≡ Menu

system administrators

Nagios: System and Network Monitoring Book

Nagios is a popular open source computer system and network monitoring application software. You can easily monitor all your hosts, network equipment and services. It can send alert when things go wrong and again when they get better.

The convenience and reliability that monitoring programs offer system administrators is astounding. Whether at home, commuting, or on vacation, admins can continuously monitor their networks, learning of issues long before they become catastrophes.

Nagios, the most popular open source solution for system and network monitoring, is extremely robust, but it's also intensely complex. This eagerly anticipated revision of the highly acclaimed Nagios: System and Network Monitoring, has been updated to address Nagios 3.0 and will help readers take full advantage of the many powerful features of the new version. Ethan Galstad, the main developer of Nagios, called the first edition of Nagios "incredibly detailed." He went on to say, "I don't think I could have gone into that much detail if I wrote a book myself."

Nagios, which runs on Linux and most *nix variants, can be configured to continuously monitor network services such as SMTP, POP3, HTTP, NNTP, SSH, and FTP. It can also supervise host resources (processor load, disk and memory usage, running processes, log files, and so on) and environmental factors, such as temperature and humidity. Readers of Nagios learn how to:

  • Install and configure the Nagios core, all standard plugins, and selected third-party plugins
  • Configure the notification system
  • Program event handlers to take automatic action when trouble occurs
  • Write Perl plugins to customize Nagios for unique system needs
  • Quickly understand Nagios data using graphing and visualization tools
  • Monitor Windows servers, SAP systems, and databases

This dense, all-inclusive guide to Nagios also contains a chapter that highlights the differences between Nagios versions 2 and 3 and gives practical migration and compatibility tips. Nagios, 2nd Edition is a key resource for any system and network administrator and will ease the pain of network monitoring migraines in no time.

Wolfgang Barth has written several books for professional network administrators, including The Firewall Book (Suse Press), Network Analysis (Suse Press), and Backup Solutions with Linux (Open Source Press). He is a professional system administrator with considerable experience using Nagios.

Book Info

  • Title: Nagios: System and Network Monitoring, 2nd Edition
  • Author: Wolfgang Barth
  • Pub Date: October 2008, 720 pp
  • ISBN 9781593271794, $59.95 USD
  • Download free chapter 18: "NagVis" (PDF)
  • Order info: order@oreilly.com // 1-800-998-9938 // 1-707-827-7000
  • Support nixCraft: Order Nagios: System and Network Monitoring from Amazon.

Exploring Urchin Web Analytics Software

By default Urchin 6 is installed at /usr/local/urchin directory. You can change directory by typing the following command:
# cd /usr/local/urchin

Use urchinctl to control Urchin web server / scheduler

You will find urchinctl inside bin directory. It is used to control Urchin web server listing on TCP port 9999.

To start the Urchin webserver, enter:

# /usr/local/urchin/bin/urchinctl start

To restart the Urchin webserver, enter:

# /usr/local/urchin/bin/urchinctl restart
Above command is useful if you change Urchin port or other settings.

To view the Urchin webserver and scheduler status , enter:

# /usr/local/urchin/bin/urchinctl status
Sample output:

Urchin webserver is running
Urchin MASTER scheduler is running
Urchin SLAVE scheduler is running

To stop the Urchin webserver, enter:

# /usr/local/urchin/bin/urchinctl stop

/usr/local/urchin/util/utm directory

You need to use urchin.js and __utm.gif file to track the statistics. These files are also known as the UTM Sensor, which is nothing but a small amount of JavaScript code that accomplishes various tracking methods.

Automatically start / stop Urchin after RHEL reboot

You need to copy /usr/local/urchin/util/urchin_daemons file to /etc/init.d/ directory:
# cp /usr/local/urchin/util/urchin_daemons /etc/init.d/urchin
Set permissions
# chmod +x /etc/init.d/urchin
Use chkconfig tool, which provides a simple command-line tool for maintaining the /etc/rc[0-6].d directory hierarchy by relieving system administrators of the task of directly manipulating the numerous symbolic links in those directories.
# chkconfig urchin on

Now you can start, stop or restart Urchin services automatically.

Ksplice: Patch The Linux Kernel Without Rebooting System

You may be aware that after kernel upgrade and kernel security patching you need to reboot Linux box. Now, there is a new patch called - Ksplice. It provides rebootless Linux kernel security update. It is available under GPL 2 and has been tested on Linux kernel versions from 2.6.8 to the recently released 2.6.25 and on several Linux distributions including Debian, Ubuntu, Red Hat Enterprise Linux and Gentoo Linux.

Ksplice allows system administrators to apply security patches to the Linux kernel without having to reboot. Ksplice takes as input a source code change in unified diff format and the kernel source code to be patched, and it applies the patch to the corresponding running kernel. The running kernel does not need to have been prepared in advance in any way.

To be fully automatic, Ksplice's design is limited to patches that do not introduce semantic changes to data structures, but most Linux kernel security patches don't make these kinds of changes. An evaluation against Linux kernel security patches from May 2005 to December 2007 finds that Ksplice can automatically apply 84% of the 50 significant kernel vulnerabilities from this interval.

Ksplice has been implemented for Linux on the x86-32 and x86-64 architectures.

=> Ksplice: Rebootless Linux kernel security updates (via zdnet)

Linux / UNIX: Python programming tutorial for system administrators

Generally I use Perl and Shell script for automation or to make system administration easier for me. Python is an interpreted, interactive, object-oriented programming language that combines remarkable power with very clear syntax. Python runs on Windows, Linux/Unix, Mac OS X, OS/2, Amiga, Palm Handhelds, and Nokia mobile phones.

You can easily adopt Python to manage UNIX and Linux systems while incorporating concepts of good program design. Python is an easy-to-learn, open source scripting language that lets system administrators do their job more quickly. It can also make tasks more fun:

As a system administrator, you run across numerous challenges and problems. Managing users, disk space, processes, devices, and backups can cause many system administrators to lose their hair, good humor, or sanity. Shell scripts can help, but they often have frustrating limitations. This is where a full-featured scripting language, such as Python, can turn a tedious task into an easy and, dare I say it, fun one.

The examples in this article demonstrate different Python features that you can put to practical use. If you work through them, you'll be well on your way to understanding the power of Python.

=> Python for system administrators

Nokia E90 Review (Good for sys admins)

I’m still stuck with Blackberry and Nokia 6130, good folks at Osnews has posted a nice review of Nokia E90 business phone:

The E90 is a Communicator-class device and very popular among businessmen, but also among system administrators too (one of our friends, sysadmin at Google, is using Nokia's qwerty/wifi devices specifically for SSH access). Read on for our review of the impressive E90.

Also checkout Nokia E90 and N95 side by side feature chat. I don't have any plan to get new phone but I might try out Nokia 800 Internet Tablet PC soon :D.

BTW, do have an iPhone? If you have let me know your experience...

FreeBSD Enable Security Port Auditing to Avoid Vulnerabilities With portaudit

This is new nifty and long term demanded feature in FreeBSD. A port called portaudit provides a system to check if installed ports are listed in a database of published security vulnerabilities. After installation it will update this security database automatically and include its reports in the output of the daily security run. If you get message like as follows

Vulnerability check disabled, database not found

You need install small port called portaudit. From the man page:

portaudit checks installed packages for known vulnerabilities and generates reports including references to security advisories. Its intended audience is system administrators and individual users. portaudit checks installed packages for known vulnerabilities and generates reports including references to security advisories. Its intended audience is system administrators and individual users.

Install portaudit

1) Install port auditing (login as root)
# cd /usr/ports/ports-mgmt/portaudit
Please note that old portaudit port was located at /usr/ports/security/portaudit/.
2) Install portaudit:
# make install clean

===>  WARNING: Vulnerability database out of date, checking anyway
===>  Extracting for portaudit-0.5.12
===>  Patching for portaudit-0.5.12
===>  Configuring for portaudit-0.5.12
===>  Building for portaudit-0.5.12
===>  Installing for portaudit-0.5.12
===>   Generating temporary packing list
===>  Checking if ports-mgmt/portaudit already installed
===>   Compressing manual pages for portaudit-0.5.12
===>   Registering installation for portaudit-0.5.12
===>  Cleaning for portaudit-0.5.12

3) Fetch the database so that port auditing get activated immediately. By default it install a shell script 'portaudit' in /usr/local/etc/periodic/security/:
# /usr/local/sbin/portaudit -Fda

auditfile.tbz                                 100% of   47 kB  405 kBps
New database installed.
Database created: Wed Feb 27 06:10:01 CST 2008
0 problem(s) in your installed packages found.


  • -F: Fetch the current database from the FreeBSD servers.
  • -d: Print the creation date of the database.
  • -a: Print a vulnerability report for all installed packages

4) portaudit script automatically get called via FreeBSD's periodic (cron job) facility. So your database get updated automatically everyday.

Let us assume you would like to install a port called sudo. If it has known vulnerabilities it will not install sudo:
# cd /usr/ports/security/sudo
# make install clean

===>  sudo- has known vulnerabilities:
=> sudo -- local race condition vulnerability.
   Reference: &tt;http://www.FreeBSD.org/ports/portaudit/3bf157fa-
=> Please update your ports tree and try again.
*** Error code 1
Stop in /usr/ports/security/sudo.

For more information refer portaudit man page:
$ man portaudit