In the article Sys Admin Tools I will show and describe some basic software tools to keep your system in shape as well as some problem solving tools. This article is mostly Linux based.

I will cover the following subjects : Backup basics, including the creation of a live media from your HDD, some monitoring and diagnostic commands, some important points about the HDD integrity. I will also describe some Network and Security aspects and tools for Sys Admins.

Backup

MBR and partition table

Backup/restore

Backup : # dd if=/dev/sda of=/media/floppy0/mbr_backup bs=512 count=1
Restore : # dd if=/media/floppy0/mbr_backup of=/dev/sda bs=512 count=1

Explanations
The backup command copies the MBR in to the empty file “mbr_backup” on a floppy.
To restore, use a Live CD to copy the MBR from the “mbr_backup” file on the floppy to the harddisk.

Change things you have or want :
– The harddisk (sda) : hda, sdb, …
– The destination (floppy0) : directory, USB stick, …
– The filename (mbr_backup) : backmbr, mbr.back, …

Data

Use CD/DVD burning tools like brasero or K3b or simply copy your data to an USB stick.

Create a live media from your HDD installation

If you create a live media from your HDD installation, you will get a live media with all your customization you have done on your OS and you will have all your data on the same media as well. You will first create an ISO file of your current Linux installation, then you have to use the generated ISO file to make a live media.

There are several applications to create an ISO from the current installation :
Linux Respin
Linux Live Kit
Live Magic

Monitoring / Diagnostic

General
If you have to know something about your system, it’s a good way to start with reading the log files.
The system monitor or task manager gives you a broad overview of the running system. If you are familiar with the command line you can also use the top utility.

Motherboard
dmidecode | more  —-  HW and Bios information

CPU
lshw -class processor  —- CPU detailed informations

Memory
free -m  —-  show system memory availability and usage

Printer status
lpc  —-  status

Audio
aplay /usr/share/sounds/login.wav  —-  plays the startup sound
cat /proc/asound/cards  —-  list of all sound cards
lspci | grep -i audio –or– lspci | grep Audio  —-  lists all PCI audio devices

Video
lspci | grep VGA  —-  graphic card information
lshw -C video  —-  graphic card + driver information if UNCLAIMED means : no driver if *- display means : driver installed
lshw -c display | grep driver  —-  driver only if no message means : no driver
glxgears  —-  graphic card 3 D check

Operating system
uname  —-  prints OS information. use the options for detailed information
for example : uname -rs / uname -rm / uname -a

Kernel
uname -a  —-  Kernel version
lsmod  —-  shows active kernel modules in memory
runlevel  —-  lists the current and previous runlevel
tail -f /var/log/messages  —-  real time kernel messages

Processes
ps -ef  —-  lists all processes
ps -ejH  —-  list all processes and sub processes
ps aux  —-  lists all users processes

Hard Disk

GParted

In order to partition your HDD you will use “gparted” or parted on the command line.

Some shell commands

df  —-  show the amount of disk free space on each mounted filesystem
mount  —-  all mounted devices
mount | grep ^/dev  —-  actual mounted mass storage devices
fdisk -l  —-  actual partitions
blkid  —-  shows the UUIDs
hdparm -I /dev/sda  —-  HW information – details

Integrity of the HDD HW

The physical integrity test checks for bad sectors / bad blocks.

– smartmontools

smartmontools is a disk health monitor. If your drive supports the SMART technology you can use “smartmontools”

— Using smartmontools

smartctl -s on /dev/sda  —- enable SMART

smartctl -i /dev/sda  —- drive information (information section)
smartctl -a -d ata /dev/sda  —- drive information (info + data section)

smartctl -H /dev/sda  —- check health status
smartctl -c /dev/sda  —- check which tests are supported

smartctl -t offline /dev/sda  —- test offline

smartctl -t short /dev/sda  —- test short
smartctl -t long /dev/sda  —- test long
smartctl -t conveyance /dev/sda  —- test conveyance

smartctl -X /dev/sda  —- test cancel

smartctl -l selftest /dev/sda  —- check (self) test log
smartctl -l error /dev/sda  —- check error log

– badblocks

Use tune2fs command to view the block size of your partition before you run the badblocks command.
By default badblocks uses 1024 as block size. You can specify a block size using -b option (# badblocks -v -b 2048 /dev/sda1)

detect : # badblocks -v /dev/sda1 > bad-sectors.txt
“repair” : # e2fsck -l badsectors.txt /dev/sda1

Integrity of the file system

– fsck

You need to run fsck (file system consistency check) command to check the unmounted file system consistency and repair a Linux / UNIX file system. fsck is running automatically at boot time when the system detects that a file system is in an inconsistent state.

Read-only method :
– e2fsk -f -n /dev/sda3
– e2fsck -c -y /dev/sda3

Non-destructive read/write method: e2fsck -c -c -y /dev/sda3

Parameters

f : force checking, even if the FS is clean
n : read-only, not to use with -p and -y
c : read-only scan
y : answers yes to all questions, not to use with -p
c -c : non-destructive read-write test
p : automatic repair, not to use with -y

– File system cleaning

The FS cleaning is not as important as it sounds, nevertheless I show you some possibilities to free some place on your HDD.

Delete older kernels
check :
– actual kernel with —  uname -r
– all kernels on the system — dpkg -l | grep linux-headers-*
delete : apt-get remove linux-headers-2.6.24-22 linux-headers-2.6.24-22-generic
what : only the 2.6.24-22 kernel

Residual files after removing a program
delete : apt-get autoremove

Apt cache directory content (download cache)
check : /var/cache/apt/archives/
delete : apt-get clean
what : all “deb” files (installation programs)

Trash files
check :
~/.local/share/Trash/files/
~/.local/share/Trash/info/
delete : rm -rf /home/*/.local/share/Trash/files/* ; rm -rf /home/*/.local/share/Trash/info/*
what : for each user : all files and folders (sub dirs)

Thumbnail files
check :
~/.thumbnails/normal/
~/.thumbnails/large/
delete : rm /home/*/.thumbnails/normal/* ; rm /home/*/.thumbnails/large/*
what : for each user : all files (thumbnails) — more elegant : only thumbnails of non-existing images

Adobe Flash temporary files
check :
~/.adobe/Flash_Player/
~/.macromedia/Flash_Player/
delete : rm -rf /home/*/.adobe/ ; rm -rf /home/*/.macromedia/
what : for each user : all files including sub-directories

Backup files
check : find / -name \*~ 2>/dev/null
delete : find / -name \*~ | xargs /bin/rm -f
what : for each user : all files

/log directory content
remove only the old log file archives, the so called gunzip files (*.gz)
check : /var/log/
delete : find /var/log/ -name \*.gz | xargs /bin/rm -f

Network

This section describes some network monitoring/analysis and security tools.

Monitoring / Analyzing :

lPTraf
IPTraf is a console-based, real-time network monitoring utility for Linux. (IP LAN) – Collects a wide variety of information as an IP traffic monitor that passes through the network, including TCP flags information, ICMP details, TCP / UDP traffic faults, TCP connection packet and Byne account. It also collects statistics information from the general and detailed interface of TCP, UDP, checksum errors IP not IP ICMP IP, interface activity, etc.

Nagios
Nagios monitors the network for problems caused by overloaded data links or network connections, as well as monitoring routers, switches and more. Easily able to monitor availability, uptime and response time of every node on the network, Nagios can deliver the results in a variety of visual representations and reports. Nagios does also server- and application-monitoring as well.

Cacti
Cacti is a complete frontend to RRDTool, it stores all of the necessary information to create graphs and populate them with data in a MySQL database. Along with being able to maintain Graphs, Data Sources, and Round Robin Archives in a database, cacti handles the data gathering. There is also SNMP support for those used to creating traffic graphs with MRTG.
RRDtool (round-robin database tool) aims to handle time series data such as network bandwidth, temperatures or CPU load. The data is stored in a circular buffer based database, thus the system storage footprint remains constant over time.

whireshark
Whireshark is a network capture and analyzer tool to see what’s happening in your network. Wireshark will be handy to investigate network related incident.

arping
This tool Pings an IP address with ARP packets to discover the active device at that IP address.
It can tell you if a device is actually at an IPv4 address on your LAN. Shows the response time (latency) of a device to an ARP Packet. Shows the MAC address of the network interface on the device.
Shows the MAC addresses of all devices sharing the same IPv4 address on your LAN.

Network security :

nmap
(Network Mapper) is one of the most popular networks and security auditing tools. NMAP is supported on most of the operating systems including Windows, Linux, Solaris, MAC OS, HP-UX, etc. Nmap is used to discover hosts and services on a computer network, thus creating a “map” of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses.

Network Intrusion Detection Systems (NIDS)
A Network Intrusion Detection System is an IDS that monitors all network traffic, looking for suspicious activity. There are basically two kinds of Intrusion Detection Systems. Network-based Intrusion Detection System (NIDS) and Host-based Intrusion Detection System (HIDS). A network-based IDS analyzes the network activity. A host-based IDS detects attacks targeted to a specific host only.

Snort
Snort is an Open Source, lightweight Network Intrusion Detection System licensed under the GNU Public License (GPL) and written primarily by Martin Roesch in 1998.

Wireless (+ multi functions) :

Kismet
Kismet detects the presence of wireless networks (any 802.11 a/b/g wireless networks), including those with hidden SSIDs. This type of detection is called passive sniffing. Kismet works with a lot of wireless cards supporting “monitor” mode. This mode captures packets without being able to associate at the same time with an access point.
Kismet can discover and report the IP range used for a particular wireless network, as well as its signal and noise levels. It can also capture all network management data packets for an available wireless network. You can use Kismet to locate available wireless networks, troubleshoot wireless networks, optimize signal strength for access points and clients, and detect network intrusions.

Security

You always have to deal with security issues as a Sys Admin, so you have to know some basic tools. Security goes much further than just knowing some tools. It goes from hardware to passwords, authentication, the OS, the application(s), the network, the user behavior, etc.

Firewall : Iptables
Iptables is a command-line firewall utility that uses policy chains to allow or block traffic. When a connection tries to establish itself on your system, Iptables looks for a rule in its list to match it to. If it doesn’t find one, it resorts to the default action. Iptables almost always comes pre-installed on any Linux distribution. It is actually a front end to the kernel-level netfilter hooks that can manipulate the Linux network stack

Anti virus : ClamTK
ClamTk is a GUI front-end for ClamAV using gtk2-perl. It is designed to be an easy-to-use, on-demand scanner for Linux systems. ClamTk has been ported to Fedora, Debian, RedHat, openSUSE, ALT Linux, Ubuntu, CentOS, Gentoo, Archlinux, Mandriva, PCLinuxOS, FreeBSD, and others. ClamTk is not intended to be run all the time like the way you may expect. Rather, it is an on-demand scanner, and its current purpose is for general scanning of files and directories. This is because Linux in general is less likely to need such an application, although its functionality may allow for it someday.

Anti root kit : Rkhunter
Rkhunter (Rootkit Hunter) is an open source Unix/Linux based scanner tool for Linux systems released under GPL that scans backdoors, rootkits and local exploits on your systems. It scans hidden files, wrong permissions set on binaries, suspicious strings in kernel etc.

Nessus
Nessus was founded by Renuad Deraison in 1998 to provide the Internet community with a free remote security scanner. It is one of the full-fledged vulnerability scanners that allow you to detect potential vulnerabilities in systems. Nessus can detect most known vulnerabilities such as misconfiguration, default passwords, unpatched services, etc. Nessus is the world’s most popular vulnerability scanning tool and is supported by most research teams around the world.

IDS
An intrusion detection system (IDS) is a device or software application that monitors networks or systems for malicious activity or policy violations. The overall purpose of an IDS is to inform IT personnel that a network intrusion may be taking place. Alerting information will generally include information about the source address of the intrusion, the target/victim address, and type of attack that is suspected. Intrusion detection systems can be broken into two broad categories: host-based IDSs and network-based IDSs.