November 1, 2005

My sysadmin toolbox

Author: Joe 'Zonker' Brockmeier

Every administrator has a set of software tools that he just can't live without. These are the utilities that you install as soon as you log into a new machine, to help make day-to-day tasks a little easier. Here are my top 10 tools.


Since I spend a lot of my time working with text files, either when I'm writing and editing or when I'm mucking with configuration files and shell scripts, I've become very attached to my editor of choice -- Vim.

Over the years, I've tried a lot of other editors, but none of them has been sufficient to coax me away from Vim. Part of the reason for that is the fact that I no longer have to think about using Vi-style keybindings, and adjusting to anything else would seriously hinder my productivity.

But there are also a lot of features in Vim that I use extensively -- split window modes, encryption, macros and text expansion, syntax highlighting, and many other features that help shave time off of repetitive tasks or generally make life a little easier. And, despite having used Vim for several years, I'm still discovering new features or tricks that make me a little more productive.

GNU Screen

The first time I read about GNU Screen, I thought it was a bit of a silly program. Why not just open a bunch of xterms, instead of mucking about with all the complex keybindings used by Screen to switch between its windows? Sure, it might be useful if you only work from the console, but how many folks really do that anymore?

Then I actually spent a little bit of time with Screen, and I found out what a valuable utility it really is. Instead of worrying about dozens of xterms, I could have a single terminal window with multiple Screen windows that I could switch between easily and quickly.

The other thing I have found to be extraordinarily useful about Screen is that it can be used as a kind of VNC for the console. Screen allows a console session to be "detached" from the console or xterm, so that the job is still running but not displayed on that console any longer. You can then resume the screen session from the same console or terminal emulator, or you can resume the session from another console entirely.

Let's say you're at work, and you start a long-running process that you'll need to monitor at periodic intervals, but you don't want to have to stay at work for the next few hours to watch it. Simply fire up a Screen process, start your job, then head home and reattach to the Screen process and see the status of that job.

Screen even allows you to monitor a window for its status, so that activity or a period of inactivity will send a message to the current Screen window. This way you can write an email message while waiting for that long-running job to finish -- and be notified as soon as it's finished, rather than having to switch back and forth periodically.


CDargs provides a browser and bookmarks for navigating directories at the shell. I recently covered it in detail.

This utility makes it easy to navigate the directory structure without doing a lot of typing, or doing silly things like creating symlinks to directories deeper in the directory structure, or having to define shell variables.

CDargs has two basic modes of operation. One is the shell browser that allows you to navigate using a text menu; the other uses the shell builtin cdb and your bookmarks. For example, instead of having to type cd /var/www/website/cgi-bin, you can create a bookmark for the directory called "cg" (or whatever you prefer) and use cdb cg. This utility has saved me many a keystroke over the years.

GNU Wget

GNU Wget is a non-interactive download tool that can grab files via HTTP, HTTPS, and FTP.

Want to retrieve a long list of files, like the CD ISOs for the SUSE 10.0 release? Just feed Wget a text file with the URLs, and let it run in the background while you work on other tasks. Wget is also useful for grabbing MP3 albums from sites such as Magnatune.

Wget works well in shell scripts where you need to retrieve files without any user intervention. It supports cookies, authentication, proxies, and many other features that make it ideal for scripting and even for testing Web sites.

Domain Internet Groper (DIG)

If you find yourself spending time troubleshooting DNS issues, you'll find DIG useful. The DIG utility is actually part of the BIND distribution, but it can be (and often is) installed separately from BIND -- usually as part of a DNSutils package for most distros.

With DIG, you can perform DNS lookups and query nameservers directly in order to troubleshoot DNS. Many people would be surprised by how many problems in a Web services environment can be traced back to problems with DNS, so it's a good idea to save yourself time and trouble by testing the obvious problems -- such as DNS failures -- first.


Another program that I use frequently is pwgen, a utility to create random passwords. If you need to create user accounts with random passwords, this is a quick and easy way to come up with reasonably secure passwords.

Pwgen creates passwords that are supposed to be easy to memorize, and I have found that to be true, most of the time. This is a major bonus when you need to remember a large number of passwords over time, which is a pretty common condition for admins and for users who work in environments that require a new password at regular intervals. (I could explain why I think mandatory password aging is a very bad idea, but that's a topic for another day.)

If you use pwgen interactively without passing it any arguments or options, it will generate a screenful of passwords that you can choose from. If you use pwgen in a script or pipe the output to another command, it will simply generate one password -- which makes it useful if you need to incorporate it into a script to generate new user accounts.

By default, pwgen creates passwords that are eight characters long, with at least one capital letter and one numeral. The passwords are pronounceable, sometimes with a little imagination, but not taken from the dictionary -- so there's very little likelihood that a dictionary attack would work against any password generated by pwgen.


In the past, I did most of my CD-to-MP3 conversion with Grip, but since I was turned on to abcde, I've started using it more and more.

Basically, abcde (like Grip) is a front-end for cdparanoia, lame, and other utilities to convert an audio CD to your favorite digital audio format. (Assuming your favorite digital audio format happens to be WAV, MP3, Ogg/Vorbis, Ogg/Speex, Flac, or another supported format....)

Once you configure abcde, all you need to do is pop the CD into the drive, run abcde, and let it rip.

Sure, this doesn't sound like a productivity tool, but it's hard to spend eight (or more) hours at a computer without a little music.


I prefer to install software from native packages meant for my distribution, from the vendor or project that publishes the distro, as much as possible. This has a number of advantages, not the least of which is that I don't have to recompile the software myself whenever there's a security update or bug fix for the software.

However, there are a lot of instances where this just isn't possible. Maybe the software isn't available for the distro that I'm using, or I need to use a newer version that's not available from the vendor or project. In those cases, I still like to build a native package so that it's easier to manage than just installing directly from source code.

For those cases, I use CheckInstall to simplify creating a package. CheckInstall lets me create an RPM, Debian package, or Slackware package almost as easily as compiling software from source. Instead of running ./configure; make; make install I just run ./configure; make; checkinstall.

I've been using CheckInstall for several years, and I've never run into a problem with any of the packages it creates. It's also handy for rolling packages for limited distribution -- for example, when I want to install a piece of software on three or four machines without needing to compile it separately on each system.


Okay, why on Earth would anyone still want to use Telnet? Rather than using Telnet for connecting to a remote shell, I use Telnet to test services.

For example, if I want to test a mail server, I can simply run telnet servername 25 to connect to the remote server and test sending a message via SMTP. This works well with a number of protocols: POP3, IMAP, HTTP, and even HTTPS and IMAPS if you have a Telnet client with SSL support. If you "speak" the protocol you're testing, you can find out a lot using Telnet to "talk" directly to a service.

What I don't use Telnet for is to log into remote systems for work at the shell. If I need to log into a remote system, which is pretty often, I turn to OpenSSH instead.


Another tool I use frequently is rsync, a utility that provides incremental file transfer, meaning that rsync doesn't need to send the entire file every time. It can also update entire directory structures, omit specific types of files (such as .bak files), and generally provides an excellent way to synchronize files from one host to another.

I use three different workstations on a regular basis, and the best way for me to keep important files synchronized is to use rsync to sync up the files. I run a short script every hour that synchronizes my configuration files and my personal "bin" directory with my scripts, and another script that copies my writing, MP3s, and other data every night. Instead of backing up to optical media or a tape drive, I just back up my data on multiple machines with rsync.


So there you have it -- my top 10 in order of general usage. There are plenty of other useful tools for admins out there, and a number of other utilities that I use regularly. Maybe some of them are on your top 10 list. Let us know about your most valuable utilities (there need not be 10 of them), and if we publish your work, we'll pay you $100.

Click Here!