The FreeBSD SysAdmin's Favorite Tools [Archive]

APseudoUtopia

November 17th, 2008, 03:28

Hey everyone,

I've been using FreeBSD for about 2 years now, and I've loved every minute of it. I've been discovering new programs/tools almost every week that do something that just make me think "damn, that was cool!"

I was thinking it would be helpful to newcomers, as well as users like myself, and even maybe experienced gurus, to make up a list of awesome sysadmin software. Such as sysutils like portupgrade, lsof, mtr, and other software like cacti, whatmask, cmdwatch, and daemontools.

So, what's your favorite FreeBSD sysadmin tool? Please include a quick description of it.

brd@

November 17th, 2008, 03:44

Hmm.. lets see..

Nagios (http://www.nagios.org) - Monitor your network to make sure the services and hosts are up.
Samhain (http://www.la-samhna.de/samhain/) - File integrity monitor.
Portaudit - Check your install ports against a database of vulnerable ports.
Screen - Terminal multiplexer.

Thats all I can think of right now..

jonathan

November 17th, 2008, 04:03

ive done nagios, but ive just recently discovered zabbix at my new job. it has both a server and client, and can tell you just about everything you never wanted to know about windows, *.nix, and practically any host you want to monitor.

ken

November 17th, 2008, 04:16

Too many to list but one in particular worthy of mention is portmaster. I used portupgrade for years, and it was a godsend in it's day, but for last couple have replaced with Doug Barton's excellent portmaster (http://www.freebsd.org/cgi/url.cgi?ports/ports-mgmt/portmaster/pkg-descr)

/bin/sh based so no need for additional packages such as Ruby, db4, etc. Also much, much faster.

bsddaemon

November 17th, 2008, 04:26

My pick would be SSH, tcpdump, sed, awk and shell script. Cant leave home without them :D

hedwards

November 17th, 2008, 04:55

I think that portmaster, awk, sed, grep, screen and bacula are pretty much must haves in most cases. The time it takes to learn sed, awk and grep properly is time well spent. Even learning to use them a little bit can save a huge amount of time and effort.

With ZFS, I may give up on bacula and just dump the snapshots to a separate storage system for back ups. But I'm not sure how I'd be able to give up the database portion.

gldisater

November 17th, 2008, 05:22

My pick would be SSH, tcpdump, sed, awk and shell script. Cant leave home without them :D

cd can't leave $HOME without it.

Sorry, couldn't resist.

kmf

November 17th, 2008, 05:29

Hi APseudoUtopia,
A day rarely passes without me using sed / awk.

Never under estimate the power of a editor ... (vi) :)

We are busy testing, OCS Inventory + GLPI, so that we can keep track of all our assets and systems.

Karl

snes-addict

November 17th, 2008, 05:52

Let's see...

Although I'm an Emacs fan, I always use vi for editing system configs and short memos.

I've been using ftp quite a bit recently, also.

I have always loved the ports tools (portupgrade, portsnap, etc.).

The lynx or links browsers are also awesome on systems without X11, and are especially a must on those systems when something goes wrong and advice from others is needed.

On systems where keeping track of file modifications is important, rcs, cvs, and Subversion are the way to go.

Aw, heck, the entire base system is the best administrative tool! FreeBSD is just that good.

ken

November 17th, 2008, 05:52

I think that portmaster, awk, sed, grep, screen and bacula are pretty much must haves in most cases. The time it takes to learn sed, awk and grep properly is time well spent. Even learning to use them a little bit can save a huge amount of time and effort.

With ZFS, I may give up on bacula and just dump the snapshots to a separate storage system for back ups. But I'm not sure how I'd be able to give up the database portion.

Ditto. Although you can use Bacula with ZFS, you loose the NFS ACL bits. Tis' a shame really, because otherwise Bacula just rocks! Perhaps once ZFS sees critical mass with the penguinistas we'll see that change.

anomie

November 17th, 2008, 05:55

Favorite network troubleshooting tools:

nmap - tcp/udp port scanner, lots of features (see the av)
tcpdump - packet analyzer
arpwatch - passive ethernet sniffer, keeps MAC / IP address db

locnar

November 17th, 2008, 06:05

I agree with all those that have been listed so far, but I have to add one. dvtm (in the ports) is a great little command line terminal manager. It has two great features: One, it doesn't react poorly with screen, so you can call it from with in a screen session and just keep working as screen lets you and as dvtm lets you. Two, having a file and another file right next to each other for comparing in two or more windows with only one terminal saves loads of setup time for my work day.

Snelius

November 17th, 2008, 06:12

bash & perl

nabsta

November 17th, 2008, 06:15

ive done nagios, but ive just recently discovered zabbix at my new job. it has both a server and client, and can tell you just about everything you never wanted to know about windows, *.nix, and practically any host you want to monitor.

So could you tell us more about how Zabbix could be installed on freebsd, some hints would be great for all;)

vermaden

November 17th, 2008, 08:20

bsddaemon

November 17th, 2008, 08:55

vermaden

November 17th, 2008, 09:13

They are indeed good ultilities, but they are more like every day, general tools, rather than administrative tools

vi --> edit config files
sh -x --> debug scripts
lsof --> check "blocked" files
sockstat --> check "blocked" files
top --> no comment
rsync --> remote backup
scp --> can be used for remote backup or temporary file ransfers
mtr --> network troubleshooting
arping --> network troubleshooting
vim -d --> compare config files

Isn't THAT administration?

Geoff

November 17th, 2008, 11:35

rsync has saved my bacon on numerous occasions, also love daemontools, ucspi-tcp and netcat

Daemony

November 17th, 2008, 11:50

screen screen screen

the first and the best tool for me!
portupgrade - has the second place here. :)

bsddaemon

November 17th, 2008, 12:04

rsync has saved my bacon on numerous occasions, also love daemontools, ucspi-tcp and netcat

I heard R1Soft has better file archive algorithm comparing to rsync, pity it is not free, in fact it is damn pricey. It is mostly for commercial, business, mission critical use.

But indeed rsync is one of the excellent application out there, I wish it came with FreeBSD out of the box.

Back in the day I was writing a port scanning shell script (just for fun actually, and because nmap is kinda noisy). My script is telnet based, but I realised telnet doesnt support UDP, then I found netcat (aka. nc). But netcat was not better, actually it was more than useless. It reported every UDP port open???

%nc -vzu google.com 3000-3005

Connection to google.com 3000 port [udp/*] succeeded!
Connection to google.com 3001 port [udp/*] succeeded!
Connection to google.com 3002 port [udp/*] succeeded!
Connection to google.com 3003 port [udp/*] succeeded!
Connection to google.com 3004 port [udp/*] succeeded!
Connection to google.com 3005 port [udp/*] succeeded!

I must be missing smt here?

cnr

November 17th, 2008, 12:25

my basic and favorite tools;
vim, top, rsync, portaudit, portsnap, freebsd-update, tcpdump and pftop ;)

locnar

November 17th, 2008, 14:14

vermaden

November 17th, 2008, 14:35

Yes, Yes I have. dvtm allows for a bit more flexability and it is repeatable for my co-workers who see me doing neat things, but can't stand vim. dvtm is just a window manager in ncurses. I can tail a maillog, be running top, and have the config file open in one terminal. I guess I used a silly example for why it is a great tool to have on your system.

Thanks for explanation.

I have heard about it some time ago (dvtm) but did not had time to check it, but I definitely will in some closer time.

oliverh

November 17th, 2008, 14:45

Without screen I would be sometimes lost ;-) Vi is such an essential tool too, rsync and of course more or less some of the above mentioned tools.

thortos

November 17th, 2008, 16:25

telnet doesnt support UDP, then I found netcat (aka. nc). But netcat was not better, actually it was more than useless. It reported every UDP port open???

I must be missing smt here?

Yes you are. UDP is connectionless (http://en.wikipedia.org/wiki/User_Datagram_Protocol) It throws the packets by the way of the destination and doesn't care about them once they're gone. This is why you can't telnet via UDP (you can't connect with a connectionless protocol), and this is also why the output of nc is correct - it could perfectly send out the packets, which is all it cares about.

I agree that using the word "connection" in the nc output is confusing in this use case, but maybe the authors of nc assumed that people using it know what they're doing.

Maybe you want to do some basic reading on IP networking, it's an interesting thing to get into. Also, I hope you're not responsible for any network security. :e

oversize

November 17th, 2008, 16:43

hm, those are all Linux Unix tools in general.

Dont know whether the Author wanted to only have FreeBSD Tools listed. But as i read through all the posts i thought to mysqlf which are realy FreeBSD unique? Are there any?

And to name a tool, as everybody did, i recently discoverd ossec for systemmonitoring very handy.

cheers

toomanysecrets

November 17th, 2008, 17:56

My favourite tools...

vi/vim
screen
vmstat
systat
iostat
lsof
sockstat/netstat
netcat
sh/csh/tcsh/bash
perl
links/elinks/lynx
less
grep
awk

And... ok ok, stop right away...

foldingstock

November 17th, 2008, 18:20

Tmux is a terminal emulator, much like screen, released under the *BSD license. It operates differently then screen and is lighter on system resources.

pirzyk

November 17th, 2008, 18:52

hm, those are all Linux Unix tools in general.

Dont know whether the Author wanted to only have FreeBSD Tools listed. But as i read through all the posts i thought to mysqlf which are realy FreeBSD unique? Are there any?

And to name a tool, as everybody did, i recently discoverd ossec for systemmonitoring very handy.

cheers

One 'tool' that is not common on other versions of UNIX that I am familiar with is 'stty status'. I hear it does exist in VMS. I have used it quite a bit to figure out where a program may be 'hanging'. Usually it returns '[ttyin]' which causes a response of doh!

hark

November 17th, 2008, 19:22

sysutils/ezjail

It is dreamy.

timmix

November 17th, 2008, 22:12

So could you tell us more about how Zabbix could be installed on freebsd, some hints would be great for all;)

Ehm, just type: "cd /usr/ports/net-mgmt/zabbix/ && make install clean" at your favorite commandprompt.

--
Timm

estrabd

November 17th, 2008, 23:14

Hmm.. lets see..

Nagios (http://www.nagios.org) - Monitor your network to make sure the services and hosts are up.
Samhain (http://www.la-samhna.de/samhain/) - File integrity monitor.
Portaudit - Check your install ports against a database of vulnerable ports.
Screen - Terminal multiplexer.

Thats all I can think of right now..

screen++

danger@

November 18th, 2008, 01:11

hey guys, you don't watch your logs? :-)

tail -f *.log

Gabe_G23

November 18th, 2008, 01:45

Too many to list but one in particular worthy of mention is portmaster. I used portupgrade for years, and it was a godsend in it's day, but for last couple have replaced with Doug Barton's excellent portmaster (http://www.freebsd.org/cgi/url.cgi?ports/ports-mgmt/portmaster/pkg-descr)

Mmmh, I must say that I agree!

horus

November 18th, 2008, 05:05

what about ee(1)??? :D

brd@

November 18th, 2008, 06:23

hey guys, you don't watch your logs? :-)

tail -f *.log
In 7.0+ try:
tail -F /path/to/logfile1 /path/to/logfile2
It makes the built in tail(1) (http://www.freebsd.org/cgi/man.cgi?query=tail) behave like xtail, and display multiple log files at once.

bsddaemon

November 18th, 2008, 06:35

In 7.0+ try:
tail -F /path/to/logfile1 /path/to/logfile2
It makes the built in tail(1) (http://www.freebsd.org/cgi/man.cgi?query=tail) behave like xtail, and display multiple log files at once.

It works with older version, too, at least with 6.4 ;)

Anapivirtua

November 18th, 2008, 06:35

In 7.0+ try:
tail -F /path/to/logfile1 /path/to/logfile2
It makes the built in tail(1) (http://www.freebsd.org/cgi/man.cgi?query=tail) behave like xtail, and display multiple log files at once.

Awesome !!!

braveduck

November 18th, 2008, 11:46

It makes the built in tail(1) behave like xtail, and display multiple log files at once.
It works with older version, too, at least with 6.4

Yep, it doesn't work with 4.*, but it works with 5.4+, so I guess it works with 5.0+. Nice thing to have.

Vladimir

November 18th, 2008, 14:31

I love command "watch". Who uses watch?;)

what about ee(1)??? :D
It's terrible, please don't use it.

oliverh

November 18th, 2008, 14:41

ee is a nice editor (like pico/nano/joe ...) for the beginner, most beginners blow up their systems while using vi the first time.

jb_fvwm2

November 18th, 2008, 14:47

popd
....................
started using it less than a year ago. That
means 3 or so years less efficient at the shell.
....................

Vladimir

November 18th, 2008, 14:52

ee is a nice editor (like pico/nano/joe ...) for the beginner, most beginners blow up their systems while using vi the first time.
It's habit-forming editors.

vermaden

November 18th, 2008, 15:53

ee is a nice editor (like pico/nano/joe ...) for the beginner, most beginners blow up their systems while using vi the first time.

... or generate great random strings trying to exit ;)

oliverh

November 18th, 2008, 16:28

It's habit-forming editors.

No it's open source, you have the choice ;-) If someone really needs vi or vim or emacs, then he will use it - so it's not the habit, it's the application. And speaking of 'bad habits' ;-)

http://web.cecs.pdx.edu/~kirkenda/joy84.html

I got tired of people complaining that it was too hard to use UNIX because the editor was too complicated. Since I sort of invented the editor that was most complicated, I thought I would compensate by also designing the editor that was most simple. But I got distracted. If I had just spent another day on it... I could actually edit a file on it. I actually used it to edit itself and scrunched the source code - sort of old home day, because we used to do that all the time.

I had threatened to remove all the copies of vi on January 1 of this year and force people to use be. I don't think it would have worked, though, because I don't know any of the root passwords here anymore. These editors tend to last too long - almost a decade for vi now. Ideas aren't advancing very quickly, are they?

--Bill Joy

jonathan

November 18th, 2008, 17:33

So could you tell us more about how Zabbix could be installed on freebsd, some hints would be great for all;)

its in the ports. think of it as a cross between cacti and nagios, but then it took some steriods after.

as far as hints, i have none yet. i built it once, but then didnt have time to configure it out. but when i redo my network at home, ill be going with zabbix for my monitoring needs.

Alt

November 18th, 2008, 18:39

As a sysadmin, my most favorite tools is
sockstat, systat, grep, perl, and ofc PING =)

oversize

November 18th, 2008, 22:11

to you guys looking at your logs with tail: Yo dont do that _all_ the day, do you?

I'm not a marketer ( ... and said it before), you should try ossec (http://ossec.net/). Its not as huge as Nagios feels (i never realy used nagios).
The rules are so cool, _if_ you know regex (which is one of my weaknesses x( ). The Install went through in about 5 minutes and now, if something suspicious happens, i get an email right away.

Of course you get a ton of false positives in the first place. e.g. sshd scans, service monitors, general server warnings, but if you figured your way through customizing the rules, it is a breeze.

cheers

joel@

November 18th, 2008, 22:16

ee is a nice editor (like pico/nano/joe ...) for the beginner
I use ee all the time.

billysponch

November 19th, 2008, 00:11

I use ee all the time.

which just goes to show that ;)

aaron

November 19th, 2008, 19:21

sed, awk, du, lsof, wc, hping, grep

robertclemens

November 19th, 2008, 21:28

The vi cronies are out in full force!

We get it. Vi is a good editor. Use it
if you like it. I use it for plenty of
tasks.

No reason to attribute vi with superior
administration. That is hardly the case.

kamikaze

November 20th, 2008, 18:26

I use pkg_libchk and pkg_validate from sysutils/bsdadminscripts a lot. I made pkg_validate to check the consistency of the system after a crash and pkg_libchk for the transition from 6.x to 7.x. It spared me the build of several hundred ports and now it helps me find problems resulting from a port upgrade and fix them before they cause trouble.

cpeterson

November 24th, 2008, 00:27

sysutils/ezjail

It is dreamy.

++

It should really be renamed to awesomejail considering how insanely secure it makes jails it creates.

UNIXgod

November 24th, 2008, 03:05

shells/zsh

marius

November 24th, 2008, 23:23

last

Business_Woman

November 26th, 2008, 12:56

I use ee all the time.
Simple and effective

tanked

November 26th, 2008, 13:19

Simple and effective

Agreed, for simple changes to system config files I can't really think of a reason to use anything else.

Eponasoft

November 27th, 2008, 14:58

Since I don't use FreeBSD as a network tool but rather as a desktop OS, I'd have to say my favorite FreeBSD-specific tool is...sysinstall! :) Other than that, I'd be completely lost without gcc...writing machine code just isn't my idea of a fun time. :) And, since I always use X, nedit and kwrite are my code editors...I can't stand vi, never could...sorry vi folks. :) pkg_add, firefox, and kvirc round out my list of essential tools...yeah, IRC is essential dangit! :D

Mel_Flynn

November 27th, 2008, 15:38

and kvirc round out my list of essential tools...yeah, IRC is essential dangit! :D

:O Konversation!

Administratively, sysutils/pstree, top, tail, sysutils/pftop, net- and sockstat for diagnostics, sysctl(8)+prayer to up that resource that's just been eaten and the rest is icing on the cake.

artificer

November 30th, 2008, 11:52

I recently appreciated recoverdisk(1), it's invaluable in many situations. Not many people seem to know it, as it's new (First appeared in 7.0).

bsddaemon

November 30th, 2008, 14:48

I recently appreciated recoverdisk(1), it's invaluable in many situations. Not many people seem to know it, as it's new (First appeared in 7.0).

Sounds like useful/life saving tool. I dont have any damaged data here, so I cant test the tool, how well does it perform for you?

artificer

December 1st, 2008, 13:04

Sounds like useful/life saving tool. I dont have any damaged data here, so I cant test the tool, how well does it perform for you?

Very well, I've saved a lot of data from some defective cd-roms. I haven't tested it on a hard disk though.

hedwards

December 1st, 2008, 18:44

Simple and effective
I must admit that ee both confuses and enrages me. Perhaps I'm odd, but vi is a lot easier to use once you get the hang of the very basics. Really, i a dw cw dd and o are enough to get quite far. And while it is extremely powerful/complex, one doesn't have to learn all of the features at once.

Case in point, I only recently realized that :$ would take me directly to the last line of any file, no matter how large it is.
No reason to attribute vi with superior
administration. That is hardly the case.
You mean apart from the fact that it's the only editor guaranteed to be on a system in a form that's consistent, right?

mbs

December 1st, 2008, 21:20

bash/vim-lite/top/netstat/lsof/innotop/du/df/telnet

Of course, I could add cd and make to this list in order to install new ports ;)

MorgothV8

December 2nd, 2008, 09:53

vim + gcc (couple of years) and still using...

braveduck

December 4th, 2008, 14:34

You mean apart from the fact that it's the only editor guaranteed to be on a system in a form that's consistent, right?

Actually, the only editor guaranteed to be on any *nix/Linux system is ED,
which is quite awesome :) I'm a strong advocate of ED :)

paulfrottawa

December 5th, 2008, 17:34

The Hand Book

ps: from all these responses about editors you can tell the command line is very popular.

anomie

December 5th, 2008, 18:15

I'm a strong advocate of ED :)

I found this essay to be pretty amusing:
http://www.dina.kvl.dk/~abraham/religion/ed-standard

Let's look at a typical novice's session with the mighty ed:

golem> ed

?
help
?
?
?
quit
?
exit
?
bye
?
hello?
?
eat flaming death
?
^C
?
^C
?
^D
?

- ---
Note the consistent user interface and error reportage. Ed is
generous enough to flag errors, yet prudent enough not to overwhelm
the novice with verbosity.

bsddaemon

December 5th, 2008, 18:34

If you like ed, you probably enjoy reading this article, too

The tale of Ed, Sed, and an ignorant FreeBSD hacker (http://www.morphine.com/blog/?p=29)

It was well written, I just dont understand why there is flash in that page :S

davehouston

December 5th, 2008, 22:15

For me its got to be nano, mtr (excellent program!) and don't think I have seen them mentioned and don't see many people using them 'popd & pushd' be lost without them both! :e

Oko

December 5th, 2008, 22:20

Actually, the only editor guaranteed to be on any *nix/Linux system is ED,
which is quite awesome :) I'm a strong advocate of ED :)
Quite right. Linux version of vi is vim (which I do not like) while
bsd version is nvi (new vi editor). Heirloom vi (SUN's vi) is the closest thing to real vi. But Bill Joe is owner of SUN so that should not be surprise.

I like ed very much myself although I have honestly to admit that I use mostly nvi.

jandrese

December 9th, 2008, 18:14

Pretty much everything I like has been mentioned already, save for one that has been left with but a fleeting mention:

watch(1)

I use this all of the time since I tend to leave console processes running while I go out and do something else. Maybe I'm at a friends house and notice that a portupgrade is sitting at a configuration window. No need to restart the process (which can be hairy if you're using -R or -r), just watch(1) the terminal and answer whatever it's asking.

Or maybe I want to idle on an IRC channel with just one client? Start the client on a vty and whenever you want to interact just ssh into the box, watch(1) the vty, and go.

Maybe I want to be really paranoid about restarting a firewall config when connected remotely and watch a local vty to run the restart.

Or I'm in X and can't switch to the vtys thanks to the new X.org and nVidia driver not honoring ctrl-alt-fx, yet I want to run something on the console? Watch solves that problem as well.

sverreh

December 9th, 2008, 19:33

Or I'm in X and can't switch to the vtys thanks to the new X.org and nVidia driver not honoring ctrl-alt-fx, yet I want to run something on the console? Watch solves that problem as well.

Well, that explains the problem I have had since updating to 7.0 and the new X.org! I can't get to the console, and couldn't find out why. I have nVidia driver. Thanks a lot! :e

Can you give some details on how watch is used to get to the console. I read the manual, but to be honest, I didn't understand too much of it. :(

bsddaemon

December 9th, 2008, 19:47

Can you give some details on how watch is used to get to the console. I read the manual, but to be honest, I didn't understand too much of it. :(

You can get vt pseudo name from /etc/ttys, then as root, run watch. For example:

# watch ttyv0

^G to exit watch

Pushrod

December 10th, 2008, 01:56

Netcat (nc) and perl.

liamjfoy

December 10th, 2008, 13:43

hey guys, you don't watch your logs? :-)

tail -f *.log

Nods.

liamjfoy

December 10th, 2008, 22:01

OpenSSH is clearly the winner here - by miles.

r-c-e

December 13th, 2008, 00:46

I've been using bruteblock a lot recently for stopping bruteforce attacks on sshd. Regexp patterns are nice for custom items.

GD

December 19th, 2008, 01:41

porteasy (in ports-mgmt category)

-i can pull a port not having to have the entire ports tree in /usr/ports. You have ONLY the ports you install !

bsddaemon

December 19th, 2008, 03:34

I like porteasy very much. Not much exaggeration to say it is a must have tool if the HDD space is precious.

Btw, a CVS server is needed when running porteasy, Im just wondering what is happenning to CVS servers in US and Japan? I always struggle to connect to them :S

cajunman4life

December 19th, 2008, 07:48

hey guys, you don't watch your logs? :-)

tail -f *.log

Of course you mean tail -F (for those of us who rotate logs ;) )

Dara

December 23rd, 2008, 16:48

cvsup, vi, sed/awk, netstat, sockstat, mytop and in the center of it all Hobbit (xymon..)