aglew@crhc.uiuc.edu (Andy Glew) (09/11/90)
In my experience administering systems I found that a regular set of consistency checks run by cron was most useful. Now that I'm hopefully out of the sysadmin role, I still find that regular consistency checks, etc., run by /usr/cron or omicron, are useful. Moreover, I often find myself recommending to present-day sysadmins of little experience that they write a whole slew of consistency checks. My question is: what is a fairly complete list of consistency checks, file scans, etc., that can be regularly run? Here's a short list of the top of my head; I inivite additions. Ownership Personal: it is quite easy, when working with others, if you occasionally use root, or if you use tar on System V (:-(), to create files and directories in your personal directory tree that are owned by others. It can be extremely annoying to discover these several months later, particularly if you no longer have root for some reason (like the disk has changed machine). Therefore a regularly run consistency check, scanning for unowned files, avoids problems down the line. Setuid Sysadmins, of course, should regularly scan for setuid files, looking for the most common form of security hole. Trivial, yes, and easily thwarted, but it'll catch many of the budding student hackers. Changes to system files Permissions Checksums One of the first things I do when installing a system from scratch is to save the ownerships, permissions, sizes, and checksums of standard system files. Then I effectively diff the current status of such files against the original list. After a few days one quickly discovers what files change, and what are static - in fact, this is one of the best ways I know of determining the exhaustive list of always growing log files that need to be periodically cleaned out. Thereafter the frequency of checks can be reduced. Of course, this has some security benefits - although a good hacker can certainly hide herself from this scan. But the best benefit I've found is that it detects disk errors in infrequently used system utilities (like prep, say) before you really need them. SCCS/RCS When involved in code development, I have found that listing the files checked out for editing on a daily basis is helpful. Moreover, because oftentimes files like /etc/rc are edited without version control, rcs diffing locates these unsanitary situations so that you can properly control them. I have often considered automatically checking in files that have been different, unchecked in, for a long time, but have never gotten around to it. Times There are a variety of time daemons that are supposed to synchronize clocks; however, a simple "rsh foobar date" to all systems can often detect time synch problems before all of your makes break. Recompiling Most systems eventually come to have little bits of local utility source code. Maybe even custom kernels and drivers. Source code can, of course, break while the system is updated round it. Simply recompiling all source that's online on a regular rotating basis can help catch problems early, while the memory of what has changed is still fresh. File Usage, Quotas, etc. Anyone running quotas does this already, of course. As a sysadmin, I found it useful to total up user disk space even when I wasn't running quotas - because it helped me estimate when we were going to have a disk crunch (more than a simple df) and take preventative measures. Personal: I still total up my personal disk usage, trying to avoid the ire of the sysadmin. Long Filenames Personal: I used to move regularly between System V, with 14 character filenames, and BSD. A regular scan for long filenames helped avoid problems. (I limited filenames to 12 characters because of SCCS/RCS) Even now that I'm back in BSD, I find it useful to scan for pathnames longer than 100 characters in length, because of the stupid length limitations in awk. Reaper The best known example of a regularly run program is probably the file reaper, that deletes old an unnecessary files. This isn't really a consistency check, but I'll talk about it for now. It might be worthwhile assembling a fairly complete list of things to be reapred (actual policies will vary, of course), but that's probably a whole other newstring. -- Andy Glew, a-glew@uiuc.edu [get ph nameserver from uxc.cso.uiuc.edu:net/qi]
lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall) (09/12/90)
In article <AGLEW.90Sep11103916@dwarfs.crhc.uiuc.edu> aglew@crhc.uiuc.edu (Andy Glew) writes:
:
: In my experience administering systems I found that a regular set of
: consistency checks run by cron was most useful.
: Now that I'm hopefully out of the sysadmin role, I still find that
: regular consistency checks, etc., run by /usr/cron or omicron, are
: useful. Moreover, I often find myself recommending to present-day
: sysadmins of little experience that they write a whole slew of
: consistency checks.
:
: My question is: what is a fairly complete list of consistency checks,
: file scans, etc., that can be regularly run? Here's a short list
: of the top of my head; I inivite additions.
You might check out the scan scripts that come in the eg directory of
the Perl distribution. They do some of this stuff. My own private
copies do more...
Larry Wall
lwall@jpl-devvax.jpl.nasa.gov
wnp@iiasa.AT (wolf paul) (09/12/90)
In article <9468@jpl-devvax.JPL.NASA.GOV> lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall) writes: )In article <AGLEW.90Sep11103916@dwarfs.crhc.uiuc.edu> aglew@crhc.uiuc.edu (Andy Glew) writes: ): ): In my experience administering systems I found that a regular set of ): consistency checks run by cron was most useful. ): My question is: what is a fairly complete list of consistency checks, ): file scans, etc., that can be regularly run? Here's a short list ): of the top of my head; I inivite additions. ) )You might check out the scan scripts that come in the eg directory of )the Perl distribution. They do some of this stuff. My own private )copies do more... Any chance of getting your own private copies, or at least a list of the "more" they do :-) ??? -- Wolf N. Paul, IIASA, A - 2361 Laxenburg, Austria, Europe PHONE: +43-2236-71521-465 FAX: +43-2236-71313 UUCP: uunet!iiasa.at!wnp INTERNET: wnp%iiasa.at@uunet.uu.net BITNET: tuvie!iiasa!wnp@awiuni01.BITNET * * * * Kurt Waldheim for President (of Mars, of course!) * * * *