prints the contents of /etc/issue to the terminal. To customize the look of your console, all you have to do is edit /etc/issue.

You can also add colour by using the colour capabilities of the Linux console. The Linux console, like almost any other existing terminal, has escape sequences that can be used to change the appearance of text on screen. Piping the following script into /etc/issue:

	#!/bin/sh

	spaces(){
	        COUNT=0;
 	       while [ $COUNT -lt $1 ]; do
 	               echo -ne " ";
 	               COUNT=$[$COUNT+1]
 	       done
	}

	esc="\033["
	echo -ne "${esc}H${esc}J\n${esc}44;37;1m"
	WELCOME="Welcome to "`hostname`" running Linux "`uname -r`
	CHARS=$[(80-`echo $WELCOME | wc --chars`)/2]
	spaces $CHARS
	echo -ne $WELCOME
	spaces $CHARS
	echo -ne "${esc}0m\n\\l "

should produce this result:

... ... ... ... ...

Linux Today - O'Reilly Network What is a Network Administrator Anyway

TechRepublic: Establishing quotas for users on a Linux network(Jul 22, 2000)

RootPrompt.org: Using expect for System Administration(Jul 12, 2000)

LinuxPR: Linux Network Administrator's Guide Revised and Expanded (Jul 11, 2000)

RootPrompt.org: Trust and the System Administrator(Jun 19, 2000)

32BitsOnline: Book [Review]: Essential System Administration(May 21, 2000)

LinuxWorld: Relief for sysadmin headaches(May 02, 2000)

O'Reilly Network: CYA for System Administrators; Things to keep in mind in our litigious society(Apr 21, 2000)

SunWorld: Xvfb - A conversation every system administrator should hear(Mar 26, 2000)

Sys Admin: Policy Routing in Linux(Mar 18, 2000)

Linux Journal: Book Review --Linux System Administration(Feb 27, 2000)

osOpinion: The newbie network administrator and open source: I fear Skippy(Jan 11, 2000)

BW: DigitalThink Announces Completion of Linux/UNIX System and Network Administration Series(Dec 29, 1999)

BSD Today: inetd and inetd.conf - Managing Your System's Internet Switchboard Operator

(May 9, 2000, 07:27 UTC) (425 reads) (0 talkbacks) (Posted by marty)
"The file /etc/inetd.conf is vitally important to your system's security and well-being -- especially if your system has a 24x7 connection to the Internet."

[Jan 27, 2000] Administering Linux using CVS.

Much emphasis has of late been put on making Linux easier to manage. Typically the model used it that of a single user managing one or more systems. However, once mutiple administrators and automated scripts are all altering the configuration for a single machine the sutiation becomes somewhat more complex. This problem is in essence very similar to the problem software developers face when a team is working on a source tree. There are many solutions to this problem, one of the most popular being Concurrent Versions System or CVS.

Twinkle-Toes Release 4th February 1999.

[Jan 23, 2000] Version 2.0 of the Netware file system has been announced by the Timpanogas Group. It is currently only available in binary form. Source is evidently forthcoming, but has been delayed due to some weirdness that is best read directly from the announcement.

[Jan 23, 2000] System Administration Made Simpler, Part 4  -- VNC (Virtual Network Computing)

Who says system administration can't be fun? My lovely and wonderful wife, Sally, is busy using this week's system administration feature to play Kpoker, the K Desktop Environment poker game. She's not busy checking on logs, administering print queues, or even running a process analyzer. She's playing poker. Of course, earlier on, I took control of her Windows 95 PC and started to edit a letter she was working on, so it probably serves me right. In the interest of telling you all about this marvelous tool, I decided to connect to her Windows 95 session and see how the KDE poker game she was playing on our server was doing. Turns out she was losing all our money. Well, that's gambling for you.

Oh--did I mention I am talking about a fantastic remote administration tool that works with not only Windows, Solaris, DEC Alphas running OSF1, but even that old favorite of the desktop publishing world, the MacIntosh?

This great tool is VNC (Virtual Network Computing) from AT&T Laboratories in Cambridge, England. VNC is a package that allows you to view other computer desktops from your own desktop. For instance, I could be running an X server on a Linux machine from a Windows 95 or NT box, or doing the reverse. I can do it from my internal network or across the Internet.

The system administrator in a large company with a number of Windows workstations knows the headaches of all the simple "operator" error calls that nonetheless require a great deal of work and time as you walk the user through the right steps to solve their problems. Wouldn't it be great if you could take control of their desktops and do it for them while they watch and learn? Now, I know there are commercial packages that can do this, but not necessarily from your Linux desktop. They also cost more than VNC.

That's right. VNC is distributed free of charge.

[Jan 3, 2000]   Portable Unix Toolkit (unix scripts)

Most of these scripts are Korn shell scripts, a few are Perl or Expect scripts. The Demo Edition, which is distributed as freeware, contains 11 scripts. The Professional Edition contains a total of 49 scripts and includes all the scripts in the Demo Edition as well as the login environment files. The Enterprise Edition contains a total of 78 scripts and includes all the scripts in the Demo Edition as well as the login environment files. (Some of the Enterprise Edition scripts work only on Solaris, AIX or HP-UX - see the list below.) The Master Edition includes the Professional Edition and the Enterprise Edition for a total of 106 scripts and over 7,000 lines of code. Click on the script names (below) to view the manual pages for the scripts.

The Portable Unix Shell Environment

The Portable Unix Shell Environment (PUSE) is a set of Korn shell login environment files and about 80 Korn shell, Perl and Expect scripts that have been ported to several versions of Unix. It is distributed at no charge as open source software. The scripts, which can be used independently of the login environment files, include general utility scripts and systems administration scripts.

The