I have an article up over at WServerNews, an online newsletter for Windows sysadmins. My article is a collection of anecdotes, each with a little moral lesson at the end.
Lest anyone think I'm a Windows bigot, I wanted to follow up that article with some quick prescriptive guidance for Unix system administrators.
Opportunity 1: Apply Software Updates
Ever since Windows for Workgroups, Windows SAs have been leagues ahead of Unix SAs in patching. This is born out of necessity: Windows systems have to manage floors of buggy workstations that get viruses daily. Your Unix systems don't give you as mature a tool set as they have.
All good system administrators know how to use rpm, pkgadd, apt-get or whatever to bring a system up to current. Figure out (and document) how to roll back an update for a system or even just a package. Write a script that reports the last date a system was patched and incorporate it into your system monitoring solution.
You might even want to learn how to use Puppet or cfengine to automate configuration changes.
Opportunity 2: Review Logs
Unix admins have grep and grep goes a long way, but when grep doesn't cut it anymore, you will want to stand up a log server like splunk or a SIEM like OSSIM.
Opportunity 3: Change Default Passwords
This is pretty universal. Read your software docs and check the password lists here and here.
No comments:
Post a Comment