[NTLUG:Discuss] Is it just me, or has traffic in this listreduced to a trickle recently?

kbrannen@gte.net kbrannen at gte.net
Mon Jun 30 02:04:10 CDT 2003 

Paul Drew wrote:
...
> Most of these are Redhat boxes and they all seem to be hovering around 
> 7.2. Some are simple proxies, web servers, some are application servers, 
> and some are workstations that interface with those application servers. 
> There seems to be no real list or accounting for exactly what’s out 
> there, and so a discovery and inventory is going to be needed to get the 
> real scope.

This is important.  You need to everything the same, as much as you can.  It 
will make your life much easier in the long run.

...
> Now that the money train has slowed with the rest of the economy we are 
> having to rethink things, and deploy initiatives on an enterprise level 
> rather than 1 facility and 1 solution at a time. As it stands now on any 
> given day, I have to work with Veritas Netbackup, Veritas Backup Exec, 
> Legato, FlashNet, Webnative, Retrospect, Toast, Easy CD creator, etc. 
> Those are real backup software we have deployed and in place at 
> different locations. This is just backup software, and doesn’t account 
> for all the flavors of o/s I have to see, and the software that’s 
> running on it. NT4, 2000, .Net, Irix, Solaris, Linux, Mac os9, osX, etc. 
> This is all getting changed, and we are turning things around the right 
> way.

The software that works on Linux is available on all the other *nix platforms 
too.  You can use that to your advantage.  Writing platform independent code 
(probably shell scripts for you) is a hassle, as some vendors change the 
command line args to various tools.  ARGH!  If you can't install the same OSS 
tools everywhere, you need at least 1 tool which can be everywhere and is 
robust in options.  Obvious choices are Perl and Bash; I prefer Perl (which 
works on MS platforms too, see www.activestate.com).

...
>>> ... Currently I have been asked to take over management and
>>> procedures for all Linux workstations, and servers enterprise wide. I 
>>> am pretty excited about it. I have been asked to put together a list 
>>> of all services that should be running, things that shouldn't. Make 
>>> them all use ssh, and get rid of all the rsh, telnet, and such which 
>>> is being used at random around the company. First they have to get me 
>>> a list of whats out there and give me login information for it. It 
>>> should be exciting, and a real challenge. :) Any tips? Have a great 
>>> day, and take care.

Your list is an excellent start.  You should also consider doing portscans on 
your machines to find out what's visible and turn off everything you don't 
really need.  "nmap" is an obvious candidate, but other tools like "saint" are 
useful too.

Be sure your "system inventory" also takes in your firewall, so you know 
what's blocked and what's not.  Preferably, it should auto-block attachments 
with known vulnerabilities (.exe, .pif, .bat, ...), or change their names so 
they won't autorun.

That's a good basic start.  HTH,

Kevin

More information about the Discuss mailing list