Scratchpad for : xxv
Awesome tools for sysadmin tasks:
- logcheck
- Pretty noisy by default, but I've been working on a quieter version of logcheck which some of the more common-to-disabled things disabled
- duplicity
- easy, incremental, encrypted backups
- mailman
- for communicating to your users by way of their external email addresses
- denyhosts
- block ssh scanners
- libpam-cracklib
- prevent your users from setting stupid passwords. As Linux's weaknesses come from getting user-level access to a machine, it's generally a good idea to prevent attackers from getting in to start.
- dmidecode
- Dumps tons of useful information about a machine's hardware including things like used slots, model numbers, and system capabilities.
Some tips for verifying the integrity of a Debian filesystem tree:
- debsums -c -r /mnt/mountpath # check file md5sums against known-good package md5sums
- find `echo $PATH|sed -e 's/:/ /g'` -type f -perm +ogu=x |xargs dpkg -S |sed -re 's/dpkg: (.*) not found\./\1/ p; d' # find all un-owned executable files that are in the path
- find /mnt -type f -perm +ogu=x |sed -e 's/\/mnt//' |xargs dpkg --root=/mnt -S 2>&1 |sed -re 's/dpkg: (.*) not found\./\1/ p; d' # find all unowned binaries in the whole system, where /mnt is your FS's mountpoint
