What will you find here:
|Table of Contents|
I will not list all tools for a given task, rather concentrate on the ones that will be up and running very fast and/or run the smoothest. Items marked in bold are my personal recommendations.
- SCC (Inventory and diffing of setup of Unix, Windows Hosts)
- rancid (Network devices)
- mcollective (newest and bestlooking?)
- facter (no backend, but good starting point)
- OCS - see OSSIM
- see automatic updates
- Automate your update checks and prepare reports
- Automate update time planning
- Frontend to view systems with pending updates, including time needed.
- OMD: Open Monitoring Distro - gets you Nagios via check_mk + Livestatus
Identify Public Systems
Find out which systems need to be updated first.
- Identify Proxies & Routers & VLANs
- Check VLAN info, DMZ ports of Routers
- Apache Access logs
- turn on host firewall: log for all rules if source not local subnet
- OSSIM: Gets you OSSEC, OCS and a few more. Still a few rough edges, but will do just enough
- Snort sensors at the network edges
- snort2pfsense if you run that mix
Taking bootable Backups while the system is running is a very old topic and well solved to users of commercial Unix flavors, and tricky at the least in the OSS and Windows world.
The better you separate your OS and DATA filesystems, the easier your ride will be.
- SystemImager - this project is just not active enough. On the other hand it's quite to setup and works like a charm
- VM Snapshots - sync & suspend the vm and take a snapshot of the backend storage. Expect fsck issues.
- mondorescue - untested
- Zmanda (spreading FUD over bacula ever since they got some venture money. Won't discuss it)
Mix these two by having a VM that will boot up to restore a bacula backup to a chroot.
- cobbler (rhel flavoured unix server focus)
- FAI (linux debian focus)
- symsalabim (win client focus for large workgroups)
tie in with Backups
Track & apply security updates quickly.
Auto-install security updates: DamageHack > DamageBug
disable volatile etc., track only security.debian.org
CentOS, RHEL, Oracle VM:
Use Lab systems to automatically do full updates and restore tests..
Approve results and enable updates of non-Lab systems.
Automate software download and backup
Track the time for backup
Track the time for applying the update
Track the time for restore
Expect to rebuild your whole damn infrastructure during this step!
And it will PAY OUT!
- logstash (if you can't afford splunk or want something leaner)
- Avoid tools like Loganalyzer that look "almost as good" but don't have highend search capabilities. Many are a mere HTMLized display of raw log data.