January 04, 2014, 6:22 PM — Unix sysadmins generally lead very busy lives, but there's always room to be more effective and make better use of the time you have. Here are 14 things to do, not do or improve in 2014.
Be ever vigilant. The threats to our systems get worse every year and Unix systems are not as immune from attack as many of us would like to believe. Learn the basics of Unix hardening. Many have been around for decades. SansFire offers some great classes and there are numerous resources online. I'll be reviewing some hardening techniques in this year's postings. Use SELinux if your distribution supports it. It provides a strong security defense with remarkably little effort on your part.
Be on the lookout for signs of compromise on the systems you manage. Find a way to review log files that helps you notice unusual things so that problems don't sneak up on you. If you don't have funds to buy a pricey log file analyzer, prepare a script or use one of the fine free tools like logwatch -- a general-purpose log file parsing tool (a package of Perl scripts) to provide routine stats so that you have an idea what's going on even when nothing seems to be malfunctioning. In any case, don't ignore your logs! I can't tell you how many times I have helped someone track down a problem only to find that there were signs of trouble showing up in their log files for months before they noticed anything was wrong. Try to spot the unusual, to recognize what's normal and what's not.
Use iptables or some other reliable firewall on your Linux systems. Limit access to your critical servers. Pay attention to your firewall rules. Make sure only the required ports are available for access and only to the systems or subnets that require them. Block everything else.
Change your passwords and ensure your users change theirs. Stop using the same password for every system you manage. Both Linux and Solaris systems offer password complexity as well as password expiration settings that prevent your users from setting themselves up with weak passwords. Use them. Stop logging in as root. Use sudo, customize your sudoers file so that it works well for you. Take the concept of least privilege seriously.
Don't use pipes when there's a command option that does the same thing. No, the milliseconds you save on most commands won't make much difference, but your commands will look better and work better and you'll be more efficient on the command line. Read a man page now and then and try some of the options that you've never used. It took me years to realize that I didn't have to grep word myfile | wc -l, but could use grep -c word myfile instead.
If you don't prepare scripts to make your job easier, start doing so. If you do, make sure your scripts are documented and easy to find. No point writing a new script from scratch if you can reuse clever code from an existing one.
flickr / robstephaustralia