Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Software Linux

Top Ten Linux Configuration Tools? 651

Posted by Cliff
from the what-no-admin-should-be-without dept.
jman251 asks: "I am presenting at a conference in September on a couple of Linux-centric topics. One of these is a collection of tips, tricks, and tools for configuring, securing, and maintaining a Linux-based server. I have a short list of tools I use, but would like some community input on the subject. What tools do you use that make your admin responsibilities easier or more automated on the Linux platform?"
This discussion has been archived. No new comments can be posted.

Top Ten Linux Configuration Tools?

Comments Filter:
  • Make :)
    • by MrChuck (14227) on Wednesday July 14, 2004 @07:41PM (#9702814)
      You don't admin a domain with "vi" [where by vi I mean all editors].

      • Task: Add this printer to 200 machines. You have 5 different un*xes (and different versions of each of those around).
      • We need to change the sudo file on 200 servers.
        no, nfs is not used
      • Update /etc/mail/access on 6 machines in 4 locations (and 3 continents). Oh, we forgot this, do it again.
      • Make sure $THIS is in the sybase's crontab on all the sybase server.
      • Patch all the Solaris 7 machines with this new patch cluster. It's urgent. (and we have 50 of those machines scattered around the world).
      • Change the (locally stored) root password on all the machines we take care of because X just got fired, but we couldn't tell you till now).
      • Rebuild the 2 HA database servers (one at a time) and make sure they have the current patches and access to the new partitions on the SAN
      vi! webmin. heh.

      My partner took the Solaris Advanced Certification tests (someone else was paying and what the hell). She screwed up the parts about AdminTool. Someone who'd been using Unix since the 80s. She came home raging: AdminTool!! If I ever hired a senior admin and they kicked up admin tool, I'd fire them before the windows finished opening.

      I find these single machine solutions quite quaint.

      No, I'm delighted to have my cfengine scripts that go through /etc/ and make sure that inetd.conf is stripped, and that rpcbind and nfs aren't running on standalone servers and that the Right Stuff is in the Right Config files and that permissions are correct.

      Best part is that I can run it again anytime later to redo that (or with '-n' to just show me what's changed).

      And if it uses CVS to pull down $Today's configs, then so be it.

  • rm (Score:5, Funny)

    by bobthemuse (574400) on Wednesday July 14, 2004 @02:41PM (#9699994)
    rm -rf /home

    That'll teach those pesky users....
  • Xconfigurator (Score:2, Interesting)

    Xconfigurator used to be the key thing if you had any graphical needs. But the KDE GUI makes all that graphical tweaking as transparent as windows desktop nowadays.

  • Webmin all the way (Score:5, Interesting)

    by tntguy (516721) * on Wednesday July 14, 2004 @02:41PM (#9700002)
    Webmin [webmin.com]. Grab Usermin [webmin.com] while you're there.
    • by desiderius7 (725724) <justinpw@gmai l . com> on Wednesday July 14, 2004 @03:11PM (#9700411) Homepage Journal
      Amen to that. Being responsible for the administration of about 10 linux boxes that each provide a unique variety of services, Webmin has been invaluable. If I didn't have Webmin, all of my tasks performed through the shell would take about 10 times longer than they currently do from a browser that can lay out my options much more nicely. The key is to know/learn how to do what you want to do from the shell first, so that you have the understanding (and for emergencies), but to then use Webmin to boost your efficiency and help remind you of things that a blank console doesn't.
      • by Anonymous Coward on Wednesday July 14, 2004 @03:55PM (#9700971)
        Webmin's all well and good for a few machines. But if you're employed maintaining 100s of machines, there are very few real and free options, and I don't personally think webmin is one of them, unless it's become much more scriptable than when I last checked.

        cfengine works really well, but you don't appreciate its features until you hit the 70+ machine mark - the "trick" is that cfengine with it's inheritance and boolean class logic excels for systems that are different but have bits in common. Such different bits ALWAYS turn up with 70+ machines, simply because PC-class hardware's failure rate means something will have been changed on some machine somewhere at any given time. But if you've only got tens of machines runnning one OS rather than hundreds running five different OSes, it all seems like very hard work to set up your cfengine configuration files. The other "trick" is that cfengine is mostly multiuser and you can allow different users perform different actions, so when you've got a team of admins of different ability,
        johnny-adds-visitor-laptops-to-vlan-17 just can't fuck up mordred-rules-production-database-servers-with-iro n-fist's work, yet _can_ have role-based limited admin abilities.

        • I second cfengine (Score:3, Interesting)

          by kaybee (101750)
          Admitedly when I started writing my book (Automating UNIX and Linux Administration) I had barely used cfengine and it was going to be just a small part of my book, but it turned out that I liked it so much that it became one of the major focuses in the book.

          I think that even with as few as 5 systems it is worth the effort... especially if the systems are largely similar.
    • by wo1verin3 (473094)
      At the risk of being redundant, when I stumbled across Webmin I was amazed at how simple it made some tasks such as playing with mysql DBs without knowing the syntax. I was new to linux at the time and although knowing the syntax for commands is important, this was a good tool to help me learn.
  • Webmin is nice (Score:3, Informative)

    by arfonrg (81735) on Wednesday July 14, 2004 @02:41PM (#9700004)
    I use it on several of my servers to do basic configuration.
    • Re:Webmin is nice (Score:5, Informative)

      by John Hurliman (152784) on Wednesday July 14, 2004 @02:48PM (#9700112) Homepage
      I'd put Webmin on my #1 list for best Linux admin tools. phpmysql is probably second (or the postgresql equivalent), and all the necessary toolkit apps like nmap, ethereal, netcat, etc.
  • by Anonymous Coward on Wednesday July 14, 2004 @02:41PM (#9700006)
    su
    df
    du
    ls
    rm
    passwd
    chown
    vi
    more
    bash

    Hey, you asked for it - No clicky links to read.
    • su
      df
      du
      ls
      rm
      passwd
      chown
      vi
      more
      bash

      s/more/less/

      Your comment has too few characters per line (currently 3.6).

      • by Rei (128717) on Wednesday July 14, 2004 @03:50PM (#9700905) Homepage
        I'm reminded a bit of the ABCs of UNIX here...

        A is for awk, which runs like a snail
        B is for biff, which reads all your mail
        C is for cc, as hackers recall
        D is for dd, the command that does all
        E is for emacs, which rebinds your keys
        F is for fsck, which rebuilds your trees
        G is for grep, a clever detective
        H is for halt, which may seem defective
        I is for indent, which rarely amuses
        J is for join, which nobody uses
        K is for kill, which makes you the boss
        L is for lex, which is missing from DOS
        M is for more, from which less was begot
        N is for nice, which really is not
        O is for od, which prints out things nice
        P is for passwd, which reads in strings twice
        Q is for quota, a Berkeley-type fable
        R is for ranlib, for sorting a table
        S is for spell, which attempts to belittle
        T is for true, which does very little
        U is for uniq, which is used after sort
        V is for vi, which is hard to abort
        W is for whoami, which tells you your name
        X is, well, X, of dubious fame
        Y is for yes, which makes an impression, and
        Z is for zcat, which handles compression
    • by hackstraw (262471) * on Wednesday July 14, 2004 @03:01PM (#9700293)
      su -- better sudo keeps your root password better kept, does more logging, etc

      more -- better less (Its not the 70s anymore people, you can search and go backwards in files since less first came about in the mid 80s. With the LESSOPEN varible set to something useful you can "browse" many, many filetypes too).

      bash -- better zsh My shell can do anything your shell can do, but better!
    • I recently discoverd that I can use nohup to start a lengthy process from a remote ssh session, hang up, and check on it later. for example...

      nohup emerge sync &
      ( or nohup make && make install & )
      tail -f nohup.out
      exit

      This is the coolest thing in the world, because I can logout, the process keeps running, and I can check on the progress later from another location.

      This is probably no suprise to the graybeards out there, but is sparkly to a n00b like me.
      • by stevey (64018) on Wednesday July 14, 2004 @03:24PM (#9700569) Homepage
        I can logout, the process keeps running, and I can check on the progress later from another location.

        Whilst you are correct this works for non-interactive processes, you can't use nohup to keep a copy of say, Lynx, running when you logout. Then return to it later and pick off where you left it.

        Instead you should look at GNU Screen [gnu.org] which allows this and more.

        (It's essentially a windowing system for consoles, with the ability to detach and resume at will, and definately one of my top ten Unix utilities).

        Here is one Screen tutorial [kuro5hin.org] which explains basic operation well.

  • Not The FP (Score:5, Insightful)

    by jo42 (227475) on Wednesday July 14, 2004 @02:42PM (#9700010) Homepage

    man and vi

    Seriously.

  • Vim and regex (Score:4, Insightful)

    by sielwolf (246764) on Wednesday July 14, 2004 @02:42PM (#9700018) Homepage Journal
    That's all ya need ;p
  • Doom... (Score:4, Interesting)

    by lordbry (46768) on Wednesday July 14, 2004 @02:42PM (#9700020)
    As admin tool.

    http://www.cs.unm.edu/~dlchao/flake/doom/
  • by Coneasfast (690509)
    most configuration takes place in config files, in /etc , etc... sometimes you can never find the right tool for configuration, so i just stick to editing them manually

    i like using 'mc' as a good editor and file manager, helps me setup and configure my system very quickly
  • In a word (Score:5, Interesting)

    by Camel Pilot (78781) on Wednesday July 14, 2004 @02:43PM (#9700027) Homepage Journal
    "What tools do you use that make your admin responsibilities easier or more automated on the Linux platform"

    Perl is your friend
  • Hmm.. (Score:5, Funny)

    by wbav (223901) <Guardian.Bob+Slashdot@gmail.com> on Wednesday July 14, 2004 @02:43PM (#9700028) Homepage Journal
    Most of the pc's I see are windows, so I'd have to say my most used tool is fdisk.

    Knoppix is a nice solution too when I don't have time.
  • by bdigit (132070) on Wednesday July 14, 2004 @02:43PM (#9700030)
    I use Computer Management. It's located under Administrative Tools in the Control Panel. It's really great for... wait a minute... looks around... wrong site...

    takes a couple steps back...

  • aptitude
  • My at least top 4...

    grep
    gawk
    xargs
    for
  • by -dsr- (6188) on Wednesday July 14, 2004 @02:45PM (#9700058) Homepage Journal
    CVS or your favorite equivalent is vital in any multi-sysadmin environment. Operating without your configurations in CVS is like juggling priceless eggs in variable gravity.
    • by hackstraw (262471) * on Wednesday July 14, 2004 @02:56PM (#9700224)
      Also, it kills me to see *NIX people still using passwords all the damn time. CVS + ssh keys = godlike.

      Things I do. syslog to a common place. I have cloning scripts to dup a machine to a basic setup (poor mans jumpstart but faster and easier).

      Perl and sed come in handy. Rsync (again with ssh keys) is good.

      Oh yeah, /usr/local over nfs is good too. The only issue is that you may have to configure some packages to use a local filesystem for configuration files, keys, etc.

      With these tips and tricks I can do whatever I need to do over a dialup connection anywhere in the world (I've only tested this from coast to coast in the US thought, but I believe it will scale worlwide :)

  • Hmmmmm. (Score:5, Funny)

    by eigerface (526490) on Wednesday July 14, 2004 @02:45PM (#9700067)

    Emacs! No, vi! No, Arrrrrrgh!
  • CSSH (Score:2, Interesting)

    by olympus_coder (471587) *
    Run all the servers (or lab gentoo boxes) at once. Great for mass updates,testing, etc.

    Source Forge Page [sourceforge.net]
  • What else could you want? I sup[pose you could pipe the found filenames into `vim` and get it to open on the regex.

  • Tripwire (Score:5, Informative)

    by nharmon (97591) on Wednesday July 14, 2004 @02:46PM (#9700075) Homepage
    Tripwire is a very easy to use intrustion detection system. If you follow the documentation, and implement it properly (storing the statically linked binary + database files on read-only media), it will make things very hard on a potential hacker.
    • Re:Tripwire (Score:3, Informative)

      by EvilAlien (133134)
      Tripwire != IDS

      Tripwire is a file integrity auditing tool to ensure that files that should remain static do in fact remain static.

      I would have to say that the top of any config tool list will have to be $favoritetexteditor. Each distribution is going to have a number of tools, both text and GUI, but the text editior rules *NIX when it comes down to indispensible configuration tools. Webwin deserves to be on the list just because it is a non-distro specific config tool... I personally don't use it, but

    • RPM (Score:3, Interesting)

      by Nailer (69468)
      RPM records the MD5sum, change time, permissions, and a bunch of other stuff on every file it installs.

      This is saved into the RPM database in /var/lib/rpm.

      You can use RPM as an IDS by backing up the database to a read-only media and then use, for example:

      rpm -V coreutils procps net-tools --dbpath /mnt/cdrom

      To see if someone's installed a root kit (if someone has, they'll have to at least modify top, ps, and netstat, which are included in these packages).

      Unlike tripwire, you're not forever having to upd
  • /bin/bash (Score:5, Insightful)

    by llywelynelysium (746626) on Wednesday July 14, 2004 @02:46PM (#9700078)
    What good are all your commands with no shell? ? ?
  • BIND (Score:3, Interesting)

    by TheRealMindChild (743925) on Wednesday July 14, 2004 @02:47PM (#9700085) Homepage Journal
    I would really love a nice BIND configuration utility. Something where a whole package like webmin isnt necessary, but it makes life a whole lot easier. Redhats bindconf/redhat-bind-config was nice once upon a time, but getting it to run on anything but redhat requires about 2 gigs worth of obscure dependancies... I want something I can throw on say, a slackware machine, and it just go.

    Even better would be something that also tied into dhcpd (these are the ISC daemons Im talking about, folks), that would serve to configuring them both, even on working together in a ddns/dhcp setup.
  • by kognate (322256) on Wednesday July 14, 2004 @02:47PM (#9700092)
    cfengine (http://www.cfengine.org) is
    the best automation tool for unix and unix-like
    environments. Hands down.

    It's a little hard to configure sometimes, but
    worth the effort.
  • Tim. (Score:5, Funny)

    by geekoid (135745) <dadinportland AT yahoo DOT com> on Wednesday July 14, 2004 @02:47PM (#9700103) Homepage Journal
    It's easy to use, I just pick up the phone, ask Tim to fix this Linux thing.
    Easy-peasy.
    Or I just do what Vigor [sourceforge.net] tells me to do.

  • by mrhandstand (233183) on Wednesday July 14, 2004 @02:47PM (#9700105) Journal
    Bastille after I have the server built. The interactive mode also provides a great security tutorial.

    RCS to provide rollback and change control.

    No professionally administered Linux box should be without it.
  • by tcopeland (32225) * <tom&thomasleecopeland,com> on Wednesday July 14, 2004 @02:49PM (#9700131) Homepage
    ...to help maintain various GForge [rubyforge.org] systems.

    Nothing fancy, just twiddling configuration files (httpd.conf, etc), pushing data into a PostgreSQL database, automating StatCVS runs, etc. I keep them in CVS, of course, here [rubyforge.org].
  • by gmuslera (3436) on Wednesday July 14, 2004 @02:50PM (#9700144) Homepage Journal

    ... the most important tool is the brain :) As an admin, whatever you do, if you don't think enough on it you deserve what could happen.

    As "admin suite", i.e. a single program to do a lot of administrative tasks, maybe YaST could be a good start. I'm not use webmin, tried it some years ago and don't liked the idea, but could be useful for a lot of people too.

    And about individual tools, well, bash, vi, perl, mc, awk, the gnu text/file/shell utilities (cat, grep, ls, cut, chmod, etc) are essential.

    Last but not least, a "tool" is also something that help you to use what you have available already. Man pages, the HOWTO collection, a lot of O'Reilly books, and Google are examples of that kind of tools.

  • sudo, screen (Score:4, Informative)

    by raddan (519638) on Wednesday July 14, 2004 @02:51PM (#9700156)
    sudo!

    Learn it in detail. If you work with other people on the same machine, it will make your life a lot easier.

    screen is pretty handy, too. Being able to detach sessions is also nice for when you've started sprouting icycles from your nostrils from the cold, cold server room.
  • My Top 10: (Score:5, Informative)

    by Punk Walrus (582794) on Wednesday July 14, 2004 @02:51PM (#9700166) Journal
    Your needs may vary...
    • vi - Yeah, yeah... vi and emacs wars. I started with vi on a Sun system in 1989, and so it's what I like.
    • ifconfig - Without it, you're kind of lost, at least on the network.
    • testparm - I use a lot of Samba at work, and this is a great tool for checking what I screwed up in my smb.conf in vi!
    • man -k - Okay, what I want to do starts with...?
    • grep - Great trying to find that paramenter you want to change in httpd. or squid.conf. Even better, "grep -v '#'" to weed out all those comments...
    • tail -f - Great for keeping track of logs realtime in a vtty or xterm window. Like tail -f /var/log/messages
    • crontab -e - For keeping stuff on schedule.

    That's all I can think of now. I'll think of others later.

  • Dang! (Score:5, Informative)

    by itwerx (165526) <itwerx@gmail.com> on Wednesday July 14, 2004 @02:52PM (#9700168) Homepage
    I can't believe with all these posts that the only one(s) that actually respond to the question are about Webmin!
    Don't get me wrong, Webmin is great, it's at the top of my list fer shure, but that's not the be-all and end-all of systems management!! What about actual convenient tools like MRTG, Novell's eDirectory, RedCarpet, etc. etc.?
    Heck, I'm reading this article hoping to pick up a few tips myself and all I'm seeing are scripting languages and text-editor flame wars, (all of which can/should be moderated Off-topic or Funny).
    So, anybody actually got anything useful to contribute besides Webmin?
    • Re:Dang! (Score:4, Informative)

      by lspd (566786) on Wednesday July 14, 2004 @03:09PM (#9700390) Homepage Journal
      Don't get me wrong, Webmin is great, it's at the top of my list fer shure, but that's not the be-all and end-all of systems management!! What about actual convenient tools like MRTG, Novell's eDirectory, RedCarpet, etc. etc.?

      Huh? I'm not that familiar with eDirectory or RedCarpet, but MRTG isn't an all in one configuration interface like webmin. I though the only webmin alternatives were commercial products like:

      Ensim [ensim.com]
      Plesk [sw-soft.com]
      Cpanel [cpanel.net]

      Are there free software uber-configuration products other than Webmin? I tend to stick to the command line over ssh myself.
  • by lspd (566786) on Wednesday July 14, 2004 @02:56PM (#9700225) Homepage Journal
    netstat -nlp

    Turn off all the services you don't need.
  • My 10 (Score:3, Informative)

    by thenextpresident (559469) on Wednesday July 14, 2004 @02:58PM (#9700252) Homepage Journal
    vim
    sudo
    apt-get
    wget
    rsync
    ssh
    ps
    php
    per l
    make
  • Perl, vi and cron (Score:3, Insightful)

    by kevin_conaway (585204) on Wednesday July 14, 2004 @02:58PM (#9700257) Homepage
    vi for editing perl.
    vi for adding perl scripts into crontab.

    theres not much else to do
  • SSH. (Score:5, Informative)

    by Olinator (412652) <olc+sdot@nosPAM.hex.cs.umass.edu> on Wednesday July 14, 2004 @03:00PM (#9700281) Homepage
    Don't know if this is quite what you were looking for, but it's the first thing that popped into my mind...
    There are four of us who do *nix admin for over 600 *nix machines, more than half of which are linux boxes (both workstations and servers.) SSH with X displayback on a 100Mbit switched network is such a godsend I can't even begin to imagine life without it. I probably generate more SSH sessions in a normal workday than I do HTTP sessions. (Yes, that does include /. reloads, why do you ask? :-)

    I also think it's well worth your while to understand SSH's more esoteric tunneling capabilities... Recently I had to support a research group who was doing a demo at JPL [nasa.gov] and they were behind a very restrictive firewall but needed to do control and image transfer from a robot framework here in Massachusetts, and the researchers who'd coded the software hadn't implemented any kind of authentication layer. We were able to do everything using SSH tunneling over one of the three ports allowed through JPL's firewall (and they could IMAP their mail from our servers as a side bonus) without exposing our servers or JPL to unencrypted protocols of any kind.

    Ole
    • Re:SSH. (Score:3, Funny)

      by codepunk (167897)
      Hey you cannot possibly admin 600 machines with 4 guys, Microsoft said so!

      I was thinking the same thing, I have active ssh connections to servers nearly around the clock.
    • Radmind (Score:3, Informative)

      by jonpublic (676412)
      we at the university of michigan use radmind to update and deploy software to our linux environment. it is a great tool that helps us centrally manage our environment and rapidly deploy security updates. update one machine, take a snapshot of the differences, and push it out to 50 machines or more. command line freaks will love it.

      learn more at radmind.org
    • Ahem (Score:3, Interesting)

      by sparkz (146432)
      Good for you, though it's probably not a great idea to name customers on a public forum like this. Advertising "JPL have exactly 3 open ports on their firewall" isn't the kind of thing they'd necessarily choose to air in public. Just my 2p,
      • Re:Ahem (Score:3, Informative)

        by Olinator (412652)

        1. They have more than one firewall, and I didn't name the subunit of JPL.
        2. those are outgoing ports, so that's useful information only if you're already on the inside...

        Ole
  • Command line (Score:5, Interesting)

    by kbahey (102895) on Wednesday July 14, 2004 @03:09PM (#9700391) Homepage

    Whatever runs from the bash command line is good enough for me.

    No bloated fancy GUI needed, can run remotely over a secure ssh connection, and has all the raw power you need.

    I am not a luddite. For some tasks, I will use the GUI tool (e.g. Mandrake Control Center, or Webmin) to do things, when it is faster to do so. But the bulk of what I do is command line.

  • My List (Score:5, Informative)

    by np_bernstein (453840) on Wednesday July 14, 2004 @03:13PM (#9700435) Homepage
    1. Nagios [nagios.org]: monitors your servers/services, amails, pages, sends a carrier pigeon when one goes down.

    2. Logwatch [logwatch.org]: Logwatch is something that should be used by every Unix/Linux SA everywhere. It gives you a daily snapshot of events in your logs

    3. Mon [slashdot.org]: Nice, simple, easy. If your webserver goes down, your secondary can bring up a virtual ip a couple of seconds later. No more annoying three am phone calls

    4. Snort [snort.ortg]/ACID [sourceforge.net]: lets me know if a virus breaks out, or if there are stupid script kiddies trying to brute force their way in.

    5. Nessus [nessus.org]: run it early, run it often. Figure out any holes you have in your security, and make sure you fix them.

    There's more, but you should really do some of your own homework.
  • by Siva (6132) on Wednesday July 14, 2004 @03:34PM (#9700708) Homepage Journal
    "Kill zcat," sed ed.
    "Awk!" sed perl.
    "Make sum nice tee, joe," sed man.

  • by ComputerSlicer23 (516509) on Wednesday July 14, 2004 @03:35PM (#9700720)
    I've always like the "redhat-config" series of tools on RedHat or RedHat derived products.

    • chkconfig and service are valuable for doing things.
    • yum, apt, autorpm are all nice tools.
    • logwatch is great.
    • PAM isn't an application, but using PAM and LDAP can make having users spread across machines is a snap.
    • tripwire is a great tool
    • kickstart does wonders if you have to install lots of machines. I use it to completely document every scriptable part of an install.
    • WebMin is great, but it worries me from a security perspective.
    • gq is a great LDAP editor that I use to edit LDAP entries for users.
    • Software like Bastielle Linux (a script that attempts to harden a machine)
    • iptables, iproute2 (including ip and tc) are wonderful for networking.
    • cron, sh, sed, awk, perl and python are used in conjunction quite a bit.
    • fuser and lsof are used frequently by to to figure out what is going on.
    • ethereal and tcpdump are tools of the gods.
    • ssh is a thing of beauty.
    • encrypted swap is fun.
    • Nagios, MRTG, and sar are very useful for profiling and monitoring of your machines.

    Who exactly is your target audience? People who've never seen UNIX, people who've worked on UNIX environment for years? What is it you are attempting to accomplish with them?

    Most of my list would be boring to people who know a lot about UNIX, however some of them are Linux specific.

  • My Top Ten (Score:5, Insightful)

    by genkael (102983) on Wednesday July 14, 2004 @03:56PM (#9700985)
    1) Yast (I know it's SuSE centric, but it's being open sourced!)
    2) OpenSSH... Oh yeah baby!
    3) GCC and make... DUH!
    4) FTP...I know I know SFTP if you prefer
    5) Perl...YUM and even better with perl expect
    6) Bash...we all need a CLI
    7) Jumpstart...If you manage a lot of solaris boxes, this is your friend
    8) Sendmail or postfix...pick your poison
    9) nmap...oh yeah, let the Windows guys drool
    10) Nagios...monitor that network in style!
  • by moorley (69393) on Wednesday July 14, 2004 @04:13PM (#9701187)
    UN*X/Linux doesn't work that way. You are looking for a one size fits all administrative interface and it doesn't exist.

    But I can sum up some the key points and bits of wisdom I have picked up over the years.

    1) Ascii text is your friend. 98% of all the configuration files for UN*X programs live in ascii files and they "usually" live in /etc. You can use this to write program to update different pieces as needed. Any problem you do, you can undo. You can then run a program or use "kill -HUP" to get a process to reread that configuration.

    2) Pick a programming language. Perl, AWK, Sed, ksh, all of them. You can use that programming language to role out changes as needed, or make a lot of changes really quickly. RSH/SSH allows you to do that across multiple systems. Use it carefully!

    3) Design your environment. If you know what you are going to be using the servers, workstations and/or Linux embedded appliances for you can better decide how to automate it.

    4)"Crunchy Cookie, Liquid Center".
    In the end you will be automating certain administrative tasks over and over, but not all of them. That's why one size fits all won't work. It becomes a bloated security hole, so you only automate what you need and you automate it in an original and secure fashion.

    As for some rock solid TLA recommendations.

    SSH - SSH is your friend and as a replacement for RSH and its ilk you can use it to securely automate tasks. read up on ssh-agent for automating ssh access across multiple machines.

    mon - How do you know it's working if you don't test it? You need to turn on monitoring, the more specific the test and monitor the better. mon is a good PERL framework for performing any test, and it has a lot of prepackaged/contributed test scripts that come in handy.

    LDAP - Lots of UN*X environments are moving to LDAP to store enterprise wide information. It depends on how big of a UN*X environment you are setting up but having a centralized directory ala LDAP can be quite handy.

    PAM/NIS - Plug In Authentication Modules. You can use these to have a centralized authentication server, cuts down on password updates. NIS+ is a tried and true system for stitching UNIX Systems together but I've only seen it installed in 1 UN*X environment and I've worked in several.

    If you are looking for a prebuilt system or paradigm like Microsoft Server then you need to look to Redhat, Debian, else you are going to work from the need/application outwards.

    Whatever you do more than once you will automate. When you no longer can budget the amount of UN*X Admins you will need you will start to build "tools" to delegate routine tasks, these will eventually become web pages, the web page will become an application. The application will become an acronym. The acronym will become a skill. The skill will become a job requirement HR will use to backfill a position. That's the way it goes.

    Enjoy!
  • WRONG QUESTION (Score:5, Insightful)

    by nusratt (751548) on Wednesday July 14, 2004 @04:26PM (#9701320) Journal
    Ask for the Top Ten tools, and most of your time spent reading the responses will be wasted, because of the overlap of the answers. If people list what they *genuinely* think are the Top Ten, there will be very few answers which are unusual or surprising (and still useful).

    I think it would more useful to ask for the Top Ten MOST OVERLOOKED tools, or the most under-used, the most mis-used, or the ones whose full power is forgotten, unrecognized, or unused.
  • by teamhasnoi (554944) <teamhasnoi AT yahoo DOT com> on Wednesday July 14, 2004 @05:14PM (#9701762) Homepage Journal
    WTF? I can't have Pico as my #1?

    When I don't have time to figure out goddamn control chars, and just want to edit a config file without having to resort to IRC, man pages, and poor documentation -

    I USE FUCKING PICO.

    All the commands are right there. On the screen.

    Maybe this elitist attitude is why Linux isn't ready for the desktop. Now mod me Troll, bitches.

  • by taradfong (311185) * on Wednesday July 14, 2004 @05:22PM (#9701834) Homepage Journal
    To me, *nix mastery involves learning a bunch of little tricks. There is no 'grand unified front end' that will do it all. Over time, you'll memorize the ones you use all the time. But some you'll figure out but forget if you don't write them down somewhere (e.g., how to do a 'find' with regular expressions and execute a command on each result). I keep mine in a wiki, a bit haphazzard, but always ready on the web and easy to edit, which means you'll use it.

    Oh yeah, learn regular expressions. The O'Reilly book is great. The time investment *will* pay off.
  • Keychain (Score:5, Informative)

    by YetAnotherDave (159442) on Wednesday July 14, 2004 @06:08PM (#9702204)
    I regularly access dozens of *nix systems (mostly linux & solaris). I love the fact that I can enter my privatekey password once on booting my laptop, and then have a tool handle all the ssh-agents in subsequent sessions. Entering one (very long and tangled :) password once is so much nicer than having to enter passwords every time I connect to a new system...

    http://www.gentoo.org/proj/en/keychain.xml

    Also, (obligatory) perl is great and larry wall is my hero...
  • *drake (Score:4, Informative)

    by MicroBerto (91055) on Wednesday July 14, 2004 @07:01PM (#9702580)
    OK, nobody is posting good config tools except for webmin. Even I am guilty as I first posted rkhunter.

    If you look at Mandrake, there's tons of great config tools there:

    diskdrake for disk partitioning

    harddrake for hardware configuration

    userdrake for user configging (or userconf)

    XFdrake for X config

    mousedrake for mouse config

    printerdrake absolutely rules for CUPS, better than localhost:631 if you ask me

    drakconf for ALL mandrake tools together

    rpmdrake is good for package managing...

    Oh and of course linuxconf is still nice! netconf is the network partition of that I think. The list goes on i bet

  • by macdaddy (38372) on Wednesday July 14, 2004 @07:57PM (#9702895) Homepage Journal
    Seriously, that's the number one configuration tool you could possibly own. It always baffles me how many "Technology Coordinators" or other official IT guys know jack (or less!) about systems administration. These are the type of people you'd never consider giving root to on a server you administer. These are the type of people that don't understand why a server that's a month old would need to have patches and other updates done on any of the hundreds of packages that run on it. (I ran into this comment again just the other day by an "admin") Hands down the best tool available on the market today for Linux system configuration is a half-assed decent administrator. That's one area where you can't afford to be a cheapskate.
  • Right. (Score:4, Funny)

    by soccerisgod (585710) on Thursday July 15, 2004 @01:30AM (#9704769)

    My 10 favorite linux configuration tools? Let's see:

    • Left little finger
    • Left ring finger
    • Left middle finger
    • Left index finger
    • Left thumb
    • Right little finger
    • Right ring finger
    • Right middle finger
    • Right index finger
    • Right thumb
    Yapp, that sums it up nicely.

If it's worth hacking on well, it's worth hacking on for money.

Working...