ADMIN SPONSORED BY Network & Security Terrific Tools 10 FOR THE BUSY ADMIN 2020 EDITION Find a free tool to help you • Generate memorable passwords • Discover rootkits on your system • Find bandwidth hogs • And much more! Bonus articles • Getting Insights with eBPF • Hidden CLI Tools www.admin-magazine.com US$ 7.95 Welcome 10 TERRIFIC TOOLS – 2020 ADMIN Network & Security Terrific Tools 10 FOR THE BUSY ADMIN 2020 EDITION ADMIN Special Dear Readers: Editor in Chief – Joe Casad The Linux environment includes specific needs. We’re proud to Managing Editor – Lori White thousands of small but powerful share our latest collection of gems Copy Editors – Amy Pettle, Megan Phelps tools designed to address very for the sys admin toolkit. Layout / Graphic Design – Dena Friesen, Lori White Advertising Table of Contents Brian Osborn, [email protected] phone +49 89 3090 5128 Log2Ram . 4 urlwatch. 10 Publisher – Brian Osborn Write syslog data to a RAM disk. Get news from websites by Customer Service / Subscription 1 6 For USA and Canada: detecting HTML changes. Email: [email protected] Phone: 1-866-247-2802 NetHogs. 5 xkcdpass. .11 (toll-free from the US and Canada) Find the processes that are Generate easy-to-remember www.admin-magazine.com 2 7 hogging bandwidth. passwords. While every care has been taken in the content of the magazine, the publishers cannot be held responsible for the accuracy of the information darkstat . 6 TigerVNC . 13 contained within it or any consequences arising from the use of it. 3 A tiny tool that monitors without 8 Easy and free VNC client. Copyright & Trademarks © 2020 Linux New Media noticeable system load. USA, LLC Cover Illustration © Corina Rosu, 123RF.com No material may be reproduced in any form rkhunter. 7 EncFS. 14 whatsoever in whole or in part without the written 4 Root out rootkits hidden on your 9 This file encryption tool is easy permission of the publishers. It is assumed that all system. to customize. correspondence sent, for example, letters, email, faxes, photographs, articles, drawings, are supplied for publication or license to third parties LFT. 9 Dialog . 16 on a non-exclusive worldwide basis by Linux New Firewalls and wireless routers won’t Create dialog boxes with Media unless otherwise stated in writing. 5 10 All brand or product names are trademarks of their stop this traceroute alternative. checkboxes and progress bars. respective owners. Contact us if we haven’t credited your copyright; we will always correct any oversight. Printed in Nuremberg, Germany by hofmann info- As.a.special.bonus,.we’re.also.including.two.more.articles.. com GmbH on recycled paper from 100% post-con- on.other.great.tools.for.the.admin.toolkit: sumer waste; no chlorine bleach is used in the pro- duction process. Getting.Insights.with.eBPF . 18 Distributed by Seymour Distribution Ltd, United Kingdom Use this in-kernel virtual machine to identify resource bottlenecks. ADMIN is published by Linux New Media USA, LLC, 2721 W 6th St, Ste D, Lawrence, KS 66049, USA. Hidden.CLI.Tools.. 22 Published in Europe by: Sparkhaus Media GmbH, Take a tour of some useful yet unsung command-line utilities, including timelimit, Zieblandstr. 1, 80799 Munich, Germany timeout, pv, bar, pipemeter, dd, cpipe, and progress. WWW.ADMIN-MAGAZINE.COM 10 TERRIFIC TOOLS FOR THE BUSY ADMIN: 2020 EDITION – SPONSORED BY FOSSLIFE 3 10 TERRIFIC TOOLS – 2020 Xxx Log2Ram Just for the Record 1 Write syslog data to a RAM disk with Log2Ram. By Charly Kühnast From time to time, I use nmap ‑sP data. Once an hour, the collected rather inject my Log2Ram data 10.0.0.1‑254 to check how many data is written to disk. into a web page, just in case I feel IP devices are online in my home the urge to inspect the files while network. There are now more Need to Talk I’m on the road. A small tool by than 50, half of them Raspberry the name of frontail [2] helps Pis. The need for a central syslog I installed Log2Ram by running me do exactly this. It is based on server is slowly growing. An old the following command line on Node.js, so you need to install the miniature PC with an Intel Atom, the log server: npm installer. You then install fron‑ which I retrofitted with an SSD, is tail and launch it like this: the designated candidate for this git clone https://github.com/azlux/log2ram permanent task. The syslog server npm i frontail ‑g comes courtesy of the standard I then changed to the directory frontail /var/log/syslog rsyslogd. In its configuration file created in the last step and exe- (/etc/rsyslog.conf), the following cuted the install.sh script. At first This starts a small web server on lines ensure that the server can re- the installation failed because the port 9001. Now, when I open the ceive syslog data from other hosts Mailutils package was missing, page in a web browser, I’m wel- via UDP and TCP: and Log2Ram insists on the abil- comed by the syslog (Figure 1). ity to mail to the admin in case of With just a little manual interven- $ModLoad imudp problems. tion, I can enjoy the view and $UDPServerRun 514 Also the size of the RAM disk, an SSD that should survive for a $ModLoad imtcp 40MB by default, was too small couple of years. n $InputTCPServerRun 514 for my setup, but I was able to adapt this setting with a manual On other machines, I add an entry edit of the configuration file. Info of *.* @10.0.0.254 to rsyslog.conf Now I just have one more wish: [1] Log2Ram: so that they all send their log data I don’t want to be restricted to [https://​­github.​­com/​­azlux/​­log2ram] to the server on 10.0.0.254. viewing the logs with tail ‑f on [2] frontail: [https://​­github.​­com/​­mthenw/ However, the incoming syslog the log server console. I would frontail/​­blob/​­master/​­README.​­md] messages generate huge numbers of writes, and I’m worried about the SSD service life. Enter Log2Ram [1] stage left. Lo- g2Ram creates a RAM disk on /var/log, to which the central rsys- logd writes all the incoming Figure 1: frontail opens a viewing window into the log bucket. 4 10 TERRIFIC TOOLS FOR THE BUSY ADMIN: 2020 EDITION – SPONSORED BY FOSSLIFE WWW.ADMIN-MAGAZINE.COM NetHogs 10 TERRIFIC TOOLS – 2020 Everything Must Go Every sys admin has a few favorite tools that they always carry with them, if only because they do not want to be without these often overlooked treasures. The gems 2 dangling from Charly’s key ring include Dstat, NetHogs, and nload. By Charly Kühnast Dstat [1] is a useful tool for get- pears (Figure 2). I use the R and # nload ‑t 1000 ‑o 10000 ting details about the installed S keys to tell Dstat to sort this list hardware (especially RAM) in by incoming and outgoing traffic The ‑t 1000 parameter specifies Linux. My secret weapon for de- respectively. NetHogs also has a the update interval in milliseconds termining which processes are nice graphical add-on called Hog- (default: 500ms). ‑o 10000 tells the grabbing the most resources looks Watch [3] that visualizes the data, tool to cap the graph at 10Mbps, like this: although HogWatch is no longer because nload scales it to the in- actively maintained. terface’s maximum speed. n # dstat ‑cdn ‑D sda ‑N U enp2s0 ‑C total ‑‑top‑cpu U nload Info ‑‑top‑io ‑‑top‑mem ‑f 5 [1] Dstat: If you are looking for an alterna- [https://​­github.​­com/​­dagwieers/​­dstat] Every second, this command tive that draws a meaningful net [2] NetHogs: displays which processes are gen- load curve from the command [https://​­github.​­com/​­raboof/​­nethogs] erating the highest CPU, memory, line, nload [4] will do the job. [3] HogWatch: [https://​­github.​­com/ and I/ O load (Figure 1). This com- The following command draws akshayKMR/​­hogwatch] mand has saved me from working the current net load level with [4] nload: [https://​­github.​­com/ late dozens of times. cursors on the console: rolandriegel/​­nload] Figure 1: Dstat frequently saves Charly from working late. Unfortunately, Dstat does not show you which process is gener- ating the most network traffic at the moment. NetHogs [2] fills this gap. On machines with multiple interfaces, it only needs the name of the desired network interface as a parameter. If not specified, Net- Hogs grabs the first interface that is not called localhost. A list of all processes that send or receive network packets ap- Figure 2: NetHogs adds the traffic information that Dstat lacks. WWW.ADMIN-MAGAZINE.COM 10 TERRIFIC TOOLS FOR THE BUSY ADMIN: 2020 EDITION – SPONSORED BY FOSSLIFE 5 10 TERRIFIC TOOLS – 2020 Xxx darkstat Light Touch Thanks to its minimal footprint, the 20-year-old darkstat monitoring tool hardly generates 3 any noticeable load even on low-powered systems. By Charly Kühnast Next to our kitchen, there is a figuration file is voluntary; I could tab (Figure 2). This is where dark- small utility room. I don’t think ignore it and simply start darkstat stat lists the devices in a table; you its floorspace is even two square at the command line. can sort by the column headers. meters. In addition to the usual The only mandatory parameter is This is how I found out, for exam- building services, such as a fuse ‑i <interface>. The darkstat ‑‑help ple, that music streaming is very box, there are two firewalls, a web command lists all the other param- popular today.