Administration

Sysadmin Tools: Managing Linux from a Windows Desktop

While it is getting more common for companies to allow their IT staff to choose their own OS not every company allows this. In fact most companies require their IT staff to use Windows, as Windows has historically been the dominate OS for the business world. While I personally believe it is easier to administer Linux/Unix servers using a Linux desktop this doesn’t mean that I get to be the exception to the rule; sometimes I have had to use a Windows desktop.

Linux Troubleshooting with strace

Today I want to cover one of the best troubleshooting tools in any sysadmins arsenal; strace. Strace is a command that will trace the system calls and signals from a specified command. What does that mean in layman’s terms? Strace will output all of the inner workings of a process you run it against. If a process opens a file or binds a port, strace will print that action; it is a great utility for troubleshooting when a process is not behaving as expected and you can’t find any reason in the commands output or log files.

Sudoedit: Securely allow users to edit files

Allowing unprivileged users to edit files that are normally beyond their rights is a task that is easy to perform however it requires a great deal of forethought to implement without opening security holes. You can give users the ability to edit privileged files by using User/Group Permissions, ACL’s, or even sudo; but no matter which way you choose there are some things you must consider. For an example lets take a look at 2 files /etc/services and /etc/cron.

Why you should avoid running applications as root

I’m going to start this post by saying what I’m really thinking. 90% of the time if an application is running as the root user on a Unix/Linux machine; it is because the sysadmin who setup or designed the environment was being lazy. Now before getting offended, being a lazy sysadmin is a good thing. The fact is that most systems administrators are lazy in some way, and that is the reason why most systems administration tasks end up being scripted.

When it's Ok and Not Ok to use rc.local

On System V based OS’s the /etc/rc.local file is executed by the init process at the end of the systems boot process. The fact that the rc.local file is executed during the boot process makes it an easy target for misuse by lazy Sysadmins. Since I started my Unix experience on FreeBSD which relies primarily on the /etc/rc.* configuration files, I’ve seen and shamefully contributed to my fair share of misuse in the rc.

Creating a new filesystem with fdisk, lvm, and mkfs

Our Task: Create a new 10GB filesystem to store a package repository for yum Challenges: The existing hard drive has been fully allocated using LVM. Solution: Add a new hard drive to the server (virtual server in this case) Partition the drive and add it to the main logical volume Create a new filesystem This article assumes that by now you have physically added the hard drive to the server.

Creating a read-only backup user for mysqldump

Mysqldump is a great utility for backing up or exporting a database to a flat file. This flat file can then be used to import the database or databases into another mysql database or even another database server like postgre depending on the options you use. To perform a very simple backup of the mysql database you can simply just setup a cronjob that runs mysqldump at whatever interval you want.

How to check if a cron job ran

Cron is a time based scheduled task daemon that runs on most common Unix/Linux distributions. Because cronjobs are time based sometimes it is necessary to validate that the job ran at the scheduled time. Sometimes people will configure a cron to send the output of the script to a user via system mail or redirect the output to a file; however not all crons are setup the same and many times they may be configured to send output to /dev/null hindering any ability to validate the job ran.

mysql: Backup your user privileges

While I am sure there are multiple ways to do this and some probably easier here is a way to backup your mysql user privileges to a CSV file. First you will need to get to the mysql cli.

mysql -uroot -p Enter password: Welcome to the MySQL monitor. Commands end with ; or g. Your MySQL connection id is 35083 Server version: 5.0.51a-24+lenny3 (Debian) Type ‘help;’ or ‘h’ for help.

mount: Disabling execution of scripts

One of the common ways of securing your system is by making the /tmp filesystem unable to run executables. This prevents users from executing scripts in /tmp which is generally writable by everyone. You can restrict this with the mount option noexec. Here is an example: [[email protected] playground]# mount | grep play /dev/mapper/vgfirst-lv_test1 on /var/tmp/playground type ext3 (rw) [[email protected] playground]# ./helloworld.sh Hello World [[email protected] playground]# mount -o remount,noexec /dev/mapper/vgfirst-lv_test1 /var/tmp/playground [[email protected] playground]# mount | grep play /dev/mapper/vgfirst-lv_test1 on /var/tmp/playground type ext3 (rw,noexec) [[email protected] playground]# .