About | Tools | Resources

Tools for sysadmins

Free software created by BSD Consulting:

NameLast updatedSupported OS/OS ReleaseDescription
sshblock 1.0 2006-11-27> * SSHBlock is a daemon to monitor a syslog log for break-in attempts using SSH, and to automatically block bad hosts by adding lines to /etc/hosts.allow (TCP Wrappers). Several thresholds are pre-defined, to be able to block those trying many attempts within a longer or shorter period. Use -h to see command line options.
simplemon 1.3a 2003-08-19 Solaris 2.x, FreeBSD, Linux Perl script for monitoring processes (and their UID/GID) and free disk space. It generates carefully formatted mail, which is suitable for sending via SMS. It currently supports Solaris, FreeBSD, and Linux.
mutt-ldap.pl 2005-02-24 * Perl script to look up mail addresses in Active Directory/Exchange directly from mutt. LDAP based.
lmon 1.2 2005-05-19 Solaris 2.x, FreeBSD, Linux A Perl-based real time log monitoring solution for near real-time monitoring of logs, sending e-mail alerts upon known or unknown data. README here.
cloneboot.sh 1.0 2003-03-19 FreeBSD 4.x Script to clone disks. Intented for cloning a primary (OS) boot disk to an identical secondary one. First time, run it using cloneboot.sh init manually, then set it up to run with no parameters in cron. Remember to adjust the sourcedisk and destdisk variables.
netlink 1.0 2004-05-12 Solaris 2.x Script/startup-script to set and/or check duplex/media settings on Ethernet NICs.
fix.sh 1.0 2004-05-12 Solaris 2.8, 2.9 Script to strip down services in Solaris systems + do network tuning & hardening. It includes nddconfig and fixmodes from www.sun.com/security/ somewhere and nettune from www.sean.de/Solaris/. Run like this: ./fix.sh auto. Run it again if you patch your system, in case the patches re-enables scripts previously set up to not run. Fix-modes and friends are left in /opt/fixit for your convinience, should you need to reverse its/their actions. I recommend copying fix.sh there as well. Adjust what services you want turned on by editing /etc/startup.conf. Also walk through /etc/inetd.conf to see if there is anything you want on (requires INETD=YES in startup.conf). The script is intended to be run once to do "all" basic security tweaking in one shot, particularly suited for being a part of an automated install environment (Jumpstart). The script requires Perl with MIME::Base64 in your PATH, trying /usr/local/bin first. Your comments, ideas etc. are very welcome!

Useful tools created by others: