January 20, 2006

My sysadmin toolbox

Author: Javier de Miguel Rodríguez

I work as a senior sysadmin for the University of Seville in Spain, where we use a myriad of operating systems. Here are the top 10 utilities I use in my daily basic admin activities.

netcat

Netcat is a networking utility that reads and writes data across network connections, using the TCP/IP protocol. It is designed to be a reliable back-end tool that can be used directly, or easily driven by other programs and scripts.

At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you need, and has several interesting built-in capabilities.

I use netcat as my "TCP/IP Swiss Army Knife." I can clone systems using the combo of netcat and the dd utility. I can test connectivity using raw communications, because netcat has no formatting like in Telnet. Also, netcat works over UDP, which Telnet does not. I use netcat as a "network pipe," sending data across the network.

IPTraf

IPTraf is a console-based network statistics utility for Linux. It gathers a variety of figures, such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts.

I use IPTraf extensively on my perimeter security system. I can analyze how much bandwidth is used in real time, watch the network connections, and create powerful customized filters to see details about a server or source address.

Mutt

"All mail clients suck. This one just sucks less." Mutt is a small but powerful text-based mail client for Unix operating systems. It has a lot of features, full POP(S)/IMAP(S) support, and best of all, it's highly customizable. If you have to read a lot of mail stored on an IMAP server with a slow Internet connection, Mutt is a good choice. You have a lot of power at your fingerprints for sorting, searching, and filtering with minimal bandwidth usage.

ClamAV

This GPLed antivirus application provides fast virus database updates, multiplatform support, great community support, and fast scanning. I have ClamAV installed on an Alpha DS20 qmail Linux mail server analyzing 30GB of mail every day, and it rocks! We use ClamAV to scan qmail mail servers, Squid proxy servers, and Samba file servers. It has saved us a lot of money in our antivirus strategy.

nmap

Nmap ("Network Mapper") is an open source utility for network exploration and security auditing. Nmap can determine what hosts are available on the network, what services those hosts are offering (including application name and version), what operating systems and version they are running, what type of packet filters and firewalls are in use, and dozens of other characteristics.

I scan my network daily to detect unexpected changes in my setup. Sometimes another admin has launched an unnecessary daemon, or perhaps there has been a version change after patching a system. I need to know this, since we have almost 20 sysadmins and somebody must have a "sky vision" of our systems. This process is fully automated, so if I want to know about what has changed in a system in the past seven days, I only have to launch a script to find out when, who, and what has changed.

LFTP

If you need to download something from a remote system, LFTP is terrific tool. It supports FTP, HTTP, SFTP, FISH, and HTTPS network transfers, can create bookmarks, supports background downloads and auto resuming, job queuing, and a myriad of advanced options for transferring files quickly and safely from A to B.

file

Sometimes somebody sends our management a file we do not know how to cope with. Is a PowerPoint presentation? A Word file? What in the heck is a .ndx file? Maybe the sender changed the extension?

The file command tests each argument in an attempt to classify it. There are three sets of tests, performed in this order: filesystem tests, magic number tests, and language tests. With file, we can accurately determine what kind of file we're dealing with, and open it with the proper viewer.

Perl

Perl is simply the best programming language for system administrators. I can automate almost any task using Perl. I have the power of bash, sed, awk, and C at my fingertips with Perl, and Perl works on almost any platform. Using modules from the Comprehensive Perl Archive Network (CPAN), it has almost infinite extensibility, full database connectivity, and Unicode support. Also, it has the ability to frighten junior sysadmins, making them think before typing.

Subversion

When you have almost 200 Unix, Linux, and Mac OS X servers, you must know who, when, and what has changed in that file in /etc on server #153. Subversion is perfect for this. All of our sysadmins use Subversion when they create or modify configuration files, so we have a central repository of changes to our systems.

We can roll back configs, compare files in two similar (but not identical) systems, create "system skeletons" for fast system reconfiguration, and keep a vigilant eye out for changes in a centralized way. Subversion is not for developers only!

tcpdump

Sometimes I need to know exactly what is crossing the wire. Tcpdump is a great tool to analyze network traffic. It can capture all the network traffic (not only headers), and can save it for analysis in a standard Packet Capture (pcap) file, which can be analyzed later with tools like Ethereal.

Let us know about your most valuable utilities (there need not be 10 of them), and if we publish your work, we'll pay you $100.

Click Here!