Tuesday, March 19, 2013

Linux Systems Administrator Tools to Die For

by Dietrich Schmitz

You are the 'go-to' Linux Systems Administrator for your organization.

The fact is, you have a lot to do and there are only so many hours in a day.  So, you are always looking for new ways to leverage the use of your time.

Here is a list of popular tools which should be in every Admin's toolbox that provide time-saving functions and features that will help in all manner of troubleshooting and problem-solving situations.


Nmap is one of those tools that simply cannot be overlooked and will save hours of guess work when troubleshooting a network.  Used to discover hosts and services on a network from the command line an accompanying graphical package can be installed, called ZenMap.

Command Line Utilities

These command line tools are some of the most commonly-used system utility programs for every-day system administration.  To get help, read the respective man page for each.

ssh, screen, vim, awk, sed, Perl, Netcat, Nslookup, ping, whois, traceroute, Netstat, dig, dd, tcpdump, rsync


Wireshark is an open source packet analyzer.  It is simply indispensable when it comes to troubleshooting network connections and provides visualization in a Gtk graphical display of every minutiae for the protocol being traced.

BitDefender System Rescue CD

System Rescue CD provides a Live bootable CD for performing Anti-Virus scanning of any volume.  It's advantage comes from being able to bootstrap (pen drive or CD) into Linux on a Windows PC and scan the Windows NTFS drive partition for virus detection off-line.  Doing a full scan off-line ensures the persistent signature of a virus will be detected.  Quite often, Viruses evade detection by on-line Windows AV software, so this is a good security tool to have for a network having both Windows and Linux PCs.

Virtual Network Computing (VNC)

VNC, was released as open source and licensed under GPL.  It has several derivative versions, including RealVNC, TightVNC, UltraVNC, all of which allow remote desktop access and control over a network.  This free tool is popular for performing IT support in an organization for obvious reasons.


FreeNX is a subset of the commercial NX thin client protocol for remote desktop computing.  FreeNX is open source and licensed under GPL and offers free NX-based thin client terminal access to a Linux Server.  NX has programming optimizations which reduce the amount of X Windows metadata semantics which must travel across a connection by only sending the 'delta' portion of a screen change.  This effectively results in near-local machine performance over long distances and even on low-bandwith 56K dial-up connections. NX by default is secured and running over a tunnel-encrypted secure shell (ssh) connection.


OpenVPN is an open source GPL licensed Virtual Private Network (VPN) solution.  Linux NetworkManager plugin architecture provides an OpenVPN module for easily setting up Client PCs with access to a corporate-firewalled VPN private subnet.  VPNs by default expose both TCP and UDP port ranges for all ip-ranges defined in the OpenVPN configuration.  This effectively means a remote PC can see and use all corporate resources while tunneled over a VPN secure encrypted connection the same way as a locally connected PC.

Chrome Remote Desktop

Popular Google Chrome web browser has become an indispensable tool for so many reasons.  One need only visit Google's Chrome Web Store to see the array of applications and plug-in extensions available for download.

Among these extensions is found Chrome Remote Desktop.  Chrome Remote has become a popular easy way to provide remote PC assistance.  It is free and the only requirement is that both end-point PCs be running Chrome with the Chrome Remote extension loaded.  Chrome Remote doesn't require special firewall pass-through rules and uses it's own Google server tunnel encrypted protocol (middle-man) to bridge across any firewall for unimpeded access.

Kernel-based Virtual Machine (KVM)

Kernel-based Virtual Machine (KVM) is built into the Linux Kernel and free.  KVM is a type 1 hypervisor providing 'bare metal' performance and is competitive with other Virtual Machine host software vendors such as Citrix ZenHost, VMware, ProxMox, and most recent Linux Containers (LXC).

Virtual Machines offer many benefits not the least of which is quick deployment of servers as resource loads on a VM host without the need to procure additional server hardware.  All hardware is emulated in the virtual machine.  Many IT shops are trending with collapsing down racks upon racks of rack servers into a consolidated high-performance host virtual machine 'farm'.  The multi-core VM host handles the processor overhead of the former bare-metal hardware based processors transparently, reduces power consumption, increases 'high availability' (little or no down-time).  These features increasingly make transitioning to virtual machines a 'hot' technology, and a very competitive one.  Knowing a modicum about KVM will give the Linux System Administrator a sharp technical edge and automatic advantage in today's cost-cutting tight-budget IT environments.


SELinux, a Linux Security Module (LSM) is at the very core of Linux's security design, originally developed with assistance from the National Security Agency.  SELinux essentially defines Mandatory Access Control for each application running in its sandbox.  Applications must adhere to a profile of expected or allowed normal behaviors and any deviation from those policies is automatically undefined and will be rejected by the SELinux kernel module.  The Mandatory Access Control is quite effective and you will find SELinux present in Red Hat Linux, Fedora Linux, and an LSM called AppArmor running by default in Ubuntu Linux.  Learning either SELinux or AppArmor is an imperative for today's Linux System Administrator to gain a competitive advantage in the IT job market.


Samba is an open source free software application which re-implements the  SMB/CIFS networking protocol for sharing files across a network.  SAMBA4, recently released, now includes support for acting as a wholesale replacement for a Windows Active Directory Primary Domain Controller (PDC).

If you watch technology trends as closely as I do, you will realize the implications of Samba4 are quite big.  Already there are Samba PDC stack vendors competing to sell Windows AD PDC implementations replacing Windows Hardware and unencumbering buyers of Windows Licensing restrictions and cost.  Learn as much as you can about Samba.  You'll definitely score high the more you know and IT retention usually takes into consideration those who have the most important skills.  Catch my drift? ;)

Nagios System Monitor

Nagios may not be the newest System Monitor on the block, but, still, its reputation precedes it.  That means its deployment will greatly lower some of the inherent risks that every IT department faces.  Nagios when properly configured will monitor your entire network of services and based on its rule set notify you if/when a service goes down.  That can keep your down-time vulnerability to just minutes when you are sitting at home and get an SMS text message that one of your servers is off-line.  Quickly responding from anywhere with remote corrective action might mean that no one will even know there was an issue or you will have a chance to act before reaching work on a Monday as opposed to having a down system during production hours--an IT manager's worst nightmare.  It's just good business practice in today's world to set up and configure a system monitor for your IT shop.  It will pay over and over for itself.  I promise.


You know, in the proprietary software world, you can spend a lot of IT dollars without blinking an eye.  Every time you turn around Symantec has another License renewal that must be paid for.

Ghosting machines doesn't have to cost money.  In fact, Clonezilla does everything Symantec Ghost does for free.  So if you pre-image your PCs using Ghost, switch to Clonezilla and get those software license IT dollars back into the budget by doing the job for free.  This is another cutting edge skill you will want to get under your belt.

So, that's it.  I think that covers the range of skills areas over which a Linux System Administrator will want to have maximal efficient control.  Stay smart.  Use the 'best of breed' tools you can find and run a tight IT shop with open source Linux tools 'to die for'.

-- Dietrich

Enhanced by Zemanta