As a Linux apps system administrator, you need all the tools you can to maintain and monitor your system. Most Linux training distributions helpfully come with a ton of monitoring Linux training, tools and commands that provide metrics to be used to get information on system activities. You can use them to find possible causes of performance problems.
But if you are already familiar with these inbuilt commands and Linux training or want something more than what the distribution comes with, here are some great tools that every administrator will find useful and even compulsory for doing their job. What’s more, these tools are fully free.
The all free tools we well discuss in this article.
Puppet Open Source
While Puppet Open Source is available as a paid commercial version called Puppet Enterprise, we are talking about the open-source, free version called Puppet Open Source. The paid version comes with more support and features, but the free one can be pretty effective too. It is used for IT reporting, orchestration and automation.
With this Linux apps, you can define how you want your system, simulate the changes and then automatically deploy the state that you want. You can then find out the differences before and after Puppet was run. The Puppetmaster has the desired state defined, and the Puppet agents are installed on the servers that you are looking to control. The agents will receive the desired state from the master and implement it accordingly.
Here is a look at what Puppet can do for administrators:
With Linux apps, files are everything. If you modify files the right way, you can control anything. But there can be hundreds of files to edit across different servers. With Puppet, you do not have to edit files in each server the way you want. You can, instead, specify the changes in the Puppetmaster, and the agents will make the changes across the servers where they are installed. For instance, let’s say you have a custom /etc/sudoers and /etc/ssh/sshd_config file that locks down the SSH and gives admins root access. You can roll these out and other future changes via Puppet. If the controlled files are overwritten or changed in event of an attack or something else, the agents can put back the changes.
Cron jobs and packages
Puppet can be used to set up cron jobs across all servers using the Puppetmaster, without manually doing it for each server. You can also ensure that packages are removed or installed from servers with the tool. For example, you can set up the Puppet master to check whether Apache is there along with the necessary configuration files. You can also set it up to remove Apache and ensure that Apache is not installed in a server.
Keep services running and execute commands
You can use Puppet to make sure that services are stopped or running, like the previously mentioned Apache. If you want to keep a service running, Puppet will try to start the service if it detects that it is not running. You can also set up Puppet to run a command on all servers, like an auto install command for an agent to install it automatically on all servers. Keep in mind that all the above can only happen when an agent completes a run. The Puppetmaster determines when an agent completes a run. By default, the Puppet runs every 30 minutes.
MCollective is a framework for parallel job execution or server orchestration systems. Although it is installed with the Puppet agent, as indicated by its name, it is separate from it. Based on command line criteria, it can scan networks for virtual machines and allows you to send messages. For instance, you can find out which processes are down or restart them on a virtual machine or the entire machine from a single central location. Since this tool is written in Ruby, you can copy some of this and adapt it to your needs. The data comes from plugins like Factor, Chef, and Puppet, and it reads metadata created when using these tools. Here is a quick look at some commands and what they do:
- mc-service-with-class/dev_server/httpd restart: This restarts the development web servers
- mc-RPC: This can be used to send messages to machines and find out which are the ones with errors, as they do not echo back the message
- mc-service-with-class/dev_server/httpd status: This finds the machines that are running the web servers
- mc-facts: This command finds out which machines are in which country
- mc-find-hosts: This command identifies all the virtual machines
This is another open source tool Webmin, you can use it to manage your server configurations and administer servers with a browser-based web interface, instead of directly working with files via SSH. You can use it to for setting up user accounts, Apache configuration files, disk quotas, enable file sharing and more. The system is configured with the help of administrative modules in the form of .gz files and can be added for updates or functionality improvements. Here are some modules available, and you can find more online:
- Network configuration
- LDAP Server, to manage OpenLDAP
- LDAP Client, to search and edit LDAP records
- File System Backup
- File Manager
- DHCP Server
- CD Burner
- Backup Configuration Files
- BSDS Firewall
- Bind DNS Server
Apache, to configure almost all directives of Apache instead of doing it individually
Darik’s Boot and Nuke
Darik’s Boot and Nuke free tool can be used to remove data from disks on a server. It is a boot disk to erase all disks detected, which makes it a great tool for server decommissioning. It also makes it a bit dangerous to use too. One misstep can erase important data! The tool works with Linux apps and Windows and can be helpful if you want to delete data securely so that it cannot be recovered.
This is a network sniffer or network prototype analyzer. It is similar to tcpdump and other tools, but it has a graphical interface for ease of use and can filter traffic more easily by source, type, ports and destination addresses. The tool can run on all major operating systems. On Windows, it uses WinPcap while on Linux apps it uses libpcap to capture packets. You can use for troubleshooting application and network issues or monitor traffic that is on the network. Keep in mind that Wireshark, or any sniffer, can only sniff packets that go to and from a machine. To change this, you need to set up your router to the promiscuous mode or connect your machine to a switch, router or hub in the network. On a busy network, the output can come and go rather fast. You can, however, log the traffic to a pcap file for later review.
Ubuntu Rescue Remix
This is an Ubuntu Linux live CD customized for forensics and data recovery. You can boot it via CD or USB drive and inspect disks at a block level. Since it is life, it can work on any operating system, like Linux or Windows. Once booted, you will get a Linux shell and several tools for data recovery. The tools include, among others, ddrutility, which can show file fragments and names in unrecoverable disk blocks. Other great data recovery tools include ClamAV, Gnu-fdisk, The Sleuth Kit and PhotoRec. It is important to note that the project is not maintained or supported by the developer. But it still works well and does the job.
These Linux apps allow you to remotely access a graphical user interface for controlling a Linux training system. Linux servers are typically administered via command line with SSH, but some users prefer to manage it with a GUI, particularly through a desktop machine. VNC works similar to the remote desktop notification of Microsoft. You need to simply install and run the VNC server on the machine that you want to connect, and you can do so once it is configured. It is important to note that the tool is not secure. Traffic is transferred in plain text or in a way that is easily cracked. Connecting with a username and password is not secured by default in most cases. If you want to increase security, as you should, most VNC clients will enable tunneling the VNC over SSH, which is used for establishing an encrypted connection.
There are several VNC clients you can find for Mac, Linux apps and Windows system, to connect remotely from anywhere and at any time. You can even find Android clients to connect from a smartphone, with Ripple being a popular one. VNC works independent of platform, so you can find several different versions.
ConfigServer and Security Firewall
The previous tool had a huge gap in security, so let’s take some time to acknowledge a tool that does provide security. ConfigServer and Security Firewall (CSF) is a script suite that provides intrusion detection, login, firewall and other capabilities. The firewall is a front-end for iptables with several additional features. It first uses the iptables firewall, enabling you to implement rules without having to understand the syntax and details of iptables. You can then secure your server by locking outbound and inbound traffic. For example, you can set up the server to only enable SSH connections on a certain port from a certain IP address, and to deny all other requests to that port.
CSF can also block attacks actively. Let’s take an example where you allow only one IP address to connect to a certain port and someone compromises the server and then try to establish an SSH connection to your server. If they try to do this and fail to log in a set number of times within a set time period, their source IP address will be temporarily blocked in the firewall. If there are enough temporary blocks, they could be blocked permanently. This does not just work for SSH, it also works for mod_security failures, Exim SMTP authentication and failed logins to htpasswd-secured web pages.
CSF can be used on a Linux apps standalone server, but it also has a graphical user interface component if it is used on a cPanel or WHM server. It can be managed and configured via WHM instead of a command line, which is really helpful given the popularity of WHM hosting.
Another open source tool that was written in Ruby, Capistrano is used for remote server deployment and automation. It supports task scripting and execution, and you can use it to deploy web applications across various machines in a set sequence or at the same time. You can also use it too run automatic audits like applying patches and checking logs, and to perform data migration and other tasks. You can also add other source control management software to this tool for expanding its capabilities. Another thing to note is that Capistrano is a Ruby gem. This means that you get complex functionality that can be used rather simply.
The fabric is a command line tool and a Python library to streamline the use of SSH for administrative tasks or for application development. It provides operations to execute remote or local shell commands, and you can make a module containing multiple functions, and then execute them all through this command line tool. Once you define a task, you can run it across multiple servers. For instance, let’s look at the following command:
fab -H localhost,remoteserver host_type
you will then get the output of ‘uname –s’ from the specified servers, which in this case are remoteserver and localhost. You only need to define a module one time. Once you do it, you can easily invoke it by typing the name on the command line. Just imagine what you can do with this functionality!
Are you running MySQL on your server? MySQL Tuner can be a great way to improve performance and stability. It is a Perl script that can quickly example the MqSQL and provide suggestions to get better performance and improve stability. The suggestions are generally good, but it is better if you only add changes that you can fully understand and control. You can easily look up the MySQL documentation for the variables to understand how each suggestion works. You can also make the changes on a test server rather than directly applying it to a production server. Some changes would require you to restart MySQL, which means server downtime.
This has been a guide to Linux apps helpfully come with a ton of monitoring tools and commands that provide metrics to be used to get information on system activities. These are the following external link related to Linux apps.