-
January 31st, 2003, 10:21 AM
#1
System Administration utilities
System Administration Utilites posted Today 11:10 AM
(post #1)
Hello everyone. I was wandering about what system administration tools you people use. Tell me/us about all the important tools that you think are important in order to administrate buisiness computers in or outside of a network. Define every tool, as in why you choose that specific one, and which tools are essential in order to administrate a system/network succesfully.
In my case for my company, my most important tools in order to maintain our system are:
For the *nix boxes and network :
ping - to see if hosts are up and/or lagging
traceroute - to see which ways packets travel in order to reach their destination
ethereal/tcpdump - to see what kind of packets are in transit
rsync/tar - for backups (in my case we have a seperate backup server)
nslookup - to test and query dns
vi - edit important files, and setup scripts
ipconfig - to see and edit NIC configurations such as ip, GW, netmasks, up/down
sudo - allow certain users to perform certain administration tasks
saint - my personal favourite security testing util
nmap - just to check for open ports easily
john - detect weak passwords for our users (so i can tell them to change it if its not strong)
netstat - to monitor active connections
Xlogmaster - to see whats trying to connect to our servers and react accordingly
dns - to test and query dns
For the win boxes (mainly only clients) :
Languard - to test security from a win system (just to compare it to saint)
port-pro - to see active connections and which process they belong to.
vnc servers - to be able to administrate the clients from my box in the basement
ping/netstat/traceroute offcourse.
Those are the tools i need on a daily basis in order to keep my boss happy and to make sure that our network and computers are functional. I did not include in this list programms such as AV, firewalls etc...since they are not essential administration tools.
So.......what is it that you use in order to administrate systems/networks.
Cheers
Ummmm...sorry for the double thread, i had probs when uploading, i cant delete the other one, since the url seems to be bad I have mailed the webmaster asking him to remove the other one
Ubuntu-: Means in African : "Im too dumb to use Slackware"
-
January 31st, 2003, 01:32 PM
#2
Actually, I don't have to administrate a *nix network, just have linux at home. But I imagine you like using things to have an idea of what users are doing, which files are open and etc..
who -who's online now?
w - ah, and what they are doing..
ps - used with aux , shows you what is being run. how much resources are they using? And the most important: it shows you the command line used, so if you see an user running a strange tool...
lsof - list open files . Every file open is showed here. Could be quite useful to check for some trickery...
find - find finds. everything. everytime. rocks. (argh! this explanation was nonsense.. ok, you know what find is. ;p)
nc - for general connection purpose. UDP/TCP , etc, you name it.
whisker - In case SAINT doesn't like messing with CGI (i've never used saint, so you can correct me ).. :-) .
Hm.. you took all nice tools before me.. hehe.
-
January 31st, 2003, 01:42 PM
#3
Junior Member
I use GFi LAN Guard, Dameware (remote control), Winternals Admin Pack, eTrust IDS.
GOD is my CEO.
-
January 31st, 2003, 01:43 PM
#4
Is it safe to assume that your job responsibilities as a sysadmin also include security administration.
The reason I am asking is that many of the tools you listed above do not belong in the hands of a true sysadmin. They are intended for a security admins and some are even questionable at that (John for example). My view however is based on the type of organization I work for however (100,000 employee financial institution). I work for the security team, but if we had sysadmins using some of these tools, they would be out looking for another job.
You may also want to add SSH to the list
-
January 31st, 2003, 01:50 PM
#5
I have a mixed job, I am the security/WAN guy
My everyday tools:
HP OpenView
LanGuard
Nessus
Cisco Works
Sniffer
SSH.......lots of SSH
Tacacs+
Radius
Ping Plotter
Terminal Server
MRTG
JFFNMS
Snort with SnortSnarf......lots of that too.
and good ol' syslogd
We also have a couple of custom coded apps that I use regularly as well as frequent visits to www.internettrafficreport.com
-
January 31st, 2003, 02:10 PM
#6
Invictus, yeah. Officially im only the sysadmin, but due to the lack if personell i also do the security administration (extra $$ once in a while). Your right about you saying that
The reason I am asking is that many of the tools you listed above do not belong in the hands of a true sysadmin. They are intended for a security admins and some are even questionable at that (John for example).
Thing is to be honest, noone at my work (not even the manager) knows a thing about computers. I live in Greece in an area thats way behind (when i got there 6 months ago, they still had win98 as the main server, and not one other OS). Also due to the fact that i visited the SuSE linux seminars in sysadmin, netadmin, serveradmin,security admin (im in no sense an expert, just a little skilled) and know my way round computers in general has given me the position at work todo what ever i please (they never even had backups before i came), so im free to use any tools or methods i like. Because im efficient at work (the networks up and running which is a rare thing where i live), i get anything i need for the network (extra backup server, switch, routers, modems, monitors etc.... At the begining they had 3 stations, and 1 lil server all on win98. Now they have 13 stations + 4 servers (1 - backup, 2 - ftp/httpd, 3 - proxy/firewall, 4 - fileserver) + my private laptops that i use to administer their systems. So you could in a sense call be "bofh" (not so evil though) *ggf* j/k
I admit i named alot of security features (although i use a load more like IDS, cracklibs, FW, AV, vpns etc.... and ofcourse (what i forgot to mention) things like who, w, ps, top, nice, man, ssh, etc..... (thanx for the reminders tatui ) and so on. Thanx for the comments, and common the rest of AO, what do you use, and WHY?
Cheers everyone
Ubuntu-: Means in African : "Im too dumb to use Slackware"
-
January 31st, 2003, 05:07 PM
#7
Originally posted here by iNViCTuS
Is it safe to assume that your job responsibilities as a sysadmin also include security administration.
The reason I am asking is that many of the tools you listed above do not belong in the hands of a true sysadmin. They are intended for a security admins and some are even questionable at that (John for example). My view however is based on the type of organization I work for however (100,000 employee financial institution). I work for the security team, but if we had sysadmins using some of these tools, they would be out looking for another job.
You may also want to add SSH to the list
Oh man...you're in for a rant.
<rant>
What? The tools listed don't belong in the hands of a true sysadmin? What the hell does that mean? Read up on your history. Sysadmins historically were the security heads of any company, and in many institutions that is still the case. I would consider myself to be a true sysadmin at my company, and I've got more brains than anyone on the security team. If you cannot trust your sysadmins with ALL of the tools listed above, you've got bigger problems than security from external sources. Your company must treat their sysadmins like endentured servants, and if that's the case I can understand the paranoia (yours and theirs). This growing trend of dumbing the duties of sysadmins down to brain-dead processes and dumping them in call centers is enough to make me vomit. And the "security engineer" position that has been gaining favor is a joke at many companies. They're hiring flunkies off the street and trying to teach them in 2 years what a system administrator spends a lifetime achieving, mostly because industry still can't seem to justify a significant expense for a real security engineer but feels they should do something. The brazenness of these kids telling seasoned administrators what they can and cannot do is a disgrace. A knowledgable sysadmin is someone to be valued, and not watched like a hawk by someone with less experience and less invested in the system than the sysadmin does. If you don't trust your sysadmin as you would your own mother, you're in trouble. As one of today's "security engineers", you may know how to plug a hole in a firewall, but if you can't restore a filesystem, build a kernel, or properly tune a system's performance you're nothing but excess baggage. In short, if you were on my network, every system would have the following banner in /etc/issue:
ATTENTION SECURITY MONKEY:
KEEP YOUR DAMN DIRTY HANDS OFF MY ACCOUNT!
Love,
Your Lord God on High, root
</rant>
Ah...I feel better! I had to get that off my chest.
/* You are not expected to understand this. */
-
January 31st, 2003, 05:30 PM
#8
I disagree Roswell1329. Most sysadmins I know, and that is a lot, are totally clueless about security beyond setting length passwords. To be a truly good sysadmin you already have a
shite load of stuff to learn. To expect a sys admin to then go ahead and learn how to properly
secure the system is just too much.
System security is finally coming to the forefront for obvious reasons. It is not feasible to have
a sys admin who can do sys security, and or vice versa. There is just too much to learn.
-
January 31st, 2003, 06:23 PM
#9
Originally posted here by don
I disagree Roswell1329. Most sysadmins I know, and that is a lot, are totally clueless about security beyond setting length passwords.
That was part of my point. The sysadmin positions these days are being dumbed down to the same level as a phone tech -- and treated as such, and the security admin position seems to be getting more attention lately. Unfortunately, while the new crop of security admins can protect your network, they can't keep it running. It wasn't always like that.
Originally posted here by don
I To be a truly good sysadmin you already have a shite load of stuff to learn. To expect a sys admin to then go ahead and learn how to properly secure the system is just too much. System security is finally coming to the forefront for obvious reasons. It is not feasible to have a sys admin who can do sys security, and or vice versa. There is just too much to learn.
I agree with you here that the amount of information out there is growing significantly. It takes longer now for a sysadmin to reach veteran status, but it can still be done. I will concede that the work should be split up, but I feel that the security team should be a component of the system administration team. The two should not be working independently. Two teams working independently creates conflict and they can override each other's solution to a problem. Security and system administration parallel each other too closely. It is still extremely valuable to have one team with intimate knowledge of the system including its security features. It may make sense to distribute the work amongst a group of administrators, but don't divide the disciplines.
/* You are not expected to understand this. */
-
January 31st, 2003, 06:31 PM
#10
I have to agree with roswell1329.
It is not feasible to have a sys admin who can do sys security, and or vice versa. There is just too much to learn.
I don't agree with that. To be a good sysadmin, you must know both. If you aren't up to the task of learning both... you shouldn't have the job.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|