Top Ten Linux Configuration Tools?

jman251 asks: "I am presenting at a conference in September on a couple of Linux-centric topics. One of these is a collection of tips, tricks, and tools for configuring, securing, and maintaining a Linux-based server. I have a short list of tools I use, but would like some community input on the subject. What tools do you use that make your admin responsibilities easier or more automated on the Linux platform?"

They all start with "nano -wiR /etc/"

[Ayanami Rei]

Xconfigurator

[superpulpsicle]

Xconfigurator used to be the key thing if you had any graphical needs. But the KDE GUI makes all that graphical tweaking as transparent as windows desktop nowadays.

Webmin all the way

[tntguy]

Webmin [webmin.com]. Grab Usermin [webmin.com] while you're there.

Doom...

[lordbry]

As admin tool.

http://www.cs.unm.edu/~dlchao/flake/doom/

In a word

[Camel Pilot]

"What tools do you use that make your admin responsibilities easier or more automated on the Linux platform"

Perl is your friend

Re:Add tool name here - once.

[AkaXakA]

PHPMyAdmin

Re:Not The FP

[Anonymous Coward]

stikeout man and replace it with google.

No Seriously.

CSSH

[olympus_coder]

Run all the servers (or lab gentoo boxes) at once. Great for mass updates,testing, etc.

Source Forge Page [sourceforge.net]

BIND

[TheRealMindChild]

I would really love a nice BIND configuration utility. Something where a whole package like webmin isnt necessary, but it makes life a whole lot easier. Redhats bindconf/redhat-bind-config was nice once upon a time, but getting it to run on anything but redhat requires about 2 gigs worth of obscure dependancies... I want something I can throw on say, a slackware machine, and it just go.

Even better would be something that also tied into dhcpd (these are the ISC daemons Im talking about, folks), that would serve to configuring them both, even on working together in a ddns/dhcp setup.

Re:Shouldn't you be asking

[kidgenius]

OOwriter :-)

RCS and Bastille-Linux

[mrhandstand]

Bastille after I have the server built. The interactive mode also provides a great security tutorial.

RCS to provide rollback and change control.

No professionally administered Linux box should be without it.

Hey, I could have started with, "One word: EMACS"

[Ayanami Rei]

:D
But that's would be too easy. Seriously, I had to tell the truth (nano is awesome, so is vim, but then so is nano).
And I don't think anyone can fill a top ten list with configuration tools... people use rarely more than one, if any. I know I don't.

I've been using Ruby for little utilities...

[tcopeland]

...to help maintain various GForge [rubyforge.org] systems.

Nothing fancy, just twiddling configuration files (httpd.conf, etc), pushing data into a PostgreSQL database, automating StatCVS runs, etc. I keep them in CVS, of course, here [rubyforge.org].

The ultimate server admin tool

[lspd]

netstat -nlp

Turn off all the services you don't need.

Re:Dave Lettermans Top 10

[Anonymous Coward]

but he said configuration tools.
rm, su and bash don't seem to relate.
ls could, but thats a stretch

Dave Letterman's IT crew's Top 10

9) your distro's install disks
8) that other distro(that is better)install disks
7) fdisk
6) ???
5) Profit!
4) google.com or tldp.org (rtfw!)
3) lspci (plug and pray baby!)
2) man (it helps to know what your doing with it)
1) your text editor (vi|emacs|jed|nano|whatever)
0) man (rtfm!)

Re:Dave Lettermans Top 10

[Badanov]

1) BASH and that means any program that can be included in a BASH shell, ls, cd, rm, mv, chmod, chown, chattr, etc
2) emacs or if FreeBSD, edit
3) PERL
4) IPTables, or if FreeBSD, ipfw
5) ssh
6) telnet
7) gzip/gunzip
8) any of the c compilers, plus gmake or make
9) If setting up a Unix/Linux server inside a private network, nfs
10) If a database is needed then postgreSQL, plus the DBI stuffies, plus DBD, etc. May as well include an Apache web server with mod_perl

Command line

[kbahey]

Whatever runs from the bash command line is good enough for me.

No bloated fancy GUI needed, can run remotely over a secure ssh connection, and has all the raw power you need.

I am not a luddite. For some tasks, I will use the GUI tool (e.g. Mandrake Control Center, or Webmin) to do things, when it is faster to do so. But the bulk of what I do is command line.

Re:Dave Lettermans Top 10

[ewtrowbr]

I recently discoverd that I can use nohup to start a lengthy process from a remote ssh session, hang up, and check on it later. for example...

nohup emerge sync &
( or nohup make && make install & )
tail -f nohup.out
exit

This is the coolest thing in the world, because I can logout, the process keeps running, and I can check on the progress later from another location.

This is probably no suprise to the graybeards out there, but is sparkly to a n00b like me.

Re:Tripwire

[challahc]

AIDE is good too. I think tripwire is only open source if you get the academic source release. AIDE is open source.

Re:More or Less ?

[Anonymous Coward]

(I am asking a serious question but now I've read it I think the chances of getting a serious answer are pretty low)

Why would you substitute more for less ?

I've had computers/OS' with more (amiga, riscos, win, I think bbc micros & spectrums also had more) but not seen less until Linux came along.

Whats the diff, is less GNU ?

God, I give up, this question is impossible to phrase without sounding trollish or flamebait, maybe thats why I've never heard the answer to it hehe.

Re:Webmin all the way

[wo1verin3]

At the risk of being redundant, when I stumbled across Webmin I was amazed at how simple it made some tasks such as playing with mysql DBs without knowing the syntax. I was new to linux at the time and although knowing the syntax for commands is important, this was a good tool to help me learn.

Re:Webmin is nice

[ThisIsFred]

It doesn't require you to run a separate webserver, it comes with its own. There are potential security problems, because in order to modify system configuration files, Webmin must be superuser-equivalent. However, Webmin modules have ACLs, and you can choose to not allow your lesser sysops access to things that might be dangerous.

Webmin has lots of thoughtful touches, like the ability to block certain UIDs and GIDs so that a lesser sysop cannot change the root account (for example). Another bonus is that Webmin users don't have to be regular shell accounts. It's not perfect, but it's still the Swiss Army Knife of configuration utilities.

Re:CVS (or insert your favorite alternative here)

[hackstraw]

Until someone steals your ssh key. Then they will be godlike too.

Sure, ssh keys are convenient, but they don't always replace passwords.

Passwords suck. Oh, and I have a 10 character passphrase on my privatekey that sits on my password protected computer.

I would guestimate that the liklihood that a password has been found or guessed or shown up in a plain text file (my ISP used to have a world readable radius logfile that had passwords in it) or sniffed is much greater than someone logging into my laptop (I have no remote services running) or physically beating me up and getting my key and passphrase from me.

I love the classic:

sj (misstyped su)

followed by the root password in plaintext. Gotta love that!

Make a list as you go

[taradfong]

To me, *nix mastery involves learning a bunch of little tricks. There is no 'grand unified front end' that will do it all. Over time, you'll memorize the ones you use all the time. But some you'll figure out but forget if you don't write them down somewhere (e.g., how to do a 'find' with regular expressions and execute a command on each result). I keep mine in a wiki, a bit haphazzard, but always ready on the web and easy to edit, which means you'll use it.

Oh yeah, learn regular expressions. The O'Reilly book is great. The time investment *will* pay off.

RPM

[Nailer]

RPM records the MD5sum, change time, permissions, and a bunch of other stuff on every file it installs.

This is saved into the RPM database in /var/lib/rpm.

You can use RPM as an IDS by backing up the database to a read-only media and then use, for example:

rpm -V coreutils procps net-tools --dbpath /mnt/cdrom

To see if someone's installed a root kit (if someone has, they'll have to at least modify top, ps, and netstat, which are included in these packages).

Unlike tripwire, you're not forever having to update policy files.

Ahem

[sparkz]

Good for you, though it's probably not a great idea to name customers on a public forum like this. Advertising "JPL have exactly 3 open ports on their firewall" isn't the kind of thing they'd necessarily choose to air in public. Just my 2p,

I second cfengine

[kaybee]

Admitedly when I started writing my book (Automating UNIX and Linux Administration) I had barely used cfengine and it was going to be just a small part of my book, but it turned out that I liked it so much that it became one of the major focuses in the book.

I think that even with as few as 5 systems it is worth the effort... especially if the systems are largely similar.

AMEN!

[Anonymous Coward]

I use pico all the time. VI and it's associated cousins are hellish to use without a manual. Nobody other than a real geek will use VI, yet it is the default editor in many non-graphical systems.

Linux will never go mainstream if arcane tools from the 70's are preferred.

Re:Dave Lettermans Top 10

[MrDelSarto]

If you read the man page

-X or --no-init
Disables sending the termcap initialization and deinitialization strings to the terminal. This is sometimes desirable if the deinitialization string does something unnecessary, like clearing the screen.

you can even set it with LESS=X ; export LESS

That _is_ a consideration.

[Ayanami Rei]

And I would move to joe if I ever encountered a configuration file that contained anything but US-ASCII, which I have not.

And even if I did (let's say I was looking at a file with messages in multiple languages), nano won't munge the Unicode, it would just ignore it. I definitely wouldn't be using a terminal-based editor when entering text with extended character sets in a document.

Re:Dave Lettermans Top 10

[StressedEd]

Of course I could read other posts before hitting "Reply", as mentioned in another thread:
bash completion [freshmeat.net]
is a good start.

Re:More or Less ?

[vern0n]

you can also type 'tack' then q this is the way i fix it

lanscan/ioscan??

[Anonymous Coward]

I don't use any utilities in particular for configuration. We "roll our own" scripts for server management. I use lshw, demidecode, dmesg, netstat, ifconfig, sfdisk, diff, etc. in scripts to gather system information and use vi and cron to automate updates, changes, and do routine security monitoring. No GUIs. Always interested in new utilities for gathering information from Linux systems. We use Red Hat AS. In scripts I use awk, sed, rpm, grep, scp, sftp, cut, cat, diff, df, crontab, ps, etc. Standard scripting commands and shell scripts. I hear that HP has ported lanscan and ioscan to Linux, but can not find anything about this on HP's doc site. Anyone using these? Thanks.