Open Source Tools for the Systems Administrator discusses four open source tools: Cacti, OSSEC, Nmap, and RackTables. Cacti is a frontend for storing and displaying historical monitoring data visually. OSSEC is a host-based intrusion detection system that integrates log analysis, file integrity checking, and real-time alerting. Nmap is a network discovery and security auditing tool useful for tasks like network inventory and service monitoring. RackTables is an asset management solution for documenting hardware, networks, rack layouts, and generating reports.
5. ●
Ca
●
●
Cacti is a complete frontend to RRDTool, it stores all of the necessary
information to create graphs and populate them with data in a MySQL database.
The frontend is completely PHP driven. Along with being able to maintain
Graphs, Data Sources, and Round Robin Archives in a database, cacti handles
the data gathering. There is also SNMP support for those used to creating traffic
graphs with MRTG.
Ability to add templates and custom scripts
Maintain historical data and display it visually to vendors and management
Nm
nmap
Cacti
Os
Ossec
Rt
RackTables
7. ●
Os
Ossec
●
●
●
OSSEC is a scalable, multi-platform, open source Host-based Intrusion
Detection System (HIDS). It has a powerful correlation and analysis engine,
integrating log analysis, file integrity checking, Windows registry monitoring,
centralized policy enforcement, rootkit detection, real-time alerting and active
response. It runs on most operating systems, including Linux, OpenBSD,
FreeBSD, MacOS, Solaris and Windows.
Maintains logs beyond what is feasible for Windows to store
Makes searching logs from multiple servers much easier
Alerts can be setup for specific events and customized to go to individuals
responsible
10. ●
Nm
●
●
●
Nmap ("Network Mapper") is a free and open source (license) utility for
network discovery and security auditing. Many systems and network
administrators also find it useful for tasks such as network inventory, managing
service upgrade schedules, and monitoring host or service uptime. It was
designed to rapidly scan large networks, but works fine against single hosts.
Establish baselines for servers and desktops.
Find intrusions
Ensure compliance
nmap
Nmap scan report for xxx.xxx.xxx.xxx
Host is up (0.0011s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
23/tcp open telnet
Device type: router|WAP
Running: Cisco IOS 12.X
OS details: Cisco 836, 1751, 1841, or 2800 router (IOS 12.4 - 15.0), Cisco Aironet
AIR-AP1141N WAP (IOS 12.4)
11. Nm
nmap
Nmap scan report for esx01.pcsd.monroe.edu (10.120.254.61)
Host is up (0.00044s latency).
Not shown: 992 filtered ports
PORT STATE SERVICE
80/tcp open http
427/tcp open svrloc
443/tcp open https
902/tcp open iss-realsecure
5988/tcp closed unknown
5989/tcp open unknown
8000/tcp open http-alt
8100/tcp open unknown
Device type: general purpose|storage-misc|specialized
Running (JUST GUESSING) : FreeBSD 7.X|8.X|6.X|5.X|5.x (92%), VMware ESX Server
3.X|4.X (90%), Crestron 2-Series (88%), Mirapoint embedded (87%)
Aggressive OS guesses: FreeBSD 7.0-RELEASE-p1 - 8.0-CURRENT (92%), FreeNAS
0.686 (FreeBSD 6.2-RELEASE) or VMware ESXi Server 3.0 - 4.0 (90%), FreeBSD 5.2.1RELEASE (90%), FreeBSD 5.4 or 5.5 (x86) (90%), FreeNAS 0.69.2 (FreeBSD 6.3STABLE - 6.4-RELEASE) (90%), FreeBSD 7.1-RELEASE (90%), FreeBSD 8.0-BETA2 8.0-RC2 (89%), FreeBSD 7.0-CURRENT (pre-release) (89%), FreeBSD 7.0-RELEASE-p2 7.1-PRERELEASE (89%), FreeBSD 7.2-STABLE (89%)
No exact OS matches for host (test conditions non-ideal).
12. ●
●
●
Rt
RackTables
●
●
●
Racktables is a nifty and robust solution for data center and server room asset
management. It helps document hardware assets, network addresses, space in
racks, networks configuration and much much more!
Document your servers both physical and virtual
Document networks
Generate reports
Maintain visual diagrams of rack placement
Embed Cacti graphs