What will you find here: 

I will not list all tools for a given task, rather concentrate on the ones that will be up and running very fast and/or run the smoothest. Items marked in bold are my personal recommendations. 

Configuration Tracking

  • SCC (Inventory and diffing of setup of Unix, Windows Hosts)
  • rancid (Network devices)
  • mcollective (newest and bestlooking?)
  • facter (no backend, but good starting point)

Inventory

  • OCS - see OSSIM

Update Checks

  • see automatic updates
  • Automate your update checks and prepare reports
  • Automate update time planning
  • Frontend to view systems with pending updates, including time needed.

Monitoring

  • OMD: Open Monitoring Distro - gets you Nagios via check_mk + Livestatus

Identify Public Systems

Find out which systems need to be updated first.

  • Identify Proxies & Routers & VLANs
  • Check VLAN info, DMZ ports of Routers
  • Apache Access logs
  • turn on host firewall: log for all rules if source not local subnet

Security Monitoring

  • OSSIM: Gets you OSSEC, OCS and a few more. Still a few rough edges, but will do just enough
  • Snort sensors at the network edges
  • snort2pfsense if you run that mix

Backups

Bootable 

Taking bootable Backups while the system is running is a very old topic and well solved to users of commercial Unix flavors, and tricky at the least in the OSS and Windows world.

The better you separate your OS and DATA filesystems, the easier your ride will be.

  • SystemImager - this project is just not active enough. On the other hand it's quite to setup and works like a charm
  • VM Snapshots - sync & suspend the vm and take a snapshot of the backend storage. Expect fsck issues.
  • mondorescue - untested

Non-Bootable

  • Bacula
  • Zmanda (spreading FUD over bacula ever since they got some venture money. Won't discuss it)

Mix these two by having a VM that will boot up to restore a bacula backup to a chroot.

Installation Management

  • cobbler (rhel flavoured unix server focus)
  • FAI (linux debian focus)
  • symsalabim  (win client focus for large workgroups)

Lab Environment

dfjf

Automatic updates

tie in with Backups

Track & apply security updates quickly.

Auto-install security updates: DamageHack > DamageBug

Security Updates

FreeBSD:

cvsup, Portaudit

Debian:

disable volatile etc., track only security.debian.org

CentOS, RHEL, Oracle VM:

yum-security

Full Updates:

Use Lab systems to automatically do full updates and restore tests..

Approve results and enable updates of non-Lab systems.

Automate software download and backup

Track the time for backup

Track the time for applying the update

Track the time for restore

Configuration Management

Expect to rebuild your whole damn infrastructure during this step!

And it will PAY OUT!

www.infrastructures.org

  • cfengine
  • puppet
  • bcfg

Log collection

  • Splunk
  • logstash (if you can't afford splunk or want something leaner)
  • Avoid tools like Loganalyzer that look "almost as good" but don't have highend search capabilities. Many are a mere HTMLized display of raw log data.