Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: System Administration utilities

  1. #1
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901

    System Administration utilities

    System Administration Utilites posted Today 11:10 AM
    (post #1)

    Hello everyone. I was wandering about what system administration tools you people use. Tell me/us about all the important tools that you think are important in order to administrate buisiness computers in or outside of a network. Define every tool, as in why you choose that specific one, and which tools are essential in order to administrate a system/network succesfully.

    In my case for my company, my most important tools in order to maintain our system are:

    For the *nix boxes and network :

    ping - to see if hosts are up and/or lagging

    traceroute - to see which ways packets travel in order to reach their destination

    ethereal/tcpdump - to see what kind of packets are in transit

    rsync/tar - for backups (in my case we have a seperate backup server)

    nslookup - to test and query dns

    vi - edit important files, and setup scripts

    ipconfig - to see and edit NIC configurations such as ip, GW, netmasks, up/down

    sudo - allow certain users to perform certain administration tasks

    saint - my personal favourite security testing util

    nmap - just to check for open ports easily

    john - detect weak passwords for our users (so i can tell them to change it if its not strong)

    netstat - to monitor active connections

    Xlogmaster - to see whats trying to connect to our servers and react accordingly

    dns - to test and query dns


    For the win boxes (mainly only clients) :

    Languard - to test security from a win system (just to compare it to saint)

    port-pro - to see active connections and which process they belong to.

    vnc servers - to be able to administrate the clients from my box in the basement

    ping/netstat/traceroute offcourse.



    Those are the tools i need on a daily basis in order to keep my boss happy and to make sure that our network and computers are functional. I did not include in this list programms such as AV, firewalls etc...since they are not essential administration tools.

    So.......what is it that you use in order to administrate systems/networks.

    Cheers

    Ummmm...sorry for the double thread, i had probs when uploading, i cant delete the other one, since the url seems to be bad I have mailed the webmaster asking him to remove the other one
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  2. #2
    Actually, I don't have to administrate a *nix network, just have linux at home. But I imagine you like using things to have an idea of what users are doing, which files are open and etc..
    who -who's online now?
    w - ah, and what they are doing..
    ps - used with aux , shows you what is being run. how much resources are they using? And the most important: it shows you the command line used, so if you see an user running a strange tool...
    lsof - list open files . Every file open is showed here. Could be quite useful to check for some trickery...
    find - find finds. everything. everytime. rocks. (argh! this explanation was nonsense.. ok, you know what find is. ;p)
    nc - for general connection purpose. UDP/TCP , etc, you name it.
    whisker - In case SAINT doesn't like messing with CGI (i've never used saint, so you can correct me ).. :-) .
    Hm.. you took all nice tools before me.. hehe.

  3. #3
    Junior Member
    Join Date
    Dec 2002
    Posts
    14
    I use GFi LAN Guard, Dameware (remote control), Winternals Admin Pack, eTrust IDS.

    GOD is my CEO.

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    Is it safe to assume that your job responsibilities as a sysadmin also include security administration.

    The reason I am asking is that many of the tools you listed above do not belong in the hands of a true sysadmin. They are intended for a security admins and some are even questionable at that (John for example). My view however is based on the type of organization I work for however (100,000 employee financial institution). I work for the security team, but if we had sysadmins using some of these tools, they would be out looking for another job.

    You may also want to add SSH to the list

  5. #5
    Senior Member
    Join Date
    Jan 2003
    Posts
    274
    I have a mixed job, I am the security/WAN guy

    My everyday tools:

    HP OpenView
    LanGuard
    Nessus
    Cisco Works
    Sniffer
    SSH.......lots of SSH
    Tacacs+
    Radius
    Ping Plotter
    Terminal Server
    MRTG
    JFFNMS
    Snort with SnortSnarf......lots of that too.
    and good ol' syslogd

    We also have a couple of custom coded apps that I use regularly as well as frequent visits to www.internettrafficreport.com

  6. #6
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Invictus, yeah. Officially im only the sysadmin, but due to the lack if personell i also do the security administration (extra $$ once in a while). Your right about you saying that

    The reason I am asking is that many of the tools you listed above do not belong in the hands of a true sysadmin. They are intended for a security admins and some are even questionable at that (John for example).
    Thing is to be honest, noone at my work (not even the manager) knows a thing about computers. I live in Greece in an area thats way behind (when i got there 6 months ago, they still had win98 as the main server, and not one other OS). Also due to the fact that i visited the SuSE linux seminars in sysadmin, netadmin, serveradmin,security admin (im in no sense an expert, just a little skilled) and know my way round computers in general has given me the position at work todo what ever i please (they never even had backups before i came), so im free to use any tools or methods i like. Because im efficient at work (the networks up and running which is a rare thing where i live), i get anything i need for the network (extra backup server, switch, routers, modems, monitors etc.... At the begining they had 3 stations, and 1 lil server all on win98. Now they have 13 stations + 4 servers (1 - backup, 2 - ftp/httpd, 3 - proxy/firewall, 4 - fileserver) + my private laptops that i use to administer their systems. So you could in a sense call be "bofh" (not so evil though) *ggf* j/k

    I admit i named alot of security features (although i use a load more like IDS, cracklibs, FW, AV, vpns etc.... and ofcourse (what i forgot to mention) things like who, w, ps, top, nice, man, ssh, etc..... (thanx for the reminders tatui ) and so on. Thanx for the comments, and common the rest of AO, what do you use, and WHY?

    Cheers everyone
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  7. #7
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    Posts
    670
    Originally posted here by iNViCTuS
    Is it safe to assume that your job responsibilities as a sysadmin also include security administration.

    The reason I am asking is that many of the tools you listed above do not belong in the hands of a true sysadmin. They are intended for a security admins and some are even questionable at that (John for example). My view however is based on the type of organization I work for however (100,000 employee financial institution). I work for the security team, but if we had sysadmins using some of these tools, they would be out looking for another job.

    You may also want to add SSH to the list
    Oh man...you're in for a rant.

    <rant>
    What? The tools listed don't belong in the hands of a true sysadmin? What the hell does that mean? Read up on your history. Sysadmins historically were the security heads of any company, and in many institutions that is still the case. I would consider myself to be a true sysadmin at my company, and I've got more brains than anyone on the security team. If you cannot trust your sysadmins with ALL of the tools listed above, you've got bigger problems than security from external sources. Your company must treat their sysadmins like endentured servants, and if that's the case I can understand the paranoia (yours and theirs). This growing trend of dumbing the duties of sysadmins down to brain-dead processes and dumping them in call centers is enough to make me vomit. And the "security engineer" position that has been gaining favor is a joke at many companies. They're hiring flunkies off the street and trying to teach them in 2 years what a system administrator spends a lifetime achieving, mostly because industry still can't seem to justify a significant expense for a real security engineer but feels they should do something. The brazenness of these kids telling seasoned administrators what they can and cannot do is a disgrace. A knowledgable sysadmin is someone to be valued, and not watched like a hawk by someone with less experience and less invested in the system than the sysadmin does. If you don't trust your sysadmin as you would your own mother, you're in trouble. As one of today's "security engineers", you may know how to plug a hole in a firewall, but if you can't restore a filesystem, build a kernel, or properly tune a system's performance you're nothing but excess baggage. In short, if you were on my network, every system would have the following banner in /etc/issue:

    ATTENTION SECURITY MONKEY:
    KEEP YOUR DAMN DIRTY HANDS OFF MY ACCOUNT!
    Love,
    Your Lord God on High, root

    </rant>

    Ah...I feel better! I had to get that off my chest.
    /* You are not expected to understand this. */

  8. #8
    Senior Member
    Join Date
    Dec 2002
    Posts
    110
    I disagree Roswell1329. Most sysadmins I know, and that is a lot, are totally clueless about security beyond setting length passwords. To be a truly good sysadmin you already have a
    shite load of stuff to learn. To expect a sys admin to then go ahead and learn how to properly
    secure the system is just too much.
    System security is finally coming to the forefront for obvious reasons. It is not feasible to have
    a sys admin who can do sys security, and or vice versa. There is just too much to learn.

  9. #9
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    Posts
    670
    Originally posted here by don
    I disagree Roswell1329. Most sysadmins I know, and that is a lot, are totally clueless about security beyond setting length passwords.
    That was part of my point. The sysadmin positions these days are being dumbed down to the same level as a phone tech -- and treated as such, and the security admin position seems to be getting more attention lately. Unfortunately, while the new crop of security admins can protect your network, they can't keep it running. It wasn't always like that.

    Originally posted here by don
    I To be a truly good sysadmin you already have a shite load of stuff to learn. To expect a sys admin to then go ahead and learn how to properly secure the system is just too much. System security is finally coming to the forefront for obvious reasons. It is not feasible to have a sys admin who can do sys security, and or vice versa. There is just too much to learn.
    I agree with you here that the amount of information out there is growing significantly. It takes longer now for a sysadmin to reach veteran status, but it can still be done. I will concede that the work should be split up, but I feel that the security team should be a component of the system administration team. The two should not be working independently. Two teams working independently creates conflict and they can override each other's solution to a problem. Security and system administration parallel each other too closely. It is still extremely valuable to have one team with intimate knowledge of the system including its security features. It may make sense to distribute the work amongst a group of administrators, but don't divide the disciplines.
    /* You are not expected to understand this. */

  10. #10
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    I have to agree with roswell1329.

    It is not feasible to have a sys admin who can do sys security, and or vice versa. There is just too much to learn.
    I don't agree with that. To be a good sysadmin, you must know both. If you aren't up to the task of learning both... you shouldn't have the job.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •