All system administrators, regardless of whether you are administering Windows or Linux, need a specific set of programs, tools and utilities that will help to cope with an unexpected situation, analyze the system or make it easier to solve everyday problems. There are many such solutions,
including open source.

In this article, we will take a look at the best 2016 sysadmin software that you can use in your work. Our list will include not only regular utilities and programs for a specific operating system, but also entire images. Now let's move on to our list.

A good text editor is one of the main tools of the system administrator, since in many situations you have to make changes to the configuration files and it is important to do it very quickly. Vim recently turned 25 years old and is still under active development.

It compares favorably with all other editors in that it allows you to perform text editing
and moving around it very quickly without lifting your fingers from the main keyboard. To do this, the editor has two modes - the command mode, with which you can navigate through the text using the letter keys, as well as execute various commands. The second mode is editing, in which the program turns into a regular editor.

In November, the eighth version of Vim was released, in which the program received many improvements. For example, GTK3 support
and asynchronous I / O for plugins. This editor can work not only on Linux, but also on Windows and MacOS.

2. Htop

Monitoring the load on the operating system is also a very important task that system administrators often face. For example, if you need to find out very urgently which program is overloading the processor or taking up all the available RAM. The htop utility shows in real time a list of all running processes with the ability to sort by the desired parameter, processor use, memory.

In addition, using the utility, you can see the number of threads of the processor core on which the program is running and much more. This is one of the most important utilities on the list of system administrator programs. The program only works on Linux systems.

3. Git

Version control is very important not only in programming. For various scripts, configuration and plain text files, it can also be very useful to restore the previous version.

The Git system was originally developed by Linus Torvaldst to guide the development of the Linux kernel.
But today it is a full-fledged platform, which is used by a very large number of projects.
open source. But it can also be useful in keeping old versions of your config files.

The latest version at the moment is 2.10, which has many useful features. For example, using the git diff command, you can find out exactly which lines and in which files were changed, the deleted lines will be crossed out. The program can be used on Windows and Linux.

Computers don't always work as they should and tend to break down. It is a great practice for system administrators to have a CD or USB drive with a set of tools that will help restore the system or at least data from problem computers.

SystemRescueCD is an actively developing suite of system administrator utilities for all occasions. It is a bootable Linux distribution based on Gentoo that contains various tools for checking hardware, partitioning a disk, recovering data, checking your computer for viruses, setting up your network, and more.

Versions 2.8 and 2.9 were released in 2016. In these versions, the image received updates to various components, including the addition of support for tools for working with btrfs.

5. Clonezilla

Sometimes it's better not to rebuild the system from scratch, but to have a backup of the entire machine so that you can bring the system back to life in a few minutes. Clonezilla is the de facto standard for making backups
and deploying system images to disk. You can create backups as for separate partitions,
and for the entire disk as a whole.

The program can be used from the current system or as a bootable image with a pseudographic interface - Clonezilla Live. Once you have a finished copy, you can very easily recover from a failed configuration or upgrade.

The latest release adds support for detecting Windows BitLocker encrypted volumes, improves EFI support, and updates all software to the latest Debian versions.

6. Docker

Containers are isolated environments that allow you to run multiple systems on a single Linux kernel. All systems are isolated from one another, as well as from the main system. The Docker container configuration tool has been a huge contributor to container development in 2016.

Docker is an open platform that allows you to deploy containers in just a few commands
with the required Linux distributions and run the required software on them. With Docker
you can package a standalone application with all its dependencies and then run on any distribution that supports Docker.

You can create your own programs and share them with other users. Docker allows companies to choose the system in which the software will run without restricting developers
in tools and programming languages.

In the latest versions of Docker, the ability to check the state of the container and automatic recovery in case of problems have been added, and now Docker containers can work not only in Linux,
but also on Windows.

7. Wireshark

Wireshark is a tool for analyzing traffic passing through a computer and saving network packets. Such a task can arise when analyzing the health of a network, network services, or web applications. The program supports a huge number of protocols, it can even decrypt HTTPS traffic if it has a key.
You can filter all traffic by the required parameters, sort packets, view their contents
and complete information, as well as much more.

The new version of the Wireshark 2.0 program was released in 2015, since then it has been actively developed in this branch. Its interface has been rewritten in Qt5 and also made more intuitive.

8. TightVNC

TightVNC allows you to access the GUI on a remote computer. With this program you can control your computer remotely without actually being in front of it. Usually administrators manage Linux servers via ssh, however, some users prefer to use a graphical interface for such tasks.

The program has the ability to encrypt VNC traffic, thus making it secure, just like ssh. TightVNC can run on both Linux and Windows. Then you will be able to access your device
from anywhere with internet access.

9. Zenmap

Zenmap is a graphical interface to the popular network scanner, nmap. With this tool
you can very quickly find all the nodes connected to the network, check the network topology, and also see the list of running services on each of the computers.

Also, with the help of the program, you can find potentially dangerous places in the server configuration; many administrators use it to check the availability of nodes or even measure the uptime.

10. Filezilla

Our list of sysadmin utilities is nearing completion. During server administration, you often have to transfer files. Typically this task is performed over FTP. Filezilla is one of the best and most popular FTP file transfer and upload clients. The program interface is split
on two panels, in one of them you see the local computer, and in the other the remote file system of the FTP server.

The program's interface is intuitive and can be used on Windows, Linux and MacOS.

conclusions

In this article, we reviewed the programs for the system administrator 2016, which can greatly help you in administering your computer ecosystem. What tools do you use? Write in the comments!

The built-in OS administration tools are not always convenient or often do not have sufficient functionality, therefore, the system administrator's arsenal is eventually replenished with useful utilities, add-ons and scripts that greatly simplify everyday tasks. It is doubly gratifying when the found solution not only helps to cope with a specific problem, but is also distributed free of charge.

Advanced IP Scanner

The sysadmin needs to know everything about the systems running on the network and quickly access them. Advanced IP Scanner, designed for fast multithreaded scanning of a local network, helps to cope with this task. AIPS is provided completely free of charge, without any reservations. The program is very simple and straightforward to use. After launching AIPS, it checks the IP addresses of the network interfaces of the host on which it is installed and automatically assigns the IP range to the scan parameters; if the IP does not need to be changed, then it remains to start the scan operation. As a result, we get a list of all active network devices. For each, all possible information will be collected: MAC address, network card manufacturer, network name, user registered in the system, available shared resources and services (shared folders, HTTP, HTTPS and FTP). Almost all scanning options can be configured, for example, change the speed or exclude scanning of a certain type of network resources (shared folders, HTTP, HTTPS and FTP). You can connect to any resource with one click, you just need to mark it in the list. AIPS is integrated with Radmin software and during scanning finds all machines running Radmin Server. The scan result can be exported to a file (XML, HTML or CSV) or saved in the "Favorites" (drag-and-drop supported). In the future, if you need to access the desired client computer, you do not need to scan the network again. If the remote device supports the Wake-on-LAN function, it can be turned on and off by selecting the appropriate menu item.

NetWrix, a company specializing in developing solutions for auditing changes in IT infrastructure, offers ten free and very useful utilities designed to significantly simplify administration of Windows. For example, NetWrix Inactive Users Tracker allows you to solve one of the pressing security problems - the presence of inactive accounts that no one uses for some time (dismissed employees, business trips, moving around the job, temporary accounting, etc.). HR managers rarely warn the IT department about changes, and such an account can easily be exploited by an attacker. The utility periodically checks all accounts in the domains and reports on those that have not been accessed for a certain time. In the Free version, as actions, it is possible to specify only a warning by e-mail (it is enough to set the SMTP parameters), the administrator performs all other operations manually, although the warning in our case is sufficient. In the paid version, the following are available: automatic setting of a random password, deactivating an account and moving to another OU, an OU filter to search for accounts. The get-NCInactiveUsers PowerShell cmdlet is offered separately, which allows you to get a list of inactive users (the "lastLogon" attribute is checked) and to simplify the writing of the corresponding scripts.

WinAudit Freeware

WinAudit is a free utility from Parmavex Services that allows you to perform a complete system audit. Does not require installation, can be run in command line mode. The program has a simple and localized interface, it can run on all versions of Windows, including 64-bit. Collecting data takes about a minute (the duration of the process may vary depending on the operating system and computer configuration), the resulting report consists of 30 categories (configurable). As a result, the administrator can get data about the system, installed software and updates, indicating the version and vendor, connected devices; a list of open network ports (number, service, program, etc.) and open folders; active sessions; security installations; access rights to the periphery; information about accounts and groups; list of tasks / services; startup programs; log records and system statistics (uptime, memory usage, disk usage). You can also search for specific files by name. For example, to find music and videos on a user's hard drives, just set the appropriate extensions (avi, mp3, and the like). The result can be opened as a web page, exported to a file of many popular formats (txt, XML, CSV, PDF) or to a database (using the wizard, all popular are supported: MS SQL, MS Access, MySQL, Oracle and others), send by e-mail and print.

Computer accounting with CheckCfg

The problem of accounting for office equipment and software used is acute in any organization. You can solve it in different ways, one of the options is offered by the developer Andrey TatukovCheckCfg. This solution periodically collects data about hardware, OS and programs, including CPU type, amount of RAM, disk space, S.M.A.R.T. etc. At the same time, CheckCfg easily copes with several hundred computers. The result is displayed in a convenient tree-like form, local directories are easy to access. Each PC can be assigned an inventory number, if necessary, it is easy to generate a report in RTF format.

CheckCfg is a complex of programs. CheckCfg is responsible for the direct collection of data about the computer, which is launched when the OS starts and writes the result to a file. Information management and archiving is performed using the Sklad accounting program, which processes the files created by CheckCfg and saves them to its database, after which you can generate reports. Using the Sklad_w program, you can conveniently view the current configurations of computers and basic data on office equipment (by IP addresses, CPU, Memory, software). To analyze changes in the PC configuration and notify the administrator about it, another utility is used - Doberman. Perhaps the setting will not seem entirely trivial, since you have to manually create the necessary configuration files, but the detailed description on the site and the available templates allow you to figure everything out without problems.

MailArchiva Open Source Edition

Some mail servers, such as MS Exchange, have mail archiving functions that allow you to find old messages if necessary, including to identify leakage of confidential information during incident investigation. In other cases, you have to provide these functions yourself. A variant of the solution is the development of MailArchiva, which is compatible with most modern mail servers (Lotus Domino, MS Exchange, MDaemon, Postfix, Zimbra, Sendmail, Scalix, Google Apps). Archiving via SMTP, IMAP / POP3, WebDAV and Milter protocols is supported (the program has a built-in SMTP and Milter server, IMAP / POP client). To avoid collecting all mail, you can create any archiving rules. Three levels of access to saved data are implemented - user (only own mail), administrator (settings and own mail) and auditor (all mail, can be limited by rules). The Open Source version of MailArchiva also offers intuitive search functionality, including attachments (Word, PowerPoint, Excel, OpenOffice, PDF, RTF, ZIP, tar, gz). MailArchiva works on Windows, Linux, FreeBSD and Mac OS X.

Performance Analysis of Logs

In case of problems with system performance, it is rather difficult to detect a bottleneck using the standard Windows Performance Monitor without experience. In order to figure out what metrics need to be taken and how to correctly interpret the result, you will need to carefully go through the documentation. The PAL utility (Performance Analysis of Logs, pal.codeplex.com) greatly simplifies the bottleneck search. Once launched, it scans the logs and analyzes them using built-in templates. Currently, there are settings for most of the popular MS products - IIS, MOSS, SQL Server, BizTalk, Exchange, Active Directory and others. After starting, the administrator activates the necessary counters in the PAL Wizard by simply selecting a template from the list of proposed ones, specifies the current server settings (number of CPUs and others), the analysis interval and the directory for saving the result. After a while, a detailed HTML and XML report will be issued containing the description, counter name and metrics (Min, Avg, Max and Hourly Trend). The report can then be easily copied to any document. But you will still have to figure out the collected parameters on your own. Although if PAL shows that the characteristic is in the green sector, you should not worry. The request itself is saved in the PAL.ps1 PowerShell script, which can be saved for later use. Templates are XML files; taking any of them as an example, you can create your own version. The built-in PAL Editor is offered for editing parameters in the template.

Win7 is officially supported, but works on all MS OSs, starting with WinXP (32/64). To install, you need PowerShell v2.0 +, MS .NET Framework 3.5SP1 and MS Chart Controls for Microsoft .NET Framework 3.5.

Create an Access Point with Virtual Router

The situation when a computer with a Wi-Fi card needs to be turned into an access point is by no means rare today. For example, you need to quickly deploy a WLAN or expand your Wi-Fi coverage. Initially, the operation of a wireless card was provided only in one of two modes: point-to-point, when clients connect to each other, or as an access point. In Win7 / 2k8 (except for Win7 Starter Edition), it became possible to virtualize network connections (Virtual Wi-Fi technology), which allows you to create several Wi-Fi modules with their own settings using one physical Wi-Fi adapter. Thus, the computer can be connected to Wi-Fi and at the same time act as an access point (SAPoint, Software Access Point). The connection to this virtual hotspot is secured using WPA2. You can turn a PC running Win7 / 2k8R2 into an access point using the Netsh console utility, through the Network and Sharing Center, or using the Virtual Router application, which has an intuitive GUI and very simple settings. After starting Virtual Router, you just need to specify the SSD and the password to connect, and then activate the access point. If necessary, you can also stop the hot spot by pressing one button. Additionally, the window displays the current connections to the point, for each you can set its own icon and change some parameters.

RDC connection management - RDCMan

For remote control of servers and PCs running Windows, the Remote Desktop Connection snap-in is designed. If you need to establish many RDP connections with different settings, then it becomes inconvenient to work with it. Instead of methodically saving individual settings for each remote computer, you can use the free Remote Desktop Connection Manager RDCMan to automate this process. After starting, specify the RDP connection settings that will be used by default and inherited by all connections. Here we set general credentials, gateway, screen settings, security parameters and much more. Next, we create the required number of system groups (for example, by purpose, location, OS version), for each of them, you can specify specific connection settings. And the last step is filling the groups with systems. To add a server, you only need to enter the domain name; if any parameter differs from the group settings, you can immediately redefine it. If necessary, systems can be easily moved between groups with a simple drag and drop. If there are many systems, it is easier to create a text file, specifying one name per line, and then feed the blank to the utility. Now, to connect, just select the required server and click on the "Connect" item in the context menu. You can simultaneously activate multiple connections and switch between them.

Free Active Directory Tools

Managing Active Directory parameters using standard tools is not always easy and convenient. In some situations, the Free Active Directory Tools from ManageEngine will help. The kit consists of fourteen utilities, run from one shell. For convenience, they are divided into six groups: AD USer Report, SharePoint Report, User Management, Domain and DC Info, Diagnostic Tools, and Session Management. For example, launching Empty Password User Report will allow you to get a list of accounts with empty passwords, GetDuplicates - to get accounts with the same attributes, CSVGenerator - to save Active Directory account data to a CSV file. Other features: report last logon time, retrieve data from AD based on a query, reports on SharePoint installations, manage local accounts, view and edit domain password policies, get a list of domain controllers and their roles, manage their replication, monitor them work (CPU load, RAM, hard drives, performance, etc.), terminal session management and much more.

Comodo Time Machine

The ability to restore the system using the System Restore component is incorporated in Windows, starting with XP, but its functionality, to put it mildly, is limited, so third-party applications are often used for backup. Free utility Comodo Time Machine (comodo.com) allows you to roll back the OS to any previous state. Moreover, it will work even if the OS has completely stopped loading. During the process, CTM creates restore points (manually or on a schedule), all modified system files, registry, and user files are recorded in them. This is a big advantage over System Restore, which only saves and restores system files and the registry. The first copy has the maximum size, the rest of the copies store only modified files. In order to save free disk space, you should periodically create a new checkpoint, deleting old archives. To be able to restore the OS, information about CTM is written into the boot sector; to call up the corresponding menu, just press the "Home" key. You can also restore the OS state on a scheduled basis, for example, configure the utility's behavior so that every reboot it automatically rolls back to a "clean" version of the system. This will be useful, for example, in Internet cafes, where users leave behind a lot of garbage in the system. In addition to full OS recovery, the utility provides an opportunity to get an earlier version of any file from the archive. Search has been implemented, so you can find the data you need without problems.

Amanda

The task of centralized data backup from workstations and servers running Windows and * nix can be solved with the help of AMANDA Advanced Maryland Automatic Network Disk Archiver). Initially, the program was created to work with tape drives, but over time, developers have proposed a mechanism called "virtual tapes" (vtapes), which allows you to save the collected data to hard drives and CD / DVD. AMANDA is a convenient add-on to the standard Unix programs dump / restore, GNU tar and some others, so its main characteristics should be considered precisely in terms of the capabilities of these basic utilities. Works on a client-server basis. All available authentication methods are used to access computers: Kerberos 4/5, OpenSSH, rsh, bsdtcp, bsdudp, or Samba password. To collect data from Windows systems, a special agent or, alternatively, Samba is used. Compression and encryption (GPG or amcrypt) of information can be performed both directly on the client and on the server. All settings of the backup parameters are made exclusively on the server, there are ready-made templates in the delivery, so it's quite easy to figure it out.

Core Configurator 2.0 for Server Core

The initial configuration of a server running Win2k8 / R2 in Server Core mode is performed in the console using commands. To simplify the task, the OS developers have added an interactive script SCONFIG.cmd to R2, which allows you to configure the basic parameters of the system. An alternative is available on Codeplex - the wonderful Core Configurator. For its operation, you will need the components NetFx2-ServerCore, NetFx2-ServerCore and PowerShell. After starting Start_CoreConfig.wsf, we get a menu, in it we find several items that provide access to basic settings that would have to be managed from the command line: product activation, setting screen resolution, clock and time zone, network interface, setting permissions for remote RDP connections , manage local accounts, configure Windows Firewall, enable / disable WinRM, change computer name, workgroup or domain, configure role, features, Hyper-V and launch DCPROMO. If you check the box "Load at Windows startup", then the program will be loaded along with the system.

Exchange 2010 RBAC Manager

Exchange 2010 introduces a new role-based access model that allows you to fine-tune the privilege level for users and administrators based on the tasks they perform. The only drawback is that the built-in management tools using PowerShell cmdlets may not seem convenient and understandable to everyone. More advanced features are the free Exchange 2010 RBAC Manager (RBAC Editor GUI, rbac.codeplex.com), which offers a clean graphical interface for configuring properties for all roles. Dealing with its features will not be difficult even for a beginner. The program is written in C # and uses PowerShell. To work, you need installed Exchange 2010 Management Tools.

PowerGUI

As soon as it appeared, the PowerShell command shell won the sympathy of Windows admins, who have long needed a tool to automate many tasks. With the first versions of PowerShell, Microsoft developers were unable to offer a more or less functional editor, so several third-party projects filled the niche. The best of them today is PowerGUI, which provides a user-friendly graphical interface for efficiently creating and debugging PowerShell scripts. At the same time, the authors offer ready-made sets of scripts for solving many problems - they can be used in their developments.

Multi-Tabbed PuTTY

The free PuTTY client is well known for admins who need to connect to remote hosts using SSH, Telnet, or rlogin. This is a very handy program that allows you to save session settings for quick connection to the selected system. The only inconvenience is that with a large number of connections, the desktop is loaded with many open windows. This problem is solved by the Multi-Tabbed PuTTY add-on, which implements the tab system.

INFO

PuTTY was originally developed for Windows, but was later ported to Unix.

Conclusion

Often there is no need to puzzle over a solution to a specific problem: most likely, other administrators have already encountered it and offered their own version - a specific utility or script that you don't even need to pay for.

A tool case is what separates an experienced professional from a beginner. And in matters related to Linux administration, such a suitcase is perhaps the most important thing.

System administrator programs

In this article, we will not talk about things like Nagios, Puppet, Webmin, or sophisticated Apache log analyzers - you should be aware of all this anyway. Instead, we'll talk about small utilities that can make your life as a sysadmin much easier.

Tmux

Let's start with the basics. As we all know, the main Linux administration tool is an SSH client, either from the OpenSSH suite or standalone like PuTTY or even an Android app. An SSH client allows you to open a remote command line session and safely work with a machine that is thousands of miles away. The only problem is that this is one session and it does not remember the state.

Tmux solves the problem. It is a terminal multiplexer that allows you to open multiple terminals within one SSH session with the ability to close the connection while saving the state.

It works like this. You connect to the remote machine using SSH, then install tmux on it and run it. The tmux console appears on the screen with a status bar at the bottom and one terminal currently running. You can work with it in the same way as usual, plus you have the ability to open new terminals with Ctrl + bc and switch between them with Ctrl + b 0..9 or Ctrl + bp (previous), Ctrl + bn (next ).

When finished, press Ctrl + b d to disconnect from tmux and disconnect from the server. The next time you connect, you run the command

and you can see all previously opened terminals, applications running in them, command history, and so on. Everything is exactly the same as during disconnection from tmux. Moreover, it does not matter at all from which machine you logged in the second time, the tmux session will be completely restored.

Tmuxinator

Allows not only to open terminal windows in full screen. It can divide the screen vertically (Ctrl + b%) and horizontally (Ctrl + b "). This can be used, among other things, to create something like a "monitoring screen": for example, you can run tmux on a remote machine with three open windows, one of which will have the htop monitor, and the other - the tail utility, which displays the latest messages from the desired log, and in one more - the df utility, which shows the fullness of file systems.

At first glance, such a monitor seems very convenient, but what if you need to close it and start tmux with normal full-screen windows, and then reopen the monitor? This can be done with several different tmux sessions. But this is also not ideal, because on another server you will have to configure the same window configuration again.

Solves the problem easier. It allows you to describe the desired window layout and applications launched in them in a configuration file. This config can then be used to quickly start a tmux session anywhere, anytime.

First, create a new config:

$ tmuxinator new NAME

Tmuxinator will open the default text editor defined in the EDITOR variable. At the end of the config there will be lines describing the layout of the windows. To get the layout from the example above, remove them and add the following lines:

windows:
- editor:
layout: tiled
panes:
- sudo tail -f /var/log/vsftpd.log
- watch df -h
- htop

This config describes a tmux layout with one window divided into three panes: last vsftpd log messages, FS full and htop. It remains only to start the session:

$ tmuxinator start NAME

System administrator tools. Tmuxinator

All configs are stored in the ~ / .tmuxinator directory, so they can be easily moved between machines.

Watch

You may have noticed that in the tmuxinator config I used the watch df -h command instead of df -h. This is important, because immediately after the partition table is displayed on the screen, df ends its work, and we need to monitor the state of the disk constantly. This is exactly what the watch utility allows to do. It restarts the df -h command every two seconds, so the information on the screen is always up to date.

Watch can be used to monitor almost anything: machine status (watch uptime), file contents (watch cat file) and directories (watch ls -l directory), you can run your own scripts under watch control. With the -n NUMBER option you can change the interval at which the command is restarted, and with the -d flag make watch highlight changes in the output.

Multitail

Another command from the tmuxinator config worth mentioning is sudo tail -f /var/log/vsftpd.log. This command prints the last ten lines of vsftpd's log and waits for new ones. Any admin should be familiar with tail, as well as its counterpart in systemd-based distributions:

$ journalctl -f -u vsftpd

This is the same basic knowledge as the ability to navigate through directories. But tail has a more interesting alternative called MultiTail. In fact, this is the same tail, but in a multi-window version. It allows you to display several logs at once, dividing the screen horizontally:

$ sudo multitail /var/log/vsftpd.log /var/log/nginx/access.log

With systemd and its journald, everything is more complicated:

$ multitail -l "journalctl -f -u vsftpd" -l "journalctl -f -u nginx"

Even harder:

$ multitail -l "journalctl -f -u vsftpd | tr -cd" [: space:] [: print:] "" -l "journalctl -f -u nginx | \u200b\u200btr -cd" [: space:] [: print :] ""

Such a perversion is needed to remove special characters from the logs that systemd uses to highlight lines.

System administrator tools. Multitail

MultiSSH

Let's go back to SSH. Sometimes the same command has to be executed on several machines. This can be done using the standard shell capabilities:

for host in 192.168.0.1 192.168.0.2; do
ssh $ host "uname -a"
done

Or use a special tool, for example mssh:

$ gem install mssh
$ mssh --hostlist 127.0.0.1,127.0.0.2 "uname -a

Lsof

Another very important tool for any system administrator is lsof (LiSt Open Files). This utility allows you to find out which process / application opened certain files. Run with no arguments, it lists all open files and processes. Flags can be used to make this list more specific. For example, to find out which processes are using the files in the specified directory:

$ sudo lsof + D / var / log /

This feature can come in very handy when trying to unmount the file system, but you get a Device or Resource Busy error. In this case, it is enough to kill the processes that opened the files in the specified file system, and you can unmount it without any problems. Using the -t flag, this can be done in one pass:

# kill -9 lsof -t + D / home
# umount / home

The output can also be filtered using the name of the desired application or user. For example, the following command will show all files opened by processes whose names begin with ssh:

And this will show all the files opened by the user vasya:

Lsof can also be used to list all network connections:

The listing can be limited to a specific port:

Or get a list of all open ports:

$ lsof -iTCP -sTCP: LISTEN

System administrator tools. Lsof

Tcpdump

Any admin has to deal with network service problems. And sometimes in this case you cannot do without, which will clearly show how the exchange of data proceeds and what may go wrong in this process. It is considered the standard among sniffers for Linux, but the choice does not end there. Almost any Linux distribution includes a tcpdump console sniffer by default, which can help you quickly figure out a situation.

Tcpdump launched without any arguments, without further ado, starts printing to the console a list of all packets sent and received on all interfaces of the machine. Using the -i option, you can select the desired interface:

$ sudo tcpdump -i wlp3s0

To limit the scope of tcpdump to only a specific machine and port, you can use this construction:

$ sudo tcpdump -i wlp3s0 host 192.168.31.1 and port 53

You can also force tcpdump to print not only information about packages, but also their contents:

$ sudo tcpdump -i wlp3s0 -X host 192.168.0.1 and port 80

It doesn't make any sense if encryption is used, but tcpdump can analyze the data transmitted using the HTTP and SMTP protocols.

Another interesting tcpdump skill is filtering packets based on the content of specific bits or bytes in the protocol headers. For this, the following format is used: proto, where proto is the protocol, expr is the offset in bytes from the beginning of the packet header, and size is an optional field indicating the length of the data in question (1 byte by default). For example, to filter only packets with the SYN flag set (initiating a TCP handshake), use this entry:

$ sudo tcpdump "tcp \u003d\u003d 2"

The tcpdump report format is a standard, almost all modern sniffers understand it. Therefore, tcpdump can be used to generate a dump on a remote machine, and then send it to the local one and analyze it using the same Wireshark:

$ ssh tcpdump -w - "port! 22" | wireshark -k -i -

System administrator tools. Tcpdump

Ngrep

Tcpdump is good for its versatility and variety of possibilities, but it is not so easy and convenient to use it to search for specific data within transmitted packets. This task is much better done by ngrep, which is designed to display network packets that match a given mask.

For example, to find the parameters passed by the GET and POST methods within an HTTP session, you can use the following command:

$ sudo ngrep -l -q -d eth0 "^ GET | ^ POST" tcp and port 80

This is how you can analyze SMTP traffic on all network interfaces:

$ sudo ngrep -i "rcpt to | mail from" tcp port smtp

VnStat

There are a lot of traffic accounting and statistics accumulation systems. Often they are built right into the remote server management system and allow you to analyze costs using visual graphs. But if you are using the console and all you need is to quickly get statistics on interfaces, then the best tool is vnStat.

VnStat is able to accumulate statistics in a continuous mode, storing data between reboots, and it's easy to use. First, install the package and run the vnstat service:

$ sudo systemctl start vnstat
$ sudo vnstat -u

From this moment it will start collecting statistics. To view it, just execute the following command (replace wlp3s0 with the name of the required network interface):

$ vnstat -i wlp3s0

Statistics can be specified, for example, display hourly statistics with a graph:

$ vnstat -h wlp3s0

Statistics by day or month:

$ vnstat -d wlp3s0
$ vnstat -m wlp3s0

Using the -t flag, you can get information about the ten days with the highest traffic consumption:

$ vnstat -t wlp3s0

To track the current activity on the network interface, vnStat can be run in live mode:

$ vnstat -l -i wlp3s0

In this case, it will show the data transfer rate at the current moment, and after completion of the work it will display statistics for the entire time of live monitoring.

System administrator utilities. VnStat

Iptraf-ng

Iptraf-ng is another handy tool for monitoring network interfaces. Like vnStat, it allows you to get detailed statistics on channel usage, but the most useful feature is real-time traffic monitoring.

System administrator utilities. Iptraf-ng

Iptraf clearly shows which hosts are currently exchanging data, the number of transmitted packets and their volume, as well as flags and ICMP messages. To access this information, select the IP traffic monitor menu item on the main screen.

NetHogs

VnStat and iptraf are handy when it comes to getting data for the entire interface as a whole. But what if you need to know which specific applications are currently communicating with remote hosts?

The NetHogs utility will help you with this. This is a kind of analogue of the top / htop utility for network monitoring. You install the utility, and then run it specifying the required network interface:

$ sudo nethogs wlp3s0

The screen displays a list of applications that most often communicate with remote machines.

Iotop

Since we are talking about the analogs of top, we must mention iotop. This utility allows you to see what processes are performing disk write / read operations. It is better to run it with the -only flag, otherwise, apart from those processes that are currently performing I / O, it will also show some of the other processes that can sleep:

$ sudo iotop --only

System administrator utilities. Iotop

Nmon

It's time to put everything together. Nmon combines the capabilities of many of the utilities reviewed and allows you to get real-time statistics on processor, memory, I / O, kernel performance and other data.

System administrator utilities. Nmon

Nmon is a pseudo-graphical console application. It works like this: you start nmon as root, and then add the information you need to the screen. For example, to add information about the processor load to the screen, press c, RAM fullness - m, I / O - d, network - n, processes - t, file systems - j. This way you can create your own monitor configuration that will display only what you need.

One line

In this article, I have tried to bypass the tools that you should already know. But if you still do not know about them, here is a short list of what may come in handy:

• top / htop - process monitor, shows those who load the processor the most;
• scp - utility for copying files from and to a remote machine via SSH;
• Nmap is a port scanner that allows you to conduct a quick surface penetration test (we already had a detailed article about it);
• netcat is a network Swiss knife that allows, among other things, to manually connect to servers working with plain text protocols: HTTP, SMTP;
• dd - utility for block copying of data, you can take a file system dump from it;
• mc is a two-pane console file manager.

Instead of a conclusion

Here it should once again be said that this is only the tip of the iceberg, that each admin has his own tools, it is imperative to add the flexibility of Linux, and so on and so forth. But this article is just a set of good tools to make your life easier.

10 May 2017

System Administrator Programs

Managing software and hardware in an enterprise is not an easy task, especially when it comes to a fleet of computers numbering dozens or even hundreds of units. In order to speed up the execution of everyday tasks, you will need a special set of system administrator programs. Below we will talk about what tasks one or another software solution can be used for.

Equipment inventory

System administrator programs for hardware accounting allow you to remotely collect information about the status and composition of equipment on a local network without having to analyze each individual PC “on site”. It doesn't matter if it's one computer or several hundred.

This procedure usually requires only the network / domain administrator credentials. Let's take a look at three of the best solutions for accounting for network equipment and computers within the enterprise that will be relevant in the coming years.

It is a centralized hardware inventory application that collects user and technical data about devices on a corporate network. The program can scan Windows, Linux, Mac systems, ESXi servers and other network devices. You can flexibly generate reports in a tabular format using any categories of data on selected computers. It should also be noted that there is a change log that allows you to track any changes both in the hardware and software on remote computers.

10-Strike Computer Inventory

This application allows you to perform hardware inventory and accounting. Among the features of this application is the presence of a web interface that allows access to inventory data from other computers or from mobile devices. It is also possible to build detailed reports on the information collected during scanning. Subsequently, the information obtained can be presented in the form of convenient pivot tables or data can be exported to an external database.

DEKSI Network Inventory

This useful utility is designed for remote monitoring of the state of the computer park. It allows you to view configurations and write all the necessary data using DataCollector.exe, which works synchronously with other applications without degrading their performance. As a result, you get well-structured information from which you can create reports that can be exported to HTML files, tables, and text files.

Lansweeper Network Inventory

Web-based software solution providing comprehensive network scanning and diagnostics. Lansweeper monitors the hardware environment on the network and provides information about it in convenient reports. There is an opportunity to perform scanning both manually and automatically according to a schedule or by an agent at logon. To do this, you need to set the appropriate settings, and then all processes will be performed automatically. The program also has the ability to synchronize with Active Directory.

Accounting software

Such programs for the sysadmin are essentially centralized repositories of information about the software installed on computers within a corporate network. These applications also often allow you to monitor the current status of the licenses used by the company and plan their renewal. Another interesting feature of such solutions is the creation of standard sets of software and configurations for certain positions, departments and employees.

This is an extended version of the product we discussed above. Contains a module for storing and maintaining license keys. The structured storage, which contains all the data about the software on each computer in the network, allows several times to reduce the number of operations that must be regularly performed with the computer park (updating and configuring software, accounting for licenses, uninstalling, etc.). that all these operations can be regulated by creating special schedules. For example, a weekly network scan with TNI 3 can be performed automatically without operator intervention.

10-Strike: Accounting Software Pro

With this solution, you get all the information you need about the software on your users' workstations without having to directly access each of them. The versions of the operating system and applications installed in it, the availability of updates and even suspicious programs on any node of the local network - all this can be found in remote access. In addition, this application automatically monitors all events that occur with user devices connected to the network, providing the operator with information about them via e-mail.

Lansweeper Network Inventory

This utility allows you to keep track of not only the hardware, but also the software of devices on your network. After scanning, you will have access to detailed reports, tracking the license status of a particular software, as well as the ability to track any changes in the list of programs that have occurred since the last scan. Another interesting feature of this utility is the ability to calculate in advance the costs of maintaining or renewing corporate software licenses.

Remote installation and removal of programs

If a company has a dispersed infrastructure, system administrators have to spend up to several days installing the necessary applications for each workstation. To solve this problem, tools such as Total Software Deployment 2 and 10-Strike: Remote Access were created. They reduce downtime caused by installing and uninstalling applications, allowing you to do it remotely.

With TSD 2, you can remotely deploy, update and uninstall software on a PC. These procedures can be carried out simultaneously on all computers in the network. As a result, all manipulations can take no more than a couple of minutes. In addition, the system administrator can get a list of applications installed on stations within the corporate network.

10-Strike: Remote Access

This tool provides remote access to user PCs, opening up a rich set of options for centralized management. It is the ideal solution for both network management and technical support. It doesn't matter if you are deploying a network or trying to eliminate the consequences of malware activity on a specific computer - the application will be equally useful in each of these cases.

Server and local network monitoring

System administrator programs of this type provide advanced monitoring capabilities of server activity and various network processes. They minimize the amount of manual steps an administrator takes to check the availability of certain resources, thereby helping to optimize his workflows.

TNM 2 will serve as a budget and effective tool for network monitoring, as well as tracking the operation of server machines. The program automatically scans the network for vulnerabilities and anomalies, and promptly notifies network operators about detected problems. In particular, for these purposes, monitors are pre-configured - special objects that analyze the correctness of the operation of individual network services.

10-Strike: Network Monitor

This software product quickly detects non-standard network activity, which may be caused by the penetration of malware or technical problems. It also provides powerful tools for monitoring hosts, file exchanges, database access and other interactions between individual network nodes (including IoT-based devices) via SNMP and a regular web interface.

November 27, 2014 at 03:31 PM

Free software for remote control of computers

• Server administration,
• Network technologies ,
• System administration

Remote computer control programs allow you to remotely control another computer over the Internet or on a local network. This is convenient when you need to help a not very experienced user, for example, a relative or friend who is poorly versed in a computer to do something on it, without leaving your comfortable chair and without wasting your nerves and time on telephone conversations. Such programs are also convenient to use for remote work, for example, from home to connect to the office and vice versa - to access your home PC, for system administration of a whole fleet of computers and servers.

Let's carry out a comparative analysis of remote control programs, highlight their advantages and disadvantages.

TeamViewer

One of the most popular programs for remote access, it can be quickly downloaded and installed or immediately launched without installation, even an inexperienced user can handle this. When launched, the program displays a window with an ID and password for accessing this computer, and TeamViewer allows you to connect to another computer by specifying its ID and password.

Benefits:
The program has several basic modes of operation: remote control, file transfer, chat, and demonstration of your desktop. The program allows you to configure round-the-clock access to the computer, which will be convenient for system administration. The speed of work is quite decent, there are versions for all mobile platforms, for various operating systems, which is very pleasing. A simple and straightforward interface plus a number of additional utilities to expand the functionality of the program will be useful for remote support services.

Disadvantages:
Although the program is free, but only for non-commercial use, and when working with it for more than 5 minutes, a number of difficulties arise, for example, TV can block a remote connection session, recognizing it as commercial use. For round-the-clock remote access or administration of several computers, a computer network, you will have to pay for additional program modules. The cost of the program is high.

Outcome:
This program is ideal for a one-time remote connection or using it for short periods of time. It is convenient to use from mobile platforms, but not to administer a large number of computers. You will have to pay extra for additional modules.

LiteManager

A simple, but quite powerful program in terms of capabilities, consists of two parts, the first is Server, which must be installed or run on a remote computer and Viewer, which allows you to control another computer. To work, the program requires a little more skills and experience from the manager, although working as a server is even easier than in TeamViewer, the server can be installed once and no more action is needed from the user, the ID will always be constant, you can even set it yourself manually, very easy to remember. LiteManager Free is free for personal and commercial use.

Benefits:
In addition to the main modes of remote access: remote control, file transfer, chat, task manager, registry editor, the program also has unique functions, for example: inventory, screen recording, remote installation. The program is free for use on 30 computers, it can be used for round-the-clock access without any additional modules. There are no time limits. It is possible to set up your own server ID to set up corporate support. The program does not have any restrictions on the operating time and locks.

Disadvantages:
There is not enough client for mobile platforms or other systems, there are restrictions on 30 computers in the free version, to administer more you need to purchase a license. Some specific operating modes are available only in the Pro version.

Outcome:
Litemanager is suitable for providing remote support, for administering several dozen computers absolutely free of charge, for setting up your own remote support service. The cost of the program is the lowest in its segment and the license is not limited in time.

Ammy admin

The program is basically similar to TeamViewer, but a simpler version. There are only the main modes of operation - viewing and control, file transfer, chat. The program can work without installation, free for non-commercial use.

Benefits:
A simple and lightweight program, you can work both on the Internet and in a local network, has minimal settings and does not require any special skills and abilities. Compared to TeamViewer, the licensing policy is milder.

Disadvantages:
A minimum of functions for remote control, it will be difficult to administer a large park of computers, with long-term use, more than 15 hours a month, the session may be limited or blocked, paid for commercial use,

Outcome:
This program is more suitable for a one-time connection to a computer and not very complex manipulations, for example, as an aid to an inexperienced user in setting up a computer.

RAdmin

One of the first remote control programs and well-known in its circle, I could not help but mention it, more intended for system administration, the main focus is on security. The program consists of two: a server component and a client. It requires installation, it will not be easy for an inexperienced user to figure it out, the program is designed mainly to work by IP address, which is not very convenient for providing those. online support. The program is paid, but it has a free trial period.

Benefits:
The program has high operating speed, especially on a good network, thanks to the desktop capture video driver, increased reliability and security. Intel AMT technology is built in, which allows you to connect to the BIOS of a remote computer and configure it. Only the basic modes of operation are implemented: remote control, file transfer, chat, etc.

Disadvantages:
There is almost no way to work without an IP address, i.e. connect by ID. There is no client for mobile systems. No free version, only 30 days trial period. Experienced user skills are required to work with the program. When a video is connected, the driver can disable the Aero graphic shell, sometimes the screen flickers.

Outcome:
The program is more suitable for system administrators to administer computers and servers in a local network. To work over the Internet, you may need to set up a VPN tunnel.