[clug] old-school remote sys configuration/management options

Kathy Reid kathy at kathyreid.id.au
Thu May 7 04:41:43 UTC 2020


This will sound like an MBA-esque question, but:

What is your organisation's _strategy_ in this area?

In large organisations, different departments will use different 
monitoring tools, some licensed, some free, and the yield of these won't 
be optimised (buzzword, drink!). Bob has laid out some very clear 
requirements for his department, but are these the same requirements for 
other departments? If there's an organisation-wide strategy then 
scripts, tools, reports (hey, I like colours!) can be re-used - and 
development effort that is invested in one area has greater impact.

Are there organisational monitoring strategies that people know of that 
could be helpful here?

Best, Kathy

On 7/05/2020 13:01, Bob Edwards via linux wrote:
> Back in the day, one would do all their remote system configuration
> management using SSH, bash and package management. Throw in some
> rsyslogd for remote logging and life was quite simple.
>
> These days, the preference for config management seems to be one of
> the various Ansible, Chef, Puppet, SaltStack etc. and then add in
> tools like munin, nagios, graylog etc (and/or their successors) and
> there is a whole raft of client side software to be installed,
> maintained, monitored and managed (in terms of load on the system),
> plus all the server side as well.
>
> With the recent SaltStack vulnerabilities [1], I have been reassessing
> the landscape. (we started using SaltStack some years ago, mainly due
> to it's integration with Git, at the time).
>
> At the risk of starting a preferred configuration management system war,
> I am now seriously considering just chucking all that and going back to
> bash scripts running over SSH - simple and well understood. Only need
> to have one port open (maybe two), instead of many ports for all the
> various monitoring and config. management etc.
>
> Wondering if anyone else has considered this and if anyone can suggest/
> recommend any existing frameworks or similar? I am looking for something
> that can do some/all of:
> - installation/upgrades
> - configuration
> - asset details (eg. serial no.s, RAM, CPU etc.)
> - monitoring (S.M.A.R.T., du, load etc.)
> - vulnerability checks
> - some sort of reporting (I don't need fancy colour graphs - I don't
>    have an MBA)
> - backups
>
> I already have scripts left over from years ago that can do much of
> this, but would be interested in using a framework if such exists
> (my Googling just turns up how to configure SSH etc.). Mainly targeting
> Debian and Ubuntu, with some CentOS and occasionally others thrown in.
>
> cheers,
> Bob Edwards.
>
> [1]
> - 
> https://www.helpnetsecurity.com/2020/05/04/saltstack-salt-vulnerabilities/
> - 
> https://www.csoonline.com/article/3541721/cloud-servers-hacked-via-critical-saltstack-vulnerabilities.html
> - https://www.cbronline.com/news/salt-bug
> - 
> https://www.computerweekly.com/news/252482461/Critical-SaltStack-vulnerability-affects-thousands-of-datacentres
>



More information about the linux mailing list