cs471:cs_471_-_general_sysadmin_principles
Some General SysAdmin Principles
Documentation
The hard stuff (security and backups)
Take care of the hard stuff first.
The worst feelings for a SysAdmin (makes you fear getting fired):
Backups, security hardening, disaster recovery plan
How good is the backup?
Run a file system integrity (FSI) checker.
Run a root kit scanner.
Be aware of recently discovered security problems and exploits and incidents.
Do you subscribe to newsgroups and mailing lists that might give you this information?
-
Run an intrusion detection system.
Use a firewall.
Whitelist incoming connections using tcpd (tcp wrapper).
Whitelist users who are allowed to ssh in.
Is it obvious what
OS you are running, what servers you are running?
Beware the “It won't happen here” or “Our users aren't that smart” mentality that leads to security problems.
Think in terms of redundancy.
Efficiency Matters
Remote Access / Administration
Unless every machine you administer is only on from 9am-5pm, system administration is not a 9-to-5 kind of job.
The ability to work remotely is essential and something that SysAdmins should demand and set up.
Enable Wake-on-
LAN and/or timed power-on in BIOS'es of systems.
Learn to use serial consoles, remote KVM switches.
Enable more than one way to access a system remotely.
Learn to use the command line.
Learn SSH port forwarding.
Startup / Shutdown
Automation and Scripting
Learn one scripting language well and use it consistently.
Unless you really like typing, develop a set of aliases and short scripts that reduce typing.
Learn to use the command line (shell) history.
Periodic processing (cron, at, etc.)
Processes must be non-interactive to be scheduled…
Test cron script, as you would any other script you write.
Write scripts so that they are scalable.
Software Installation/Management, System Maintenance
Automatic updates
Sounds nice, but an admin should know what's actually being installed or upgraded.
Software installs/updates should be an interactive activity.
Upgrade the
OS/kernel/software carefully.
(or apply security patches, services packs, etc.)
Does it have to be done now?
Have you backed up the system first?
Will you be able to back out to a previous system state if your upgrade is disastrous?
Have you tested the upgrade adequately on a test system(s)?
Have you tested the upgrade after you have applied it?
Only the high priority security fix patches or packages can be applied/installed in lieu of the whole bundle of upgrades/patches.
Users
Standardization vs. Diversity
Advocacy
Learning Administration
Keeping up with the Joneses
Ethics and Licenses
cs471/cs_471_-_general_sysadmin_principles.txt · Last modified: 2018/04/06 18:18 by jchung