[clug] old-school remote sys configuration/management options

Bob Edwards bob at cs.anu.edu.au
Thu May 7 03:01:36 UTC 2020 

Back in the day, one would do all their remote system configuration
management using SSH, bash and package management. Throw in some
rsyslogd for remote logging and life was quite simple.

These days, the preference for config management seems to be one of
the various Ansible, Chef, Puppet, SaltStack etc. and then add in
tools like munin, nagios, graylog etc (and/or their successors) and
there is a whole raft of client side software to be installed,
maintained, monitored and managed (in terms of load on the system),
plus all the server side as well.

With the recent SaltStack vulnerabilities [1], I have been reassessing
the landscape. (we started using SaltStack some years ago, mainly due
to it's integration with Git, at the time).

At the risk of starting a preferred configuration management system war,
I am now seriously considering just chucking all that and going back to
bash scripts running over SSH - simple and well understood. Only need
to have one port open (maybe two), instead of many ports for all the
various monitoring and config. management etc.

Wondering if anyone else has considered this and if anyone can suggest/
recommend any existing frameworks or similar? I am looking for something
that can do some/all of:
- installation/upgrades
- configuration
- asset details (eg. serial no.s, RAM, CPU etc.)
- monitoring (S.M.A.R.T., du, load etc.)
- vulnerability checks
- some sort of reporting (I don't need fancy colour graphs - I don't
    have an MBA)
- backups

I already have scripts left over from years ago that can do much of
this, but would be interested in using a framework if such exists
(my Googling just turns up how to configure SSH etc.). Mainly targeting
Debian and Ubuntu, with some CentOS and occasionally others thrown in.

cheers,
Bob Edwards.

[1]
- https://www.helpnetsecurity.com/2020/05/04/saltstack-salt-vulnerabilities/
- 
https://www.csoonline.com/article/3541721/cloud-servers-hacked-via-critical-saltstack-vulnerabilities.html
- https://www.cbronline.com/news/salt-bug
- 
https://www.computerweekly.com/news/252482461/Critical-SaltStack-vulnerability-affects-thousands-of-datacentres

More information about the linux mailing list