# The FreeBSD SysAdmin's Favorite Tools



## APseudoUtopia (Nov 17, 2008)

Hey everyone,

I've been using FreeBSD for about 2 years now, and I've loved every minute of it. I've been discovering new programs/tools almost every week that do something that just make me think "damn, that was cool!"

I was thinking it would be helpful to newcomers, as well as users like myself, and even maybe experienced gurus, to make up a list of awesome sysadmin software. Such as sysutils like portupgrade, lsof, mtr, and other software like cacti, whatmask, cmdwatch, and daemontools.

So, what's your favorite FreeBSD sysadmin tool? Please include a quick description of it.


----------



## brd@ (Nov 17, 2008)

Hmm.. lets see..

Nagios - Monitor your network to make sure the services and hosts are up.
Samhain - File integrity monitor.
Portaudit - Check your install ports against a database of vulnerable ports.
Screen - Terminal multiplexer.

Thats all I can think of right now..


----------



## jonathan (Nov 17, 2008)

ive done nagios, but ive just recently discovered zabbix at my new job.  it has both a server and client, and can tell you just about everything you never wanted to know about windows, *.nix, and practically any host you want to monitor.


----------



## ken (Nov 17, 2008)

Too many to list but one in particular worthy of mention is portmaster.  I used portupgrade for years, and it was a godsend in it's day, but for last couple have replaced with Doug Barton's excellent portmaster 

/bin/sh based so no need for additional packages such as Ruby, db4, etc.  Also much, much faster.


----------



## bsddaemon (Nov 17, 2008)

My pick would be SSH, tcpdump, sed, awk and shell script. Cant leave home without them


----------



## hedwards (Nov 17, 2008)

I think that portmaster, awk, sed, grep, screen and bacula are pretty much must haves in most cases. The time it takes to learn sed, awk and grep properly is time well spent. Even learning to use them a little bit can save a huge amount of time and effort.

With ZFS, I may give up on bacula and just dump the snapshots to a separate storage system for back ups. But I'm not sure how I'd be able to give up the database portion.


----------



## gldisater (Nov 17, 2008)

bsddaemon said:
			
		

> My pick would be SSH, tcpdump, sed, awk and shell script. Cant leave home without them



cd can't leave $HOME without it.


Sorry, couldn't resist.


----------



## kmf (Nov 17, 2008)

Hi APseudoUtopia,
A day rarely passes without me using sed / awk.

Never under estimate the power of a editor ... (vi) 

We are busy testing, OCS Inventory + GLPI, so that we can keep track of all our assets and systems.

Karl


----------



## snes-addict (Nov 17, 2008)

Let's see...

Although I'm an Emacs fan, I _always_ use *vi* for editing system configs and short memos.

I've been using *ftp* quite a bit recently, also.

I have always loved the ports tools (portupgrade, portsnap, etc.).

The *lynx* or *links* browsers are also awesome on systems without X11, and are especially a must on those systems when something goes wrong and advice from others is needed.

On systems where keeping track of file modifications is important, *rcs*, *cvs*, and *Subversion* are the way to go.​

Aw, heck, the entire base system is the best administrative tool!  FreeBSD is just that good.


----------



## ken (Nov 17, 2008)

hedwards said:
			
		

> I think that portmaster, awk, sed, grep, screen and bacula are pretty much must haves in most cases. The time it takes to learn sed, awk and grep properly is time well spent. Even learning to use them a little bit can save a huge amount of time and effort.
> 
> With ZFS, I may give up on bacula and just dump the snapshots to a separate storage system for back ups. But I'm not sure how I'd be able to give up the database portion.



Ditto. Although you can use Bacula with ZFS, you loose the NFS ACL  bits.  Tis' a shame really, because otherwise Bacula just rocks!  Perhaps once ZFS sees critical mass with the penguinistas we'll see that change.


----------



## anomie (Nov 17, 2008)

Favorite network troubleshooting tools: 

 nmap - tcp/udp port scanner, lots of features (see the av)
 tcpdump - packet analyzer 
 arpwatch - passive ethernet sniffer, keeps MAC / IP address db


----------



## locnar (Nov 17, 2008)

*dvtm*

I agree with all those that have been listed so far, but I have to add one.  dvtm (in the ports) is a great little command line terminal manager.  It has two great features:  One, it doesn't react poorly with screen, so you can call it from with in a screen session and just keep working as screen lets you and as dvtm lets you.  Two, having a file and another file right next to each other for comparing in two or more windows with only one terminal saves loads of setup time for my work day.


----------



## Snelius (Nov 17, 2008)

bash & perl


----------



## nabsta (Nov 17, 2008)

jonathan said:
			
		

> ive done nagios, but ive just recently discovered zabbix at my new job.  it has both a server and client, and can tell you just about everything you never wanted to know about windows, *.nix, and practically any host you want to monitor.



So could you tell us more about how Zabbix could be installed on freebsd, some hints would be great for all


----------



## vermaden (Nov 17, 2008)

Besides tools that are already mentioned I would add these:
*vi | sh -x | (g)shred | when | lsof | sockstat | top -P | top -b -ores | rsync | scp | urxvt -pe tabbed | lftp | luit | zsh | mtr | arping | pbzip2 | vim -d*



			
				locnar said:
			
		

> Two, having a file and another file right next to each other for comparing in two or more windows with only one terminal saves loads of setup time for my work day.


Have you tried: *vim -d files_to_compare.**


----------



## bsddaemon (Nov 17, 2008)

vermaden said:
			
		

> Besides tools that are already mentioned I would add these:
> *vi | sh -x | (g)shred | when | lsof | sockstat | top -P | top -b -ores | rsync | scp | urxvt -pe tabbed | lftp | luit | zsh | mtr | arping | pbzip2 | vim -d*



They are indeed good ultilities, but they are more like every day,  general tools, rather than administrative tools


----------



## vermaden (Nov 17, 2008)

bsddaemon said:
			
		

> They are indeed good ultilities, but they are more like every day,  general tools, rather than administrative tools



[font="Courier New"]vi       --> edit config files
sh -x    --> debug scripts
lsof     --> check "blocked" files
sockstat --> check "blocked" files
top      --> no comment
rsync    --> remote backup
scp      --> can be used for remote backup or temporary file ransfers
mtr      --> network troubleshooting
arping   --> network troubleshooting
vim -d   --> compare config files[/font]

Isn't THAT administration?


----------



## Geoff (Nov 17, 2008)

rsync has saved my bacon on numerous occasions, also love daemontools, ucspi-tcp and netcat


----------



## Daemony (Nov 17, 2008)

*screen screen screen*

the first and the best tool for me!
portupgrade - has the second place here.


----------



## bsddaemon (Nov 17, 2008)

Geoff said:
			
		

> rsync has saved my bacon on numerous occasions, also love daemontools, ucspi-tcp and netcat



I heard R1Soft has better file archive algorithm comparing to rsync, pity it is not free, in fact it is damn pricey. It is mostly for commercial, business, mission critical use.

But indeed rsync is one of the excellent application out there, I wish it came with FreeBSD out of the box.

Back in the day I was writing a port scanning shell script (just for fun actually, and because nmap is kinda noisy). My script is telnet based, but I realised telnet doesnt support UDP, then I found *netcat* (aka. nc). But netcat was not better, actually it was more than useless. It reported every UDP port open???



> %nc -vzu google.com 3000-3005
> 
> Connection to google.com 3000 port [udp/*] succeeded!
> Connection to google.com 3001 port [udp/*] succeeded!
> ...



I must be missing smt here?


----------



## cnr (Nov 17, 2008)

[font="Trebuchet MS"]my basic and favorite tools;
vim, top, rsync, portaudit, portsnap, freebsd-update, tcpdump and pftop [/font]


----------



## locnar (Nov 17, 2008)

vermaden said:
			
		

> Besides tools that are already mentioned I would add these:
> *vi | sh -x | (g)shred | when | lsof | sockstat | top -P | top -b -ores | rsync | scp | urxvt -pe tabbed | lftp | luit | zsh | mtr | arping | pbzip2 | vim -d*
> 
> 
> Have you tried: *vim -d files_to_compare.**



Yes, Yes I have.  dvtm allows for a bit more flexability and it is repeatable for my co-workers who see me doing neat things, but can't stand vim.  dvtm is just a window manager in ncurses.  I can tail a maillog, be running top, and have the config file open in one terminal.  I guess I used a silly example for why it is a great tool to have on your system.


----------



## vermaden (Nov 17, 2008)

locnar said:
			
		

> Yes, Yes I have.  dvtm allows for a bit more flexability and it is repeatable for my co-workers who see me doing neat things, but can't stand vim.  dvtm is just a window manager in ncurses.  I can tail a maillog, be running top, and have the config file open in one terminal.  I guess I used a silly example for why it is a great tool to have on your system.



Thanks for explanation.

I have heard about it some time ago (dvtm) but did not had time to check it, but I definitely will in some closer time.


----------



## oliverh (Nov 17, 2008)

Without screen I would be sometimes lost ;-) Vi is such an essential tool too, rsync and of course more or less some of the above mentioned tools.


----------



## thortos (Nov 17, 2008)

bsddaemon said:
			
		

> telnet doesnt support UDP, then I found *netcat* (aka. nc). But netcat was not better, actually it was more than useless. It reported every UDP port open???
> 
> I must be missing smt here?



Yes you are. UDP is connectionless It throws the packets by the way of the destination and doesn't care about them once they're gone. This is why you can't telnet via UDP (you can't connect with a connectionless protocol), and this is also why the output of nc is correct - it could perfectly send out the packets, which is all it cares about.

I agree that using the word "connection" in the nc output is confusing in this use case, but maybe the authors of nc assumed that people using it know what they're doing.

Maybe you want to do some basic reading on IP networking, it's an interesting thing to get into. Also, I hope you're not responsible for any network security. :e


----------



## oversize (Nov 17, 2008)

hm, those are all Linux Unix tools in general.

Dont know whether the Author wanted to only have FreeBSD Tools listed. But as i read through all the posts i thought to mysqlf which are realy FreeBSD unique? Are there any?

And to name a tool, as everybody did, i recently discoverd ossec for systemmonitoring very handy. 

cheers


----------



## toomanysecrets (Nov 17, 2008)

My favourite tools...

vi/vim
screen
vmstat
systat
iostat
lsof
sockstat/netstat
netcat
sh/csh/tcsh/bash
perl
links/elinks/lynx
less
grep
awk

And... ok ok, stop right away...


----------



## foldingstock (Nov 17, 2008)

Tmux is a terminal emulator, much like screen, released under the *BSD license. It operates differently then screen and is lighter on system resources.


----------



## pirzyk (Nov 17, 2008)

oversize said:
			
		

> hm, those are all Linux Unix tools in general.
> 
> Dont know whether the Author wanted to only have FreeBSD Tools listed. But as i read through all the posts i thought to mysqlf which are realy FreeBSD unique? Are there any?
> 
> ...



One 'tool' that is not common on other versions of UNIX that I am familiar with is 'stty status'.  I hear it does exist in VMS.  I have used it quite a bit to figure out where a program may be 'hanging'.  Usually it returns '[ttyin]' which causes a response of doh!


----------



## hark (Nov 17, 2008)

sysutils/ezjail

It is dreamy.


----------



## timmix (Nov 17, 2008)

nabsta said:
			
		

> So could you tell us more about how Zabbix could be installed on freebsd, some hints would be great for all



Ehm, just type: "cd /usr/ports/net-mgmt/zabbix/ && make install clean" at your favorite commandprompt.

-- 
Timm


----------



## estrabd (Nov 17, 2008)

brd@ said:
			
		

> Hmm.. lets see..
> 
> Nagios - Monitor your network to make sure the services and hosts are up.
> Samhain - File integrity monitor.
> ...



screen++


----------



## danger@ (Nov 18, 2008)

hey guys, you don't watch your logs? 

tail -f *.log


----------



## Gabe_G23 (Nov 18, 2008)

ken said:
			
		

> Too many to list but one in particular worthy of mention is portmaster.  I used portupgrade for years, and it was a godsend in it's day, but for last couple have replaced with Doug Barton's excellent portmaster



Mmmh, I must say that I agree!


----------



## horus (Nov 18, 2008)

what about ee(1)???


----------



## brd@ (Nov 18, 2008)

danger@ said:
			
		

> hey guys, you don't watch your logs?
> 
> tail -f *.log


In 7.0+ try:

```
tail -F /path/to/logfile1 /path/to/logfile2
```
It makes the built in tail(1) behave like xtail, and display multiple log files at once.


----------



## bsddaemon (Nov 18, 2008)

brd@ said:
			
		

> In 7.0+ try:
> 
> ```
> tail -F /path/to/logfile1 /path/to/logfile2
> ...



It works with older version, too, at least with 6.4


----------



## Anapivirtua (Nov 18, 2008)

brd@ said:
			
		

> In 7.0+ try:
> 
> ```
> tail -F /path/to/logfile1 /path/to/logfile2
> ...



Awesome !!!


----------



## braveduck (Nov 18, 2008)

> It makes the built in tail(1) behave like xtail, and display multiple log files at once.
> It works with older version, too, at least with 6.4



Yep, it doesn't work with 4.*, but it works with 5.4+, so I guess it works with 5.0+. Nice thing to have.


----------



## Vladimir (Nov 18, 2008)

I love command "*watch*". Who uses *watch*?



			
				horus said:
			
		

> what about ee(1)???


It's terrible, please don't use it.


----------



## oliverh (Nov 18, 2008)

ee is a nice editor (like pico/nano/joe ...) for the beginner, most beginners blow up their systems while using vi the first time.


----------



## jb_fvwm2 (Nov 18, 2008)

popd
....................
started using it less than a year ago.  That
means 3 or so years less efficient at the shell.
....................


----------



## Vladimir (Nov 18, 2008)

oliverh said:
			
		

> ee is a nice editor (like pico/nano/joe ...) for the beginner, most beginners blow up their systems while using vi the first time.


It's habit-forming editors.


----------



## vermaden (Nov 18, 2008)

oliverh said:
			
		

> ee is a nice editor (like pico/nano/joe ...) for the beginner, most beginners blow up their systems while using vi the first time.



... or generate great random strings trying to exit


----------



## oliverh (Nov 18, 2008)

Vladimir said:
			
		

> It's habit-forming editors.



No it's open source, you have the choice ;-) If someone really needs vi or vim or emacs, then he will use it - so it's not the habit, it's the application. And speaking of 'bad habits' ;-)

http://web.cecs.pdx.edu/~kirkenda/joy84.html



> I got tired of people complaining that it was too hard to use UNIX because the editor was too complicated. Since I sort of invented the editor that was most complicated, I thought I would compensate by also designing the editor that was most simple. But I got distracted. If I had just spent another day on it... I could actually edit a file on it. I actually used it to edit itself and scrunched the source code - sort of old home day, because we used to do that all the time.
> 
> I had threatened to remove all the copies of vi on January 1 of this year and force people to use be. I don't think it would have worked, though, because I don't know any of the root passwords here anymore. These editors tend to last too long - almost a decade for vi now. Ideas aren't advancing very quickly, are they?



--Bill Joy


----------



## jonathan (Nov 18, 2008)

nabsta said:
			
		

> So could you tell us more about how Zabbix could be installed on freebsd, some hints would be great for all



its in the ports.  think of it as a cross between cacti and nagios, but then it took some steriods after.

as far as hints, i have none yet.  i built it once, but then didnt have time to configure it out.  but when i redo my network at home, ill be going with zabbix for my monitoring needs.


----------



## Alt (Nov 18, 2008)

As a sysadmin, my most favorite tools is
sockstat, systat, grep, perl, and ofc PING =)


----------



## oversize (Nov 18, 2008)

to you guys looking at your logs with tail: Yo dont do that _all_ the day, do you? 

I'm not a marketer ( ... and said it before), you should try ossec. Its not as huge as Nagios feels (i never realy used nagios). 
The rules are so cool, _if_ you know regex (which is one of my weaknesses x( ). The Install went through in about 5 minutes and now, if something suspicious happens, i get an email right away.

Of course you get a ton of false positives in the first place. e.g. sshd scans, service monitors, general server warnings, but if you figured your way through customizing the rules, it is a breeze.

cheers


----------



## joel@ (Nov 18, 2008)

oliverh said:
			
		

> ee is a nice editor (like pico/nano/joe ...) for the beginner


I use ee all the time.


----------



## billysponch (Nov 18, 2008)

joel@ said:
			
		

> I use ee all the time.



which just goes to show that


----------



## aaron (Nov 19, 2008)

sed, awk, du, lsof, wc, hping, grep


----------



## robertclemens (Nov 19, 2008)

The vi cronies are out in full force!

We get it. Vi is a good editor. Use it
if you like it. I use it for plenty of
tasks.

No reason to attribute vi with superior
administration. That is hardly the case.


----------



## kamikaze (Nov 20, 2008)

I use pkg_libchk and pkg_validate from sysutils/bsdadminscripts a lot. I made pkg_validate to check the consistency of the system after a crash and pkg_libchk for the transition from 6.x to 7.x. It spared me the build of several hundred ports and now it helps me find problems resulting from a port upgrade and fix them before they cause trouble.


----------



## cpeterson (Nov 23, 2008)

hark said:
			
		

> sysutils/ezjail
> 
> It is dreamy.



++

It should really be renamed to awesomejail considering how insanely secure it makes jails it creates.


----------



## UNIXgod (Nov 24, 2008)

shells/zsh


----------



## marius (Nov 24, 2008)

last


----------



## Business_Woman (Nov 26, 2008)

joel@ said:
			
		

> I use ee all the time.


Simple and effective


----------



## tanked (Nov 26, 2008)

Business_Woman said:
			
		

> Simple and effective



Agreed, for simple changes to system config files I can't really think of a reason to use anything else.


----------



## Eponasoft (Nov 27, 2008)

Since I don't use FreeBSD as a network tool but rather as a desktop OS, I'd have to say my favorite FreeBSD-specific tool is...sysinstall!  Other than that, I'd be completely lost without gcc...writing machine code just isn't my idea of a fun time.  And, since I always use X, nedit and kwrite are my code editors...I can't stand vi, never could...sorry vi folks.  pkg_add, firefox, and kvirc round out my list of essential tools...yeah, IRC is essential dangit!


----------



## Mel_Flynn (Nov 27, 2008)

Eponasoft said:
			
		

> and kvirc round out my list of essential tools...yeah, IRC is essential dangit!



:O Konversation!

Administratively, sysutils/pstree, top, tail, sysutils/pftop, net- and sockstat for diagnostics, sysctl(8)+prayer to up that resource that's just been eaten and the rest is icing on the cake.


----------



## artificer (Nov 30, 2008)

I recently appreciated recoverdisk(1), it's invaluable in many situations. Not many people seem to know it, as it's new (First appeared in 7.0).


----------



## bsddaemon (Nov 30, 2008)

artificer said:
			
		

> I recently appreciated recoverdisk(1), it's invaluable in many situations. Not many people seem to know it, as it's new (First appeared in 7.0).



Sounds like useful/life saving tool. I dont have any damaged data here, so I cant test the tool, how well does it perform for you?


----------



## artificer (Dec 1, 2008)

bsddaemon said:
			
		

> Sounds like useful/life saving tool. I dont have any damaged data here, so I cant test the tool, how well does it perform for you?



Very well, I've saved a lot of data from some defective cd-roms. I haven't tested it on a hard disk though.


----------



## hedwards (Dec 1, 2008)

Business_Woman said:
			
		

> Simple and effective


I must admit that ee both confuses and enrages me. Perhaps I'm odd, but vi is a lot easier to use once you get the hang of the very basics. Really, i a dw cw dd and o are enough to get quite far. And while it is extremely powerful/complex, one doesn't have to learn all of the features at once.

Case in point, I only recently realized that :$ would take me directly to the last line of any file, no matter how large it is.


			
				robertclemens said:
			
		

> No reason to attribute vi with superior
> administration. That is hardly the case.


You mean apart from the fact that it's the only editor guaranteed to be on a system in a form that's consistent, right?


----------



## mbs (Dec 1, 2008)

bash/vim-lite/top/netstat/lsof/innotop/du/df/telnet

Of course, I could add cd and make to this list in order to install new ports


----------



## MorgothV8 (Dec 2, 2008)

vim + gcc (couple of years) and still using...


----------



## braveduck (Dec 4, 2008)

> You mean apart from the fact that it's the only editor guaranteed to be on a system in a form that's consistent, right?



Actually, the only editor guaranteed to be on any *nix/Linux system is ED,
which is quite awesome  I'm a strong advocate of ED


----------



## paulfrottawa (Dec 5, 2008)

The Hand Book

ps: from all these responses about editors you can tell the command line is very popular.


----------



## anomie (Dec 5, 2008)

braveduck said:
			
		

> I'm a strong advocate of ED



I found this essay to be pretty amusing: 
http://www.dina.kvl.dk/~abraham/religion/ed-standard



> Let's look at a typical novice's session with the mighty ed:
> 
> golem> ed
> 
> ...


----------



## bsddaemon (Dec 5, 2008)

If you like ed, you probably enjoy reading this article, too

The tale of Ed, Sed, and an ignorant FreeBSD hacker

It was well written, I just dont understand why there is flash in that page :S


----------



## davehouston (Dec 5, 2008)

For me its got to be nano, mtr (excellent program!) and don't think I have seen them mentioned and don't see many people using them 'popd & pushd' be lost without them both! :e


----------



## Oko (Dec 5, 2008)

braveduck said:
			
		

> Actually, the only editor guaranteed to be on any *nix/Linux system is ED,
> which is quite awesome  I'm a strong advocate of ED


Quite right. Linux version of vi is vim (which I do not like) while
bsd version is nvi (new vi editor). Heirloom vi (SUN's vi) is the closest thing to real vi. But Bill Joe is owner of SUN so that should not be surprise. 

I like ed very much myself although I have honestly to admit that I use mostly nvi.


----------



## jandrese (Dec 9, 2008)

Pretty much everything I like has been mentioned already, save for one that has been left with but a fleeting mention:

watch(1)

I use this all of the time since I tend to leave console processes running while I go out and do something else.  Maybe I'm at a friends house and notice that a portupgrade is sitting at a configuration window.  No need to restart the process (which can be hairy if you're using -R or -r), just watch(1) the terminal and answer whatever it's asking.  

Or maybe I want to idle on an IRC channel with just one client?  Start the client on a vty and whenever you want to interact just ssh into the box, watch(1) the vty, and go.

Maybe I want to be really paranoid about restarting a firewall config when connected remotely and watch a local vty to run the restart.  

Or I'm in X and can't switch to the vtys thanks to the new X.org and nVidia driver not honoring ctrl-alt-fx, yet I want to run something on the console?  Watch solves that problem as well.


----------



## sverreh (Dec 9, 2008)

jandrese said:
			
		

> Or I'm in X and can't switch to the vtys thanks to the new X.org and nVidia driver not honoring ctrl-alt-fx, yet I want to run something on the console?  Watch solves that problem as well.



Well, that explains the problem I have had since updating to 7.0 and the new X.org! I can't get to the console, and couldn't find out why. I have nVidia driver. Thanks a lot! :e

Can you give some details on how watch is used to get to the console. I read the manual, but to be honest, I didn't understand too much of it.


----------



## bsddaemon (Dec 9, 2008)

sverreh said:
			
		

> Can you give some details on how watch is used to get to the console. I read the manual, but to be honest, I didn't understand too much of it.



You can get vt pseudo name from */etc/ttys*, then as root, run watch. For example:



> # watch ttyv0



^G to exit watch


----------



## Pushrod (Dec 10, 2008)

Netcat (nc) and perl.


----------



## liamjfoy (Dec 10, 2008)

danger@ said:
			
		

> hey guys, you don't watch your logs?
> 
> tail -f *.log



Nods.


----------



## liamjfoy (Dec 10, 2008)

OpenSSH is clearly the winner here - by miles.


----------



## r-c-e (Dec 12, 2008)

I've been using bruteblock a lot recently for stopping bruteforce attacks on sshd. Regexp patterns are nice for custom items.


----------



## GD (Dec 19, 2008)

*Porteasy to update and install ports.*

*porteasy* (in ports-mgmt category)

-i can pull a port  not having to have the entire ports tree in /usr/ports. You have ONLY the ports you install !


----------



## bsddaemon (Dec 19, 2008)

I like porteasy very much. Not much exaggeration to say it is a must have tool if the HDD space is precious. 

Btw, a CVS server is needed when running *porteasy*, Im just wondering what is happenning to CVS servers in US and Japan? I always struggle to connect to them :S


----------



## cajunman4life (Dec 19, 2008)

danger@ said:
			
		

> hey guys, you don't watch your logs?
> 
> tail -f *.log



Of course you mean tail -F (for those of us who rotate logs  )


----------



## Dara (Dec 23, 2008)

cvsup, vi, sed/awk, netstat, sockstat, mytop and in the center of it all Hobbit (xymon..)


----------

