Information about starting and operating an ISP or corporate Intranet using Linux servers.

System Administration

This section covers software that can be added to servers for system administration, customer services, etc. Everything besides the foundational Linux software that virtually every server has and other software that is already covered in the Server Guides section.

For fundamental server software — e.g., web server, mail server, DNS server, etc. — see the Server Guides.

Configuration Management

In a busy company a system administrator can get overloaded quickly, so we all learn to make scripts to make our lives easier. Sometimes you don't even have time to make a script, so it's nice when people share.

Look at the Server Administration Scripts page for some handy scripts that you may find useful.

Cfengine

I began using Cfengine version 3 in February 2010. Information here only covers version 3, which is substantially different from version 2.

Cfengine 3

Server Back-up

If you do not use Cfengine, then how do you back-up your server configurations? I have generally used rsync with custom-written scripts to automate the process. Other tools such as Box Backup also seem interesting and useful. I hope some others might contribute their ideas and experience here.

Software Management

Managing software on servers encompasses these topics:

  • Installation
  • Upgrades
  • Removal
  • Configuration
  • Starting and stopping

Verifying proper operation is covered in the Monitoring topic.

One tool that can do all of the above for large numbers of servers is Cfengine. I have evaluated Cfengine, Puppet, BCFG2, and LCFG: my choice was Cfengine, so I will cover some of the things I have learnt.

efind: Gentoo package search enhancement

efind is a Gentoo wrapper script to enhance the searching for packages.

It allows one-line formatting, which makes it easier to view large lists on a wide terminal (>100 columns), has options to only show packages which are installed, upgradable, or discontinued, and also provides a handy emerge command containing all the listed packages for convenient copying, editing, and pasting.

To install the BASH script is very simple:

  1. Download the efind script, then
  2. Move it to /usr/local/bin/ — e.g.,
    sudo mv ~/Downloads/efind /usr/local/bin/
  3. Make it executable.
    sudo chmod +x /usr/local/bin/efind
  4. Check out the help for available options.
    efind -h
    efind --help

Both long and short options are supported as of March 2017.

Example

# efind @net-vpn -ic

Searching packages                        Only show installed packages

Package Name                              Latest Version        Installed            Size   Description
net-vpn/openconnect                       7.08                  (latest)            1,667kB Free client for Cisco AnyConnect SSL VPN software
net-vpn/openfortivpn                      discontinued          1.2.0                 (?)kB A Fortinet compatible VPN client
net-vpn/vpnc                              0.5.3_p550            0.5.3                 100kB Free client for Cisco VPN routing software

   28 packages evaluated.
    3 packages shown.
    1 discontinued packages installed.
  NB: Discontinued could mean the package has no stable release.  Try putting it in /etc/portage/package.keywords


emerge -va net-vpn/openconnect net-vpn/openfortivpn net-vpn/vpnc

Download efind

Change Management

Everyone needs version control: for code, documents, original artwork, configuration files, what-have-you. CVS is the old standard, Subversion is more robust, and some prefer Git (whose fame is at least partly due to being written by Linus Torvalds). I use Subversion, so that's what I will cover here.

Subversion

DNS Management

Stapler is a Perl application developed to simplify server DNS zone file maintenance. To learn more, click here.

Firewall Management

TODOBIG Turnstile is based on ipchains and therefore will only work with a 2.4 or older kernels, or series 2.6 kernels up to 2.6.10, so the applications for it are limited, but in case it is useful I make it available.

  1. Download sample config files.
  2. Installation and usage instructions.

Network Monitoring Systems (NMS)

Software to help monitor the status and performance of your servers and network.

  • SevOne is a commercial appliance that operates in clusters to provide redundancy and good performance when monitoring large networks. It can scale-up to monitor hundreds of thousands of devices. Appliances consist of a cluster master, pairs of primary/secondary monitoring appliances, NetFlow collectors, and log capture/reporting appliances.
  • Nagios has free and paid versions. Icinga is a fork of Nagios that has made some great improvements; I recommend using it over Nagios.
  • Zabbix is an excellent open-source free package with a mature code-base that has been developed since 2001. The company offers reasonably-priced training and support options. I think it is the best choice from among commercial and open-source options alike (so much so that I took their ceritifcation course).
  • Big Sister sounds like a knock-off from Big Brother, but from its appearance it seems to just be playing on the name.
  • Xymon aka Hobbitmon grew from Big Brother to become its own package, although it still retains the look of Big Brother.
  • OpManager is a commercial monitoring package.
  • Monitorix is a free, open-source monitoring package with slick-looking graph screens.
  • Spacewalk is Red Hat's open-source release of their RHN Satellite commercial product. It appears as if Red Hat gave up on its closed-source development efforts and released the code to the open-source community to see if it could be finished for free so they could make money on it. That could be a reasonable trade-off, but for me the math doesn't work. The product doesn't seem very good, their marketing is confusing, the products future is uncertain, their contract terms for using the commercial version with RHN are unreasonable (does anyone besides me read those terms before clicking “I agree”?), and they restrict the free version from working with RHEL and RHN. All this seems to encourage me to use CentOS rather than RHEL – and while I am at it why not use Zabbix for monitoring, and if I'm not using Spacewalk I might as well skip CentOS and use Gentoo…
  • Pandora FMS is a free monitoring package that also has a commercial offering. This one looks promising, especially for Spanish locales since the company is based in Spain.
  • Hyperic HQ is a Java monitoring app from a company founded in 2004 that apparently had its first stable release in 2007 (based on news releases). The company was acquired by SpringSource in May 2009, which in turn was acQuired by VMware in August 2009 (which itself was acquired by EMC in January 2004). The commercial licence cost is rather high, on par with MS SCOM, around the $700 per server mark. There was a free offering as well the last time I checked, but I'm not a fan of Java apps and didn't like some of the things I read in their documentation, so I haven't pursued this one any further.
  • SCOM is the commercial product from a well-known vendor released in 2007. The product makes some impressive claims and I have heard people say they have done amazing things with it, but I found the Linux support of both their software and their tech support people to be weak, which makes it hard to justify paying nearly $700 per server plus the cost of add-ons just to end up with Linux monitoring that is marginally useful and not nearly as good as Zabbix.

A comparison matrix will be posted some time in the future (the days and weeks just fly by… if you are waiting for this, please drop me a note to encourage me to finish this).

Zabbix

Content Filtering

Content filtering was a relatively new concept when I started developing my solution in 2000, but now it is common in most medium and large enterprises, and even in small businesses and homes.

Webilant is the name given to an http (web) content filter that uses squid to provide caching and filtering at the same time. It is a simple solution that can be operated as a black-list or white-list. I have developed a simple web interface that permits parents or managers to add to the lists, although removal of items required using the command-line. It worked well when I used it in my ISP, and I have been using it continuously since 2000 on our family's Internet gateway. To learn more, click here.

Office Administration

Billing

You could leave a comment if you were logged in.
Print/export