Gallery

All tooled up

Posted on 23 May 2006 at 12:07

Simon Brock and Ian Wrigley recommend open-source alternatives for Sysadmins who need to manage systems, servers and software

ClamAV

Clam AntiVirus sits on all of the servers that handle our email. It either disinfects mail or refuses to let through any virus- or worm-infected mails. In the time we've been using it (which is at least three years now), it hasn't yet failed to detect a virus-infected email, which is good enough for us. The software is usually run as an add-on or module to your main email server, where it scans and filters emails as they arrive or are sent out. However, it can be used as a standalone program to scan your hard disk (for example, there's a port of it to Mac OS X that provides a nice, cuddly graphical user interface to the whole thing, and a couple of Windows ports are around as well).

It's true that this program isn't going to take the place of something like Norton AntiVirus on your desktop Windows machines, because even though it's good at scanning email it can't stop your users downloading infected software via the web or bringing it in from home on flash drives or CD-ROMs. But at least it closes one major security hole and doesn't cost a penny. You can configure the software to download new, updated anti-virus definitions automatically, usually using cron running on a Unix box, and it can be set up to either quarantine or automatically delete infected files.

Installation can be tricky if you're unfamiliar with exactly how your email server works, but these days more and more pre-built binaries exist that include both the mail server and ClamAV (plus SpamAssassin and other useful bits and pieces too). So it's a good idea to check to see whether a pre-built binary exists for your system before you get your hands dirty by starting to compile the thing yourself.

Knoppix emergency CD

Actually, your emergency CD doesn't have to be based on Knoppix, as there are several other Linux distributions around now that come as "live CD" distributions - in other words, these distros can be booted from, and will run from, a CD without touching your computer's hard drive at all. But certainly an emergency CD of some sort needs to be in every administrator's toolkit, and Knoppix is one of the most popular.

Whether the machine you're trying to fix is a Linux box or a Windows PC, the Knoppix CD will boot the machine and, in most cases, will mount the hard disk, thus allowing you to copy the vital files that your user "forgot" to back up. In many cases, you can also use the Knoppix CD to actually repair the hard disk, as it comes with a range of disk-manipulation tools. These will work better if your Windows hard drive has been formatted as a FAT32 partition rather than NTFS, since support for the latter in read/write mode is still considered experimental in Linux, but in practice we've been able to recover data from corrupted NTFS disks without problems in the past. The Knoppix CD has support for networking, so once booted your computer should be able to connect to remote servers, both Windows-based and FTP, and files can be easily transferred.

There's even a move afoot for people to put Linux distributions onto USB flash drives (look at www.slax.org), but we've found that support for booting from USB is still spotty at best, so we'll stick with the CD approach for now, at least.

Mozilla Firefox

Last, but definitely not least, if you're a system administrator who has to deal with users on Windows machines, install Mozilla Firefox on every one of them and then remove the shortcut to Internet Explorer. Firefox, as you probably already know, is a standards-compliant, super-quick, extremely powerful web browser that works exceptionally well as a replacement for Internet Explorer, while having far fewer security vulnerabilities. The standards-compliant bit is particularly important if you're developing an intranet for your company, as IE is just plain broken in all sorts of ways when it comes to supporting Cascading Style Sheets (CSS), while Firefox complies properly with the CSS standard and works identically on all platforms. Another plus is that its plug-in architecture has allowed people to create some truly fantastic add-ons: the Developer Tools extension, for example, is indispensable if you're a web developer.