man uaxtools
NAME
uaxtools - system management tools (overview)
DESCRIPTION
The uaxtools are system management scripts which evolved at the University of
Alaska, Arctic Region Supercomputing Center (ARSC) over two decades of managing a
variety of UNIX and Linux systems and clusters including IRIX, Solaris, AIX, Uni-
cos, RHEL, SLES, Cray XT, Scyld/Beowulf, and xCAT.
The tools support managing complex production systems using simple principles:
Understanding what you have (baseline system)
Knowing when something changes (problem identification)
Managing changes
The concept at ARSC was to use common tools on all platforms so system administra-
tors could back-fill support for any system. These tools are scripts with cus-
tomization options since site practices can vary significantly. The etc/*, sbin/*,
and bin/*_os files are all distributed noreplace within the rpm.
TOOLS
push
Push commands, files, and configuration files to systems.
This tool uses etc/machines.linux (and potentially other machines.* files)
as the registry of hosts and /var/local/LinuxFiles directory for maintaining
configuration files for a platform.
upd_LinuxFiles
Update configuration files registry, LinuxFiles/List.txt and Linux-
Files/Long.txt built from LinuxFiles backout directories.
chk_sanity
Validate mode, ownership, and sum of configuration files.
cmp_sanity
Compare configuration files with reqistry.
get_state
Collect state information of node(s) using sbin/gs_* scripts and the
etc/gs.base and etc/gs.host configuration files.
chk_state
Check state informaiton of node(s) in /var/local/state.
chk_local_dirs
Validate directory mode and ownership with etc/local.dirs reqistry.
lsof_ports
Check open ports against etc/lsof_ps.filter registry.
process-setuid
Analyze [sg]uid,acl,o+w files on a asystem using etc/sguid.list registry.
permchk
Execute process-setuid on a platform of systems using push or *dsh (if
installed and configured).
subject
Generate standard format mail subject.
EXAMPLES: sudoers
UA/ARSC uses less privileged ids for system administration and cron monitoring.
This can be accomplished with sudoers definitions such as:
User_Alias SYSADM = kcarlson
User_alias SYSMON = sysmon
# General 'passive' (no password required) commands:
Cmnd_Alias NOPASSCMDS= \
/usr/bin/at -l*, \
/usr/bin/crontab -l*, \
/bin/cat, \
/usr/bin/diff, \
/usr/bin/du, \
/bin/egrep, \
/usr/bin/file, \
/bin/grep, \
/usr/bin/head, \
/bin/ls, \
/usr/bin/sdiff, \
/usr/bin/sum, \
/usr/bin/tail, \
/usr/bin/yum list up?*, \
/sbin/ethtool eth[0-9], \
/sbin/fdisk -l, \
/sbin/sfdisk -d, \
/sbin/iptables --list*, \
/sbin/ip6tables --list*, \
/usr/bin/lsscsi, \
/usr/sbin/dmidecode, \
/usr/sbin/exportfs -v, \
/usr/sbin/iptables --list*, \
/usr/sbin/ip6tables --list*, \
/usr/local/bin/uals
# passive sysmon comands
Cmnd_Alias SYSMONCMDS= \
/usr/sbin/lsof, \
/usr/sbin/nfsstat -z, \
/bin/netstat, \
/bin/dd if=/dev/sda of=mbr.0 bs=512 count=1, \
/bin/tar c*, \
/sbin/lspci, \
/sbin/modprobe ipmi_devintf, \
/usr/bin/ipmitool, \
/sbin/sysctl -[aA]
# User privilege specification
SYSADM ALL= (ALL) PASSWD: ALL, \
NOPASSWD: NOPASSCMDS, SYSMONCMDS
SYSMON ALL= NOPASSWD: NOPASSCMDS, SYSMONCMDS
ACKNOWLEDGEMENTS
Written at the University of Alaska. Ongoing maintenance via SourceForge by Denali
Sun Consulting.
Suggestions or bug reports can be directed to denalisun907@gmail.com.
RELATED INFORMATION
See:
push(8), upd_LinuxFiles(8), chk_sanity(8), cmp_sanity(8), get_state(8),
chk_state(8), chk_local_dirs(8), lsof_ports(8), process-setuid(8), permchk(8), sub-
ject(8), ckbko(1), mkbko(1), uals(1).
These man pages were hastily written. The uaxtools distribution also includes more
detailed html and wiki documentation from ARSC implementation of these tools.